HP CIFS Server and Kerberos

default = FILE:/var/log/krb5lib.log

If the /etc/keytab.krb5 file needs to be regenerated (by a “net ads create keytab”) then the

/etc/krb5.conf file must be edited to include the WRFILE attribute to the default_keytab_name

parameter. After the krb5.keytab is created, the krb5.conf file should be re-edited to remove WRFILE

for INET Services interoperation.

5.2 krb5.keytab Configuration Script

# swlist -l product | grep -i krb

KRB-Support B.11.11 Kerberos Support for HP-UX and DCE

KRB5-Client B.11.11 Kerberos V5 Client Version 1.0

KRBS-Support B.11.11.13 Kerberos Support v1.11

PHSS_31163 1.0 KRB5-Client Version 1.0 cumulative

patch

krb5client B.11.11.02 Kerberos V5 Client Version 1.3.5

# net ads status

servicePrincipalName: CIFS/atcux5.hpatc2000.hp.com

servicePrincipalName: CIFS/atcux5

servicePrincipalName: HOST/atcux5.hpatc2000.hp.com

servicePrincipalName: HOST/atcux5

userAccountControl: 2166784

userPrincipalName: HOST/atcux5@HPATC2000.HP.COM

# more /etc/hosts

127.0.0.1 localhost loopback

15.43.211.69 atcux1.rose.hp.com atcux1

15.43.212.197 atcux2.rose.hp.com atcux2

15.43.212.199 atcux3.rose.hp.com atcux3 atcux3.atc

15.43.213.61 atcux4.rose.hp.com atcux4

15.43.214.58 atcux5.hpatc2000.hp.com atcux5

15.43.214.68 atcux6.rose.hp.com atcux6

15.43.209.163 atcux7.rose.hp.com atcux7

15.43.209.167 atcux8.rose.hp.com atcux8

15.43.209.168 atcux9.rose.hp.com atcux9

# more /etc/nsswitch.conf

passwd: files ldap

group: files ldap

hosts: files dns

services: files

networks: files

protocols: files

rpc: files

publickey: files

netgroup: files

automount: files

aliases: files

# more /etc/opt/samba/smb.conf

[global]

workgroup = HPATC2000

realm = HPATC2000.HP.COM