HP CIFS Server Administrator's Guide (5900-1282, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

121

122

123

124

125

126

127

128

129

130

• SFU 3.5 on Windows 2000 or 2003 Domain Controller

• Install, Configure and Join the HP CIFS Server to the SFU enabled Windows 200x domain.

See “Windows 2003 and Windows 2008 Domains” (page 68) for details on configuting

and joining the HP CIFS Server to the Windows domain.

Setting up LDAP-UX Client Services on an HP CIFS Server

In the Unified domain model, you integrate HP CIFS domain member servers with the Windows

200x ADS to centralize managemnt of user accounts databases. You must install the HP LDAP-UX

integration software B.03.20 or later, and configure the LDAP-UX client.This permits the consolidation

of Posix and Windows user accounts on the ADS directory.

You also need to configure the /etc/krb5.conffile to authenticate users using Kerberos.

Installing and Configuring LDAP-UX Client Services on an HP CIFS Server

The following summarizes major steps you need to take to install and configure an LDAP-UX Client

Services. For detailed instructions on how to install and configure LDAP-UX Client Services to work

with Windows 2000 ADS, refer to chapter 2, "Installing LDAP-UX Client Services" in LDAP-UX

Client Services with Microsoft Windows 2000 Active Directory Server Administrator's Guide,

available at http://docs.hp.com.

1. Install LDAP-UX Client Services on each HP CIFS member server.

2. Migrate your supported name service data to the directory. Refer to the section, "Importing

Name Serice Data into Your Directory" in LDAP-UX Client Services with Microsoft Windows

2000 Active Directory Server Administrator's Guide, available at http://docs.hp.com.

3. Run the setup program to configure LDAP-UX Client Services on a client system. Setup does

the following for you:

• Extends your Active Directory schema with the configuration profile schema, if not already

done.

• Creates a start-up file on the client. This enables each client to download the configuration

profile.

• Creates a configuration profile of directory access information in the directory, to be

shared by a group of (or possibly all) clients.

• Downloads the configuration profile from the directory to the client.

• Starts the product daemon, ldapclientd.

4. Modify the files /etc/pam.conf and /etc/nsswitch.conf on the client to specify

Kerberos authentication and LDAP name service, respectively.

Configuring /etc/krb5.conf to Authenticate Using Kerberos

On your HP CIFS Server, you need to create the Kerberos configuration file, /etc/krb5.conf,

which specifies the default realm, the location of a Key Distribution Center (KDC) server and the

logging file names. The Kerberos client depends on the configuration to locate the realm's KDC.

The following is an example of /etc/krb5.conf which has the realm

CIFSW2KSFU.ORG.HP.COM, and machine hostA.org.hp.com as a KDC:

[libdefaults]

default_realm = CIFSW2KSFU.ORG.HP.COM #Samba Domain

default_tkt_enctypes = DES-CBC-CRC

default_tgs_enctypes = DES-CBC-CRC

ccache_type = 2

[realms]

CIFSW2KSFU.ORG.HP.COM = {

kdc = hostA.org.hp.com:88

admin_server = hostA.org.hp.com }

Unified Domain Model 129