HP CIFS Server 3.0i Administrator's Guide version A.02.03.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

ldap server

This string parameter specifies the host name of the LDAP ADS PDC

Server where you want to store your data.

ldap ssl

This parameter specifies the SSL/TLS support. SpecifyYes to enable

SSL feature using the encrypted port number 636 to connect to the

LDAP ADS server. If you choose to use startTLS, set this parameter

to start_tls using the un-encrypted port number 389 to connect to the

LDAP ADS server. To disable SSL, set it to No. The default value is

No.

ldap port

This parameter specifies the TCP port number used to connect to the

LDAP ADS directory server. By default, this parameter is set to 389.

ssl cert path

This string parameter specifies the file location of the certificate

database files, cert8.db and key3.db. For example, ssl cert

path = /etc/opt/samba. The default value is /etc/opt/ldapux.

workgroup

This parameter specifies the name of domain in which the HP CIFS

Server is a domain member server.

security

When the HP CIFS Server joins to Windows 2000/2003 native mode

domain as a member server, you must set this parameter to ADS.

password server

This parameter defines the NetBIOS name or IP address of the

Windows ADS PDC machine that performs the user name

authentication and validation. The default setting of this parameter

is *. If set to the character *, then Samba will attempt to automatically

locate the Primary Domain Controllers.

encrypt passwords It is an optional parameter. If this parameter is set to yes, the

passwords used to authenticate users are encrypted. The default

value is yes.

netbios name

Set this parameter to the NetBIOS name by which a member server

is known.

Setting Permissions for a User

When using the net ads join command on an HP-UX machine to join an HP CIFS Server to

a Windows 2000/2003 ADS Domain as a member server, a normal user is not allowed to perform

the net ads join command. You must configure a Windows user to have create/delete

computer object permissions.

The following Windows users are allowed to run the net ads join command:

• An administrator

• A user is a member of the ”Administrators”, “Domain Admins", “Enterprise Admins”or

“OU Admins” group in the Windows ADS Domain Controller, who has create/delete

computer object permissions by default.

• A normal user is granted to have create/delete computer object permissions. Without the

privilege, a normal user does not have permissions to create/delete a machine account in

the Windows ADS database for an HP CIFS Server.

Use the following procedures to grant create/delete computer object permissions to a normal

user, cifsuser, as an example on the Windows 2003 ADS Domain:

1. In the Active Directory Users and Computers console, click View and select

Advanced feature.

2. Click on the Computers object and right click on the properties tab.

3. Select the Security tab on the properties window.

4. Click on the Advanced button.

Joining an HP CIFS Server to a Windows 2000/2003 Domain 75