HP CIFS Server and Encrypting Client Connections
Overview
Configuring an encrypted SMB session is often referred to as "tunneling", and usually employs Secure
Shell (SSH) on the client and server. The following deployment uses an SSH client (Putty) on Windows
Vista, and HP-UX SSH on the HP CIFS Server. Kerberos authentication is used for the Windows
domain user access.
HP CIFS Server (Samba) is highly configurable and flexible, and thus has many possible configuration
scenarios. The following tunneling deployment is shown using Windows Active Directory as the
authenticating domain, and the HP CIFS Server (and HP-UX) participating in the domain under Unified
Login domain membership. Details on Kerberos authentication of HP CIFS Server and Unified Login
can be retrieved from the following whitepapers:
http://www.docs.hp.com/en/14985/HPCIFSKerberosV105.pdf
http://www.docs.hp.com/en/15204/CIFSUnifiedLogin.pdf
The following configuration components are used for this example of SMB SSH tunneling:
HP-UX 11iv3
HP CIFS Server version A.02.04 (Samba 3.0.30)
HP CIFS Server version A.02.03.04 (Samba 3.0.22 plus various fixes up to 3.0.28a)
HP CIFS Server Unified Login Configuration
Windows 2003R2 Active Directory Domain
Windows Vista SP1
Putty version 0.60
Mozilla version 3.0.8