HP CIFS Server and Kerberos

Chapter 4 Solution Configuration(s)

Configuring Kerberos for HP CIFS Server requires synchronizing system configuration files for

interoperability between the solution components, as well as the Windows domain and the HP-UX

server.

4.1 HP CIFS Server

The two primary configuration files are smb.conf and krb5.conf.

/etc/opt/samba/smb.conf /etc/krb5.conf

[global]

workgroup = HPATC2003

realm = HPATC2003.HP.COM

netbios name = atcux5

server string = Samba Server

interfaces = 15.43.214.58

bind interfaces only = Yes

security = ADS

password server =

hpatcwin2k4.hpatc2003.hp.com

[libdefaults]

default_realm = HPATC2003.HP.COM

default_tkt_enctypes = DES-CBC-MD5

default_tgs_enctypes = DES-CBC-MD5

[realms]

HPATC2003.HP.COM = {

kdc = HPATCWIN2K4.HPATC2003.HP.COM:88

admin_server = HPATCWIN2K4.HPATC2003.HP.COM

}

[domain_realm]

.hp.com = HPATC2003.HP.COM

[logging]

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log

default = FILE:/var/log/krb5lib.log

The parameters in the files above are from an actual operating system, and they match the values

that are displayed in the traces and logs that are used in most of the (many) subsequent examples

that are shown later.

The smb.conf “realm =” value and the krb5.conf “default_realm =” are synonymous with the Active

Directory DNS domain name. Microsoft states in the Q article 248807

(http://support.microsoft.com/?kbid=248807):

Note: All Windows 2000 domains are also Kerberos realms. However the realm name is always the all

uppercase version of the domain name. There is no way to have a Kerberos realm name that is different

from the domain name.

An easy source for the domain-realm name is the KDC or domain controller My Computer properties

tab: