Manualshelf

HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
919293949596979899100
92
8.1.2 klist (HP-UX)
klist at the HP-UX prompt displays the current ticket cache for the session. This is helpful to observe
the ticket that is issued from the KDC in the kinit command. See the kinit example above for klist
output.
klist is also useful for verifying that a particular user on HP-UX is accessible from the KDC. If a user
“buffy” is attempting a Windows login to the HP CIFS Server, then the user must be able to
authenticate. A simple kinit and klist at the HP-UX prompt will verify that Kerberos is working
correctly on HP-UX for the user buffy.
Note that the klist tool for a Windows client is a separate tool, and is described later in the tools
chapter.
8.1.3 net ads status
“net ads status” is a Samba 3.0 command line tool. It displays a variety of CIFS Server data as it is
configured on the computer object in the Windows Active Directory. The information that we are
interested in is:
distinguishedName: CN=atcux5,CN=Computers,DC=hpatc2000,DC=hp,DC=com
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=hpatc2000,DC=hp,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
objectGUID: a25630f8-482e-42b7-9a02-0fc0cc21a61f
objectSid: S-1-5-21-1214440339-1715567821-682003330-1144
operatingSystem: Samba
operatingSystemVersion: 3.0.7 based HP CIFS Server A.02.01
primaryGroupID: 515
pwdLastSet: 127524621580312500
name: atcux5
sAMAccountName: atcux5$
sAMAccountType: 805306369
servicePrincipalName: CIFS/atcux5.hpatc2000.hp.com
servicePrincipalName: CIFS/atcux5
servicePrincipalName: HOST/atcux5.hpatc2000.hp.com
servicePrincipalName: HOST/atcux5
userAccountControl: 2166784
userPrincipalName: HOST/atcux5@HPATC2000.HP.COM
Of particular interest is the userAccountControl (discussed later in the “Joining the Domain” topic) and
the servicePrincipalName.
These are the default service principals added by Samba during the domain join. If the service
principals are different, the next step is to find out how and why they were added by the ADS
administrator.