HP CIFS Server 3.0f Administrator's Guide verison A.02.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

121

122

123

124

125

126

127

128

129

130

Windows Domain Model

You can use the Windows Domain Model in environments with the following characteristics:

• Deploy Windows NT4, Windows 200x Mixed Mode, or Windows 200x ADS servers (with NetBIOS

enabled).

• Support for any number of HP CIFS servers that provide file and print services for corresponding numbers

of users. It requires HP-UX LDAP Integration Client software for ADS domain member servers.

• Access to an LDAP-UX Netscape Directory Server as the backend storage for larger deployments to

maintain winbind ID maps across multiple HP CIFS Servers.

The Windows Domain Model provides the following benefits:

• Support for Windows domain member single sign on, network logon, and Windows account

management system.

• Support for easy user management across multiple HP CIFS servers by using winbind.

• Easy expansion capability.

Figure 9-6 shows the Windows Domain Deployment Model as follows:

Figure 9-6 Windows Domain

Windows NT

or Windows

ADS/PDC

HP CIFS

Member

Server

LDAP

ldap-ux client

winbind daemon

libnss_winbind

idmap.tdb

idmap backend

windows

users

BDC

windows

users

idmaps

winbind

= ldap

In the Windows Domain Model, HP CIFS Server can join to a Windows domain as a member server with

Windows NT or Windows 200x domain controllers. HP CIFS Server supports winbind to provide UID and

GID mappings for Windows users. For a larger deployment environment, you can use the LDAP directory

to maintain unique ID maps across multiple HP CIFS Servers.

Components for Windows Domain Model

HP CIFS Server supports the NTLMv1/NTLMv2 security used for NT domain membership and Kerberos

security used for Windows 2000/2003 native membership, so HP CIFS Servers can be managed in any

Windows 2000/2003 ADS, Windows 200x mixed mode, or NT environment. HP CIFS Server does not

support a true SAM database and can not participate as a domain controller in an Windows NT, Windows

2000 or Windows 2003 domain. HP CIFS supports winbind, which can be used to avoid explicitly

allocating POSIX users and groups for Windows users and groups mapping. Winbind provides UID and

GID generation and mapping for Windows users. Set smb.conf parameters to idmap uid = <uid

range> and idmap gid = <gid range>. See Chapter 7 “Winbind Support” for detailed information

on winbind. When you deploy multiple HP CIFS Servers, you can use the LDAP directory to maintain unique

ID maps across multiple systems. Otherwise, user mapping will not be consistent from system to system when

Windows Domain Model 129