HP CIFS Server 3.0k Administrator's Guide version A.02.04

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

111

112

113

114

115

116

117

118

119

120

Configuring HP CIFS Server with Winbind

You must set up and configure your HP CIFS Server to use the winbind feature support.

Winbind Configuration Parameters

Table 7-1 shows the list of global parameters used to control the behavior of winbind. These

parameters are set in the /etc/opt/samba/smb.conf file in the [global] section. Refer to

the smb.conf man page for more details.

Table 7-1 Global Parameters

DescriptionParameter

This string variable specifies the separator to separate domain name and user

name. For example,winbind separator = \

winbind separator

This variable specifies the UID range for domain users. For example, idmap

uid = 50000–60000

idmap uid

This variable specifies the GID range for domain groups. For example, idmap

gid = 50000–60000

idmap gid

This boolean variable enables enumeration of winbind users. Set this parameter

to Yes to allow and No to disallow enumeration of winbind users.

winbind enum users

This boolean variable enables enumeration of winbind groups. Set this

parameter to Yes to allow and No to disallow enumeration of winbind groups.

winbind enum groups

This string variable specifies the type of the idmap backend that is used. The

syntax can be:

• idmap backend =

This is the default where the local idmap tdb file is used.

• idmap backend = rid:<domain name>=<idmap_rid_range>

The ID mappings are generated by the idmap rid facility. For example,

idmap backend = rid:DomainA=50000–60000.

• idmap backend = ldap:ldap://<ldap server name>[:389]

The ID mapping data is stored in a common LDAP directory server backend.

For example, idmap backend = ldap:ldap://ldapserverA.hp.com.

idmap backend

This integer variable specifies the number of seconds the winbindd daemon

caches user and group information before querying a Windows NT server

again. The default value is 300.

winbind cache time

This boolean variable controls whether to enable or disable winbind caching

for the user or group list entries. When this parameter is set to Yes, the winbind

daemon, winbindd, caches the user or group list entries into the winbindd

cache to reduce the HP CIFS Server response time while enumerating user or

group list. To disable winbind caching for the user or group list entries, set this

parameter to No. The default setting is Yes.

You can also use the winbindd -n command to disable winbind caching

when you start the winbind daemon, this means winbindd always has to wait

a response from the Windows domain controller before it can respond to a

client.

Either the winbindd -n command or winbind cache ug list = No

configuration disables winbind caching for the user or group list entries.

winbind cache ug list

This boolean variable specifies whether the winbindd daemon operates on

users without domain component in their username. Users without a domain

component are treated as a part of the winbindd server's own domain. The

default setting is No.

winbind use default domain

118 Winbind Support