Manualshelf

Integrate Logins with HP CIFS Server, HP-UX, and Windows 2003R2/2008

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
51525354555657585960
60
Appendix D: Configuring For Availability
The Unified Login configuration has several opportunities to configure access to multiple Windows
Domain Controllers and/or KDCs to provide authentication redundancy.
HP CIFS Server
In the smb.conf file, the “password server = *” setting tells Samba to search for the nearest (fastest
responding) Windows Domain Controller. An alternate setting allows for prioritizing the initial DC
attempt: “password server = ATCWINVM1.ATCWIN1.HP.COM, *”. However, when “security =
ADS”, the password server is actually determined by the krb5.conf file, so this setting applies to fall-
through authentication when Kerberos is not working for some reason, and NTLM is attempted as a
backup.
Kerberos
HP-UX can utilize backup KDCs when configured to do so in /etc/krb5.conf. This is accomplished by
listing multiple KDC servers in the following manner:
kdc = ATCWINVM1.ATCWIN1.HP.COM:88
kdc = ATCWINVM2.ATCWIN1.HP.COM:88
kdc = ATCWINVM3.ATCWIN1.HP.COM:88
The KDCs will be accessed in the order that they are listed in krb5.conf. This provides redundancy
for authentication access.
LDAP-UX
LDAP-UX Client Services can be configured to look up user/group attributes in up to three Directory
Servers. These Active Directory servers would typically correspond to the three KDCs that are
configured in the krb5.conf file, as in the example above. This task is completed during the LDAP-UX
setup program: