Manualshelf

HP-UX HB v13.00 Ch-20 - CIFS

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Virtual Server Operating Environment (VSE-OE) LTU
12345678910
HP-UX Handbook Rev 13.00 Page 9 (of 40)
Chapter 20 CIFS
October 29, 2013
encrypt passwords = yes # must be yes for actual Windows versions
security = ads # if Kerberos should be used, choose ads
workgroup = gel2000 # ADS domain name
realm = GEL2000.GRC.HP.COM # the same realm that you ADS is,
and which is in /etc/krb5.conf
netbios name = picard # hostname or netbios name,
be sure DNS can resolve it
server string = CIFS Server 3 # just how samba presents itself
password server = grcdg227, * # it is useful to name the KDC first
wins server = 15.140.145.16 # Wins is very useful in large environments
name resolve order = wins bcast # recommended resolve order
Use man smb.conf (or help offered in swat) to read about the available values. Use the ‘testparm’
command to check the syntax and unknown parameters in the smb.conf file.
Now you should check the /etc/krb5.conf:
[libdefaults]
default_realm = gel2000
kdc_req_checksum_type = 2
[realms]
GEL2000.GRC.HP.COM = {
kdc = grcdg227.grc.hp.com
}
[domain_realm]
.grc.hp.com = gel2000
[logging]
kdc = FILE:/var/log/krb5kdc.log
The password server in smb.conf, and kdc in krb5.conf should have the same Windows ADS
domain controller specified. It might be helpful (not mandantory) to choose the Operations
Master” for this.
Stop samba and (re-)move the /var/opt/samba/private/sectrets.tdb, then you should be able to join
the domain by:
# net ads join -w gel2000 -U administrator
administrator's password: <enter domain admin password here>
Successfully joined domain gel2000.
If the computer account is not yet there it will be created. If it exists it should be reset
automatically. You should be able to start samba now and test connections to the shares from
the Windows clients.
If you get errors like:
[2004/11/19 09:06:41, 0] libads/kerberos.c:ads_kinit_password(135)
kerberos_kinit_password administrator@GEL2000.GRC.HP.COM failed:
Can't open/find Kerberos configuration file
[2004/11/19 09:06:41, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Can't open/find Kerberos configuration file
or
[2004/11/19 11:31:43, 0] libads/kerberos.c:ads_kinit_password(135)