HP CIFS Server Administrator's Guide Version A.03.01.01 (5900-1282, May 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

Configuring krb5.keytab...................................................................................................112

9 HP CIFS Deployment Models....................................................................114

Introduction..........................................................................................................................114

Samba Domain Model..........................................................................................................114

Samba Domain Components.............................................................................................117

HP CIFS Server Acting as a PDC...................................................................................117

HP CIFS Server Acting as a BDC...................................................................................117

HP CIFS Acting as the Member Server...........................................................................118

An example of the Samba Domain Model...........................................................................118

A Sample smb.conf File For a PDC................................................................................118

Configuration Options.................................................................................................119

A Sample smb.conf File For a BDC................................................................................120

Configuration Options.................................................................................................120

A Sample smb.conf File for a Domain Member Server.....................................................120

Configuration Options.................................................................................................121

A Sample /etc/nsswitch.ldap File..................................................................................121

Windows Domain Model......................................................................................................122

Components for Windows Domain Model...........................................................................123

An Example of the ADS Domain Model..............................................................................123

A sample smb.conf file For an HP CIFS ADS Member Server.............................................123

A Sample /etc/krb5.conf File.......................................................................................125

A Sample /etc/nsswitch.conf File..................................................................................125

An Example of Windows NT Domain Model.......................................................................126

A Sample smb.conf File for an HP CIFS Member Server...................................................126

Unified Domain Model..........................................................................................................128

Unified Domain Components.............................................................................................129

HP CIFS Acting as a Windows 200x ADS Member Server...............................................129

Setting up the Unified Domain Model.................................................................................129

Setting up LDAP-UX Client Services on an HP CIFS Server......................................................129

Installing and Configuring LDAP-UX Client Services on an HP CIFS Server...........................129

Configuring /etc/krb5.conf to Authenticate Using Kerberos..............................................130

Installing SFU 3.5 on a Window 2000 or 2003 Domain Controller........................................130

An Example of the Unified Domain Model..........................................................................130

A sample smb.conf file For an HP CIFS Member Server....................................................131

A Sample /etc/krb5.conf File.......................................................................................131

A Sample /etc/nsswitch.conf File..................................................................................132

10 Securing HP CIFS Server........................................................................133

Security Protection Methods...................................................................................................133

Restricting Network Access................................................................................................133

Using Host Restrictions.................................................................................................133

An Example...........................................................................................................133

Using Interface Protection.............................................................................................133

Interface Protection Example....................................................................................133

Using a Firewall..........................................................................................................134

Using an IPC$ Share-Based Denial................................................................................134

Protecting Sensitive Information..........................................................................................134

Encrypting Authentication.............................................................................................134

Protecting Sensitive Configuration Files...........................................................................135

Using %m Name Replacement Macro With Caution.............................................................135

Restricting Execute Permission on Stacks..............................................................................136

Restricting User Access.....................................................................................................136

Automatically Receiving HP Security Bulletins............................................................................136

Reporting New Security Vulnerabilities................................................................................137

Contents 7