HP CIFS Server 3.0k Administrator's Guide version A.02.04

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

141

142

143

144

145

146

147

148

149

150

Components for Windows Domain Model

HP CIFS Server supports the NTLMv1/NTLMv2 security used for NT domain membership and

Kerberos security used for Windows 2000/2003 native membership, so HP CIFS Servers can be

managed in any Windows 2000/2003 ADS, Windows 200x mixed mode, or NT environment. HP

CIFS Server does not support a true SAM database and can not participate as a domain controller

in an Windows NT, Windows 2000 or Windows 2003 domain. HP CIFS supports winbind,

which can be used to avoid explicitly allocating POSIX users and groups for Windows users and

groups mapping. Winbind provides UID and GID generation and mapping for Windows users.

Set smb.conf parameters to idmap uid = <uid range> and idmap gid = <gid range>.

See Chapter 7 “Winbind Support” for detailed information on winbind. When you deploy

multiple HP CIFS Servers, you can use the LDAP directory to maintain unique ID maps across

multiple systems. idmap=rid is a smb.conf parameter. To centralize management of ID maps

in an LDAP directory, set the idmap backend parameter to ldap:ldap://<ldap server

name> in the smb.conf file .

You can use wins server = <Windows or NT WINS server address> smb.conf

parameter for access throughout a multi-subnetted network. Avoid using the WINS server

supplied by HP CIFS if Windows or NT WINS servers are available, because HP CIFS WINS

servers cannot replicate the WINS data.

"LDAP-UX Client Service with Micrsoft Windows 2000 Active Directory Administrator's Guide",

available at http://docs.hp.com, provides help for HP-UX ADS client configurations.

An Example of the ADS Domain Model

Figure 9-7 shows an example of the Windows 2000/2003 ADS Domain Model which has the realm

named HPCIF23DOM.ORG.HP.COM, an ADS domain controller machine hpcif23, an HP CIFS

Server machine hpcif54 acting as a native member server and the Netscape Directory Server

system hptem128.

Figure 9-7 An example of the ADS Domain Model

Windows

ADS/DC

“hptem128”

idmaps

“hpcif23”

Realm:

HPCIF23DOM.

.ORG.HP.COM

windows

users

HP CIFS ADS

Member Server

“hpcif54”

NDS LDAP

winbind

kerberos client

winbind daemon

libnss_winbind

idmap backend = ldap

winbind

142 HP CIFS Deployment Models