Manualshelf

HP CIFS Server 3.0k Administrator's Guide version A.02.04

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
111112113114115116117118119120
below to customers who have multiple CIFS member servers connected to a Windows
Active Directory Server (ADS) environment.
Advantages
The advantages of using the shared sambaUnixIDPool method are as follows:
UIDs and GIDs are unique across all domain member servers that access this LDAP
database.
Native non-winbind users can be authorized using the POSIX objectclass and LDAP
PAM module from the same LDAP database.
The database can be replicated. Replication reduces the likelihood of data loss and
provides backup servers if the primary server is unavailable.
A single LDAP database can provide consistent ID data for a large number of
domain member servers and greatly reduces network traffic and the load on domain
and trust Domain Controllers.
ID mapping
Winbind creates mappings between given Windows SIDs and corresponding HP-UX UIDs
and GIDs. Winbind uses one of the methods described above to create a mapping between
HP-UX UIDs/GIDs and Windows SIDs. With a Windows SID, winbind either finds the
existing UID and GID map or creates a new map if none currently exits.
Identity storage
Winbind maintains a database where it stores the mappings between HP-UX UIDs and GIDs
and Windows SIDs. In the simplest case, winbind maintains the database in a local Trivial
Data Base (TDB) file called winbind_idmap.tdb. If the idmap backend parameter in
smb.conf has been specified as ldap:ldap://<ldap server name>:[389], then
instead of using a local mapping file, winbind maintains the ID mapping data in the Directory
Server database. It is important to back up the data often, particularly if you use a solution
other than the idmap rid method. Refer to the tdbbackup man page for detailed information
about TDB file backup.
Winbind Features 111