HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

1. Optionally, ensure that each user of the directory server obtains and installs a personal

certificate for all LDAP clients that will authenticate with SSL.

Downloading the certificate database from the Netscape Communicator is one way to set up

the certificate database into your LDAP-UX Client.

The certificate database files, cert7.db and key3.db, will be downloaded to either

/.netscapeor /.mozilla/default/*.slt directory on your client system depending

on the version of Netscape Communicator that you use. If you download the Certification

Authority certificate using Netscape Communicator 7.0, the certificate database files,

cert7.db and key3.db, will be downloaded to /.mozilla/default/*.slt directory.

If you download the Certificate Authority certificate using Netscape Communicator 4.75, the

certificate database files, cert7.db and key3.db, will be downloaded to /.netscape

directory.

After you download the certificate database files, cert7.db and key3.db, on your client,

you need to create a symbolic link /etc/opt/ldapux/cert7.db that points to

cert7.dband /etc/opt/ldapux/key3.db that points to key3.db.

For detailed instructions on how to install Certification Authority's certificate on your LDAP-UX

client system, see "Configuring LDAP Clients to Use SSL" section of the "Installing LDAP-UX

Client Services" chapter in LDAP-UX Client Services B.03.20 Administrator's Guide at

http://docs.hp.com

2. Configure the LDAP-UX client services to use SSL by running the setup program. For detailed

instructions on how to run the setup program to enable SSL on LDAP-UX client services, see "

Custom Configuration" subsection of the "Installing LDAP-UX Client Services" chapter in

LDAP-UX Client Services B.03.20 Administrator's Guide at http://docs.hp.com.

If the LDAP-UX client services has already been set up, modify the authenticationMethod

and preferredServerList attributes in the /etc/opt/ldapux/ldapux_profile file

as follows:

• Modify the authenticationMethod attribute to add the transport layer security

authentication method, tls:, in front of the original authentication method, simple.

For example, without SSL enabled, the original authenticationMethod entry is

authenticationMethod: simple. With SSL enabled, the authenticationMethod entry

will be authenticationMethod: tls:simple.

• Modify the preferredServerList attribute to change the regular LDAP port number,

389, to the SSL port number, 636.

For example, without SSL enabled, the original preferredServerList entry is

preferredServerList: 1.2.5.20:389. With SSL enabled, the preferredServerList entry

will be preferredServerList: 1.2.5.20:636.

Configuring HP CIFS Server to enable SSL

Configure the following smb.conf parameters to enable SSL:

• For HP CIFS Server A.02.* versions, set the following parameter in the [Global] section of the

smb.conf file:

passwd backend = ldapsam:ldaps://<directory server name>

Where <directory server name> is the fully qualified name of the target directory server.

• HP CIFS Server A.02.03 or later supports the start_tls option to the ldap_ssl parameter.

To enable SSL connections to the directory server, set the following parameters one of the two

ways shown below in the [Global] section of the smb.conf file:

To use the SSL port 636 set:

ldap ssl = yes

Enabling Secure Sockets Layer (SSL) 87