Manualshelf

HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
11121314151617181920
13
The “net ads join” has added 5 new Kerberos Principals to the Active Directory for the HP CIFS Server.
The “net ads status” command displays the new Principals:
# net ads status -U administrator | grep Princ
administrator's password:
userPrincipalName: HOST/atcux5@HPATC2003.HP.COM
servicePrincipalName: CIFS/atcux5.hpatc2003.hp.com
servicePrincipalName: CIFS/atcux5
servicePrincipalName: HOST/atcux5.hpatc2003.hp.com
servicePrincipalName: HOST/atcux5
4.4 Kerberos CIFS Server Client Authentication Example
After starting the CIFS Server (/opt/samba/bin/startsmb), test the Kerberos authentication by
mounting a share from the HP CIFS Server.
Here is a quick review of a typical Kerberos logon and share service exchange.
1. User Netlogon, is authenticated into domain. In this case, the KDC and DC are the same
2. User maps share to CIFS/Samba server, gets encrypted ticket for CIFS server service from
KDC
2a. Client presents ticket to CIFS/Samba server, which decrypts ticket and authorizes access