HP CIFS Server Administrator's Guide Version A.03.01.04 (5900-2303), April 2012

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

Configuring krb5.keytab...................................................................................................112

9 HP CIFS deployment models....................................................................114

Introduction..........................................................................................................................114

Samba domain model...........................................................................................................114

Samba Domain components..............................................................................................117

HP CIFS Server acting as a PDC....................................................................................117

HP CIFS Server acting as a BDC...................................................................................117

HP CIFS acting as the member server.............................................................................118

An example of the Samba Domain model...........................................................................118

A Sample smb.conf file for a PDC.................................................................................118

Configuration options..................................................................................................119

A Sample smb.conf file for a BDC.................................................................................120

Configuration options..................................................................................................120

A Sample smb.conf file for a domain member server.......................................................120

Configuration options..................................................................................................121

A Sample /etc/nsswitch.ldap file..................................................................................121

Windows domain model.......................................................................................................122

Components for Windows domain model...........................................................................123

An Example of the ADS domain model...............................................................................123

A sample smb.conf file For an HP CIFS ADS member server..............................................123

A sample /etc/krb5.conf file........................................................................................125

A sample /etc/nsswitch.conf file...................................................................................125

An example of Windows NT domain model........................................................................126

A Sample smb.conf file for an HP CIFS member server.....................................................126

Unified domain model...........................................................................................................128

Unified domain components..............................................................................................129

HP CIFS acting as a Windows 200x ADS member server.................................................129

Setting up the unified domain model..................................................................................129

Setting up LDAP-UX client services on an HP CIFS Server.......................................................129

Installing and configuring LDAP-UX client services on an HP CIFS Server.............................129

Configuring /etc/krb5.conf to authenticate using Kerberos...............................................130

Installing SFU 3.5 on a Window 2000 or 2003 domain controller.........................................130

An Example of the Unified omain Model.............................................................................130

A sample smb.conf file for an HP CIFS member server.....................................................131

A sample /etc/krb5.conf file........................................................................................131

A sample /etc/nsswitch.conf file...................................................................................132

10 Securing HP CIFS Server........................................................................133

Security protection methods....................................................................................................133

Restricting network access.................................................................................................133

Using host restrictions..................................................................................................133

An example...........................................................................................................133

Using interface protection.............................................................................................133

Interface protection example....................................................................................133

Using a firewall...........................................................................................................134

Using an IPC$ share-based denial.................................................................................134

Protecting sensitive information..........................................................................................134

Encrypting authentication.............................................................................................134

Protecting sensitive configuration files.............................................................................135

Using %m name replacement macro With caution................................................................135

Restricting execute permission on stacks..............................................................................136

Restricting user access......................................................................................................136

Automatically receiving HP security bulletins.............................................................................136

Reporting new security vulnerabilities..................................................................................137

Contents 7