Manualshelf

HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
61626364656667686970
logon home = \\%L\%U
Trust Relationships
Trust relationships enable pass-through authentication to users of one domain in another. A trusting
domain permits logon authentication to users of a trusted domain. There are various forms of trusts,
depending on the domain type and Windows 2000/2003 Domain trusts differ from NT Domain
trusts. For more information on trusts, consult the MS TechNet papers at http://technet.microsoft.com.
For information on HP CIFS Server trust relationships with Windows 2000/2003, see “Windows
2003 and Windows 2008 Domains” (page 68).
HP CIFS Server supports the following external trust relationships with NT Style Domains:
HP CIFS PDCs support external trusts between a Samba and an NT Domain. A CIFS Samba
Domain may be a trusting, trusted, or bi-directional trust (both trusting and trusted or “two
way") domain with an NT Domain.
HP CIFS PDCs support trusts between Samba Domains. A Samba Domain may be a trusting,
trusted, or bi-directional trust domain with another Samba Domain.
HP CIFS Member Servers of either a Samba Domain or an NT Domain will respect the trust
relationships established by their domain controller.
Transitive trusts, in which domain A trusts domain B which trusts domain C thereby domain A trusts
domain C, are not respected by HP CIFS Servers.
Configuring smb.conf for Trusted Users
HP CIFS Server requires an HP-UX local logon for all Samba users. Therefore, even a trusted Samba
user from another domain needs a matching local POSIX user. To allow POSIX users to be added
on-the-fly, set the add user script smb.conf configuration parameter. For Example,
add user script = /usr/sbin/useradd -g users -c "Auto_Account" \
-s /bin/false %u
Establishing a Trust Relationship on an HP CIFS PDC With Another Samba Domain
This section decribes the procedures used to establish a trust relationship on an HP CIFS PDC with
anther Samba Domain.
Logon as root and execute the following steps on the trusted domain PDC:
1. Add a trust account for the trusting domain to /etc/passwd. Add the domain name with
the "$" using useradd command as follows:
$ useradd <trusting domain name>$
Due to the maximum name length of 8 for the useradd command, you may need to edit
/etc/passwd to add the trusting domain name account.
2. Run smbpasswd to add a trusting domain Samba account to your trusted domain backend
database and create a password for the trusting account. This password is used by the trusting
domain when it establishes the trust relationship.
$ smbpasswd -a -i <trusting domain name>
Logon as root and execute the following steps on the trusting domain PDC:
Run net rpc trustdom to establish the trust and type the passoword that was created with
the smbpasswd command on the trusted domain PDC.
$ net rpc trustdom establish <trusted domain name>
66 Windows Style Domains