HP CIFS Server 3.0f Administrator's Guide verison A.02.03

Configuring HP CIFS Server with Winbind
You must set up and configure your HP CIFS Server to use the winbind feature support.
Winbind Configuration Parameters
Table 7-1 shows the list of global parameters used to control the behavior of winbind. These parameters
are set in the /etc/opt/samba/smb.conf file in the [global] section.
Table 7-1 Global Parameters
DescriptionParameter
This string variable specifies the separator to separate domain name and user name. For
example,winbind separator = \
.
winbind separator
This integer variable specifies the UID range for domain users. For example, idmap uid
= 5000060000
idmap uid
This integer variable specifies the GID range for domain groups. For example, idmap
gid = 5000060000
idmap gid
This is a boolean variable. Specifies Yes to allow enumeration of winbind users, and No
to disallow enumeration of winbind users. By default, this parameter is set to No.
winbind enum users
This is a boolean variable. Specifies Yes to allow enumeration of winbind groups, and
No to disallow enumeration of winbind groups. By default, this parameter is set to Yes.
winbind enum groups
This string variable specifies the type of the idmap backend is used. If an LDAP backend
is used to maintain SID to UID / GID mappings on a common LDAP backend instead of
the local idmap tdb file, the syntax is idmap backend = <ldap server name>. For
example, idmapbackend = ldap://ldapserverA.hp.com. If the idmap_rid
facility is used to provide a unique mapping of Windows SIDs to local UNIX UIDs and
GIDs across multiple CIFS servers, the syntax is idmap backend = idmap_rid:<domain
name>=<idmap_rid range>. For example, idmap backend
=idmap_rid:DomainA=5000060000.
idmap backend
This integer variable specifies the number of seconds the winbindd daemon caches user
and group information before querying a Windows NT server again. The default value is
300.
winbind cache time
This boolean variable specifies whether the winbindd daemon operates on users without
domain component in their username. Users without a domain component are treated as
a part of the winbindd server's own domain. The default setting is No.
winbind use default domain
This string variable specifies the winbind users a home direcotry. For example, template
homedir = /home/%D/%U
template homedir
This string variable specifies the winbind users a login shell. For example, template
shell = /shin/ksh.
template shell
Unsupported Parameters or Options
Table 7–2 shows the parameters or options which are not supported by the HP CIFS Server.
Table 7-2 Unsupported Parameters or Options
This string variable control how winbind retrieves name service information to construct
a user's home directory and login shell. Only the template option is functional, the SFU
option is not supported by HP CIFS Server. If set to template, winbind constructs a user's
home directory and login shell using the parameters of template shell and
templatehomedir. The default setting is template
winbind nss info
This is a boolean variable. If set to yes, this parameter activates the support for nested
groups. Nested groups are also called local groups or aliases. Nested groups are defined
locally on any machine (they are shared between DC's through their SAM) and can contain
users and global groups from any trusted SAM. To be able to use nested groups, you need
to run nss_winbind. This parameter is not yet supported by HP CIFS Server. You may
consider to use net groupmap. Refer to net groupmap help for detailed information.
winbind nested groups
Configuring HP CIFS Server with Winbind 107