HP CIFS Server Administrator's Guide Version A.03.01.01 (5900-1282, May 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

111

112

113

114

115

116

117

118

119

120

• Service Pack 1 is recommended for Windows 2003, and required for inter-operation with

Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2 or later

on HP-UX 11i v3.

• HP-UX LDAP-UX Integration product

• Windows 2000, Windows 2003, or Windows 2008 Server domain.

• Windows 2000 or Windows XP Client

Configuring krb5.keytab

Here are the required components to configure HP CIFS Server with HP-UX Internet Services

co-existence:

• Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2 or later

on HP-UX 11i v3.

• /etc/krb5.conf file

• /etc/opt/samba/smb.conf file

• /etc/krb5.keytab file

• net ads keytab create command

The first task is to configure HP CIFS Server for Kerberos authentication and join it to a Windows

domain.

Use the following steps to generate a valid keytab file and to configure an HP CIFS Server to access

the keytab file:

1. Add the default_keytab_name parameter with the FILE attribute in the /etc/krb5.conf

file. The Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2

or later on HP-UX 11i v3 is required for the FILE attribute.

An example of /etc/krb5.conf for HP CIFS Server keytab creation is as follows:

# Kerberos configuration

[libdefaults]

default_realm = MYREALM.HP.COM

default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5

default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5

preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5

[realms]

MYREALM.HP.COM = {

kdc = HPWIN2K4.MYREALM.HP.COM:88

admin_server = HPWIN2K4.MYREALM.HP.COM

}

[domain_realm]

.hp.com = MYREALM.HP.COM

[logging]

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log

default = FILE:/var/log/krb5lib.log

2. To configure the HP CIFS Server to read /etc/krb5.keytab, set the Kerberos method

parameter in the /etc/opt/samba/smb.conf file to dedicated keytab = <keytab

file location>.

NOTE: You can also use the Kerberos method = system keytab parameter to

configure HP CIFS Server without specifying the dedicated keytab file parameter.

An example of /etc/opt/samba/smb.conf is as follows:

[global]

112 Kerberos Support