Manualshelf

HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
121122123124125126127128129130
Downloads the configuration profile from the directory to the client.
Starts the product daemon, ldapclientd.
4. Modify the files /etc/pam.conf and /etc/nsswitch.conf on the client to specify
Kerberos authentication and LDAP name service, respectively.
Configuring /etc/krb5.conf to Authenticate Using Kerberos
On your HP CIFS Server, you need to create the Kerberos configuration file, /etc/krb5.conf,
which specifies the default realm, the location of a Key Distribution Center (KDC) server and the
logging file names. The Kerberos client depends on the configuration to locate the realm's KDC.
The following is an example of /etc/krb5.conf which has the realm
CIFSW2KSFU.ORG.HP.COM, and machine hostA.org.hp.com as a KDC:
[libdefaults]
default_realm = CIFSW2KSFU.ORG.HP.COM #Samba Domain
default_tkt_enctypes = DES-CBC-CRC
default_tgs_enctypes = DES-CBC-CRC
ccache_type = 2
[realms]
CIFSW2KSFU.ORG.HP.COM = {
kdc = hostA.org.hp.com:88
admin_server = hostA.org.hp.com }
[domain_realm]
.org.hp.com = CIFSW2KSFU.ORG.HP.COM
[logging]
kdc = FILE: /var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/opt/KRB5lib.log
Installing SFU 3.5 on a Window 2000 or 2003 Domain Controller
POSIX accounts have some attributes, such as user ID, login shell, and home directory, which are
not used by Windows 2000 or 2003. To use Active Directory as a data repository for HP-UX users,
you must install SFU Version 3.5 on a Windows 2000 or 2003 domain controller. SFU is used to
extend the Active Directory schema to include the POSIX schema. For detailed installation instructions
for SFU 3.5, refer to Chapter 2 "Installing LDAP-UX Client Services", in LDAP-UX Client Services
with Windows 2000 Active Directory Server Administrator's Guide, available at http://docs.hp.com.
For more information on SFU, refer to the Microsoft web site at http://www.microsoft.com/
windows2000/sfu/.
NOTE: You need to install the LDAP-UX Client Services software on an HP CIFS member server
before installing SFU on a Windows 2000 or 2003 domain controller.
An Example of the Unified Domain Model
Figure 9-10 shows an example of the Unified Domain Model which has the realm named
HPCIFSW2KSFU.ORG.HP.COM, an ADS domain controller machine hpntcdn, an HP CIFS Server
machinehostD acting as a member server and the Windows NT machine with IP address
1.13.112.166 as the WINs server.
Unified Domain Model 129