HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Configuring the LDAP-UX Client to use SSL
If you plan to use SSL, you need to install the Certification Authority (CA) certificate on your LDAP-UX
Client and configure the LDAP-UX Client to enable SSL.
Use the following steps to enable SSL on your LDAP client system:
1. Optionally, ensure that each user of the directory server obtains and installs a personal
certificate for all LDAP clients that will authenticate with SSL.
Downloading the certificate database from the Netscape Communicator is one way to set up
the certificate database into your LDAP-UX Client.
The certificate database files, cert7.db and key3.db, will be downloaded to either
/.netscapeor /.mozilla/default/*.slt directory on your client system depending
on the version of Netscape Communicator that you use. If you download the Certification
Authority certificate using Netscape Communicator 7.0, the certificate database files,
cert7.db and key3.db, will be downloaded to /.mozilla/default/*.slt directory.
If you download the Certificate Authority certificate using Netscape Communicator 4.75, the
certificate database files, cert7.db and key3.db, will be downloaded to /.netscape
directory.
After you download the certificate database files, cert7.db and key3.db, on your client,
you need to create a symbolic link /etc/opt/ldapux/cert7.db that points to
cert7.dband /etc/opt/ldapux/key3.db that points to key3.db.
For detailed instructions on how to install Certification Authority's certificate on your LDAP-UX
client system, see "Configuring LDAP Clients to Use SSL" section of the "Installing LDAP-UX
Client Services" chapter in LDAP-UX Client Services B.03.20 Administrator's Guide at
http://docs.hp.com
2. Configure the LDAP-UX client services to use SSL by running the setup program. For detailed
instructions on how to run the setup program to enable SSL on LDAP-UX client services, see "
Custom Configuration" subsection of the "Installing LDAP-UX Client Services" chapter in
LDAP-UX Client Services B.03.20 Administrator's Guide at http://docs.hp.com.
If the LDAP-UX client services has already been set up, modify the authenticationMethod
and preferredServerList attributes in the /etc/opt/ldapux/ldapux_profile file
as follows:
• Modify the authenticationMethod attribute to add the transport layer security
authentication method, tls:, in front of the original authentication method, simple.
For example, without SSL enabled, the original authenticationMethod entry is
authenticationMethod: simple. With SSL enabled, the authenticationMethod entry
will be authenticationMethod: tls:simple.
• Modify the preferredServerList attribute to change the regular LDAP port number,
389, to the SSL port number, 636.
For example, without SSL enabled, the original preferredServerList entry is
preferredServerList: 1.2.5.20:389. With SSL enabled, the preferredServerList entry
will be preferredServerList: 1.2.5.20:636.
Configuring HP CIFS Server to enable SSL
Configure the following smb.conf parameters to enable SSL:
• For HP CIFS Server A.02.* as well as A.03.01.03 versions, set the following parameter in
the [Global] section of the smb.conf file:
passwd backend = ldapsam:ldaps://<directory server name>
Enabling Secure Sockets Layer (SSL) 87