HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Windows domain name specified in step 1. This password is used by the trusting Windows
domain when it establishes the trust relationship.
For example, the following command adds the trusting Windows domain account,
windomainA, to the Samba domain database:
smbpasswd -a -i windomainA$
4. Run net rpc trustdom to establish the trust with the trusted Windows domain.
For example, the following command is used to establish the trust relationship with the trusted
windows domain name, windomainA:
net rpc trustdom establish windomainA
–S <ADS domain controller server name> –U windomainA\\Administrator%pw
5. Use the following command to verify the trust relationship:
net rpc trustdom list -U root/%pw
Establishing a trust relationship on an HP CIFS member server of a Windows 2003
or Windows 2008 domain
HP CIFS Servers will not automatically recognize all intra/inter-forest trusts. CIFS member servers
will recognize most parent-child and child-child relationships and shortcut trusts but you may need
to use Windows Administrators Tool “Active Directory Domains and Trusts” to establish
explicit shortcut trusts where other trusts are desired.
In order for an HP CIFS Member of a Windows 2003 or Windows 2008 Domain to recognize
trusts established by its Domain Server, its /etc/krb5.conf file must declare the trusted domains
in the [realms] section (only – not [domain_realm]). For example, an HP CIFS member of
Windows 2000/2003 Domain, mydom, which trusts trust1dom and trust2dom might have
the /etc/krb5.conf file as follows:
[libdefaults]
default_realm = MYDOM.ORG.HP.COM
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
ccache_type = 2
[realms]
MYDOM.ORG.HP.COM = {
kdc = myserv.mydom.org.hp.com:88
admin_server = myserv.mydom.org.hp.com
}
TRUST1DOM.ORG.HP.COM = {
kdc = trust1serv.trust1dom.org.hp.com:88
admin_server = trust1serv.trust1dom.org.hp.com
}
TRUST2DOM.ORG.HP.COM = {
kdc = trust2serv.trust2dom.org.hp.com:88
admin_server = trust2serv.trust2dom.org.hp.com
}
[domain_realm]
.org.hp.com = MYDOM.ORG.HP.COM
[logging]
kdc = FILE:/var/opt/samba/log.krb5kdc
admin_server = FILE:/var/opt/samba/log.kadmin
default = FILE:/var/opt/samba/log.krb5lib
~
Trust relationships 77