HP CIFS Server 3.0f Administrator's Guide verison A.02.03
Windows user data. See Chapter 6 “LDAP Integration Support” for detailed information on how to set up
LDAP.
WINS is used for multi-subnetted environments. Multi-subnetted environments require name-to-IP-address
mapping to go beyond broadcast limits of a single LAN segment. HP CIFS Server provides WINS server
capabilities, which can be enabled on one node (usually the PDC) for the domain and whose address needs
to be specified in the configuration of the remaining nodes (usually BDCs and member servers). PC client
configurations also can specify the WINS server address to ensure that they are able to join the domain.
Set wins support = yes in smb.conf on one HP CIFS Server to be the WINS server. Set "wins
server = <ip address>" in smb.conf on the rest of the HP CIFS Servers. Because Samba supplied
WINS does not provide for replication, the WINS server can be a single point of failure in the network.
Consider using Serviceguard on the WINS server, using client host files or static caches of NetBIOS names
in DNS servers if high availability requirements are needed.
HP CIFS Server Acting as a PDC
HP CIFS Server configured as a PDC is responsible for Windows authentication throughout the domain.
"security = user" and "domain logons = yes" smb.conf parameters force this behavior.
Single server installations may use smbpasswd or tdbsam password backends, but large installations should
use the LDAP backend to provide centralized management of both Posix users and Windows users. Configure
LDAP with passdb backend = ldapsam:ldap://<ldap server name> or passdb backend =
ldapsam_compat:ldap://<ldap server name>.
An important characteristic of a CIFS PDC is browsing control. The parameter, domain master = yes,
causes the server to register the NetBIOS name <pdc name>1B, where 1B is reserved for the domain master
browser. This name will be recognized by other servers.
When you integrate the HP CIFS Server acting as a PDC with the LDAP directory, you must install the HP
LDAP-UX Integration software and configure the LDAP-UX client. This permits the consolidation of POSIX and
Windows user accounts on the LDAP directory. The LDAP database can replace /etc/passwd and
smbpasswd, and the PDC can access the LDAP directory for Windows authentication.
HP CIFS Server Acting as a BDC
The configuration of BDCs is similar to that of the PDC. This enables BDCs to carry much of the network
logon processing. A BDC on a local segment handles logon requests and authenticates users when the PDC
is busy on the local network. When a segment becomes heavily loaded, the reponsibility is offloaded to
another segment's BDC or to the PDC. Therefore, you can optimize resources and add robustness to network
services by deploying BDCs throughout the network.
If you set the local master parameter to yes in smb.conf, browsing can also be spread throughout
the network.
You can promote a BDC to a PDC if the PDC needs to be taken out of service or fails. To promote a BDC
to a PDC, change the domain masterparameter from no to yes.
The PDC and BDCs use the central LDAP directory to store common POSIX and Windows accounts on the
LDAP directory. When you integrate the HP CIFS Server acting as a BDC with the LDAP directory, you must
install the HP LDAP-UX Integration software and configure the LDAP-UX client. The BDC can access the LDAP
directory for Windows authentication.
HP CIFS Acting as the Member Server
To ensure that there are always sufficient domain controllers to handle authentication and logon requests,
in general, configure BDCs rather than member servers unless there are fewer than about 30 Windows
clients per BDC.
You can join an HP CIFS Server to the Samba Domain.The Windows authentication requests are managed
by the PDC or BDCs using LDAP, smbpasswd or other backend. For detailed information on how to join
an HP CIFS Server to the Samba Domain, see “Domain Member Server” in Chapter 4.
The member server smb.conf configuration differs from that of the PDC and BDC. You must set the security
parameter to domain. This forces the member server to authenticate via the PDC or BDCs. You must set the
password server parameter to the names of the PDC and may also add the names of one or more BDCs.
Set the domain master parameter to no to let the PDC take control. As with the PDC and BDC, you set
the passdb backend parameter to the name of LDAP server to centralize POSIX and Windows account
124 HP CIFS Deployment Models