Manualshelf

HP CIFS Server Administrator's Guide Version A.03.01.04 (5900-2303), April 2012

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
Windows domain name specified in step 1. This password is used by the trusting Windows
domain when it establishes the trust relationship.
For example, the following command adds the trusting Windows domain account,
windomainA, to the Samba domain database:
smbpasswd -a -i windomainA$
4. Run net rpc trustdom to establish the trust with the trusted Windows domain.
For example, the following command is used to establish the trust relationship with the trusted
windows domain name, windomainA:
net rpc trustdom establish windomainA
S <ADS domain controller server name> U windomainA\\Administrator%pw
5. Use the following command to verify the trust relationship:
net rpc trustdom list -U root/%pw
Establishing a trust relationship on an HP CIFS member server of a Windows 2003
or Windows 2008 domain
HP CIFS Servers will not automatically recognize all intra/inter-forest trusts. CIFS member servers
will recognize most parent-child and child-child relationships and shortcut trusts but you may need
to use Windows Administrators Tool Active Directory Domains and Trusts to establish
explicit shortcut trusts where other trusts are desired.
In order for an HP CIFS Member of a Windows 2003 or Windows 2008 Domain to recognize
trusts established by its Domain Server, its /etc/krb5.conf file must declare the trusted domains
in the [realms] section (only – not [domain_realm]). For example, an HP CIFS member of
Windows 2000/2003 Domain, mydom, which trusts trust1dom and trust2dom might have
the /etc/krb5.conf file as follows:
[libdefaults]
default_realm = MYDOM.ORG.HP.COM
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
ccache_type = 2
[realms]
MYDOM.ORG.HP.COM = {
kdc = myserv.mydom.org.hp.com:88
admin_server = myserv.mydom.org.hp.com
}
TRUST1DOM.ORG.HP.COM = {
kdc = trust1serv.trust1dom.org.hp.com:88
admin_server = trust1serv.trust1dom.org.hp.com
}
TRUST2DOM.ORG.HP.COM = {
kdc = trust2serv.trust2dom.org.hp.com:88
admin_server = trust2serv.trust2dom.org.hp.com
}
[domain_realm]
.org.hp.com = MYDOM.ORG.HP.COM
[logging]
kdc = FILE:/var/opt/samba/log.krb5kdc
admin_server = FILE:/var/opt/samba/log.kadmin
default = FILE:/var/opt/samba/log.krb5lib
~
Trust relationships 77