HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Table 15 Unsupported parameters or options (continued)
parameters of template shell and templatehomedir. The default setting
is template
This is a boolean variable. If set to yes, this parameter activates the support for
nested groups. Nested groups are also called local groups or aliases. Nested
winbind nested groups
groups are defined locally on any machine (they are shared between DC's
through their SAM) and can contain users and global groups from any trusted
SAM. To be able to use nested groups, you need to run nss_winbind. This
parameter is not yet supported by HP CIFS Server. You may consider to use net
groupmap. Refer to net groupmap help for detailed information.
A smb.conf example
An example of smb.conf file is shown below:
[global]
workgroup = DomainA # Doamin name
security = domain or ADS
# Winbindd section
idmap uid = 50000-60000
idmap gid = 50000-60000
idmap backend =
winbind enum users = no
winbind enum groups = no
winbind use default domain = no
winbind cache time = 300
# winbind separator = \
template homedir = /home/%U
template shell = /sbin/sh
[shareA]
path = /tmp/shareA
guest ok = no
writable = yes
Configuring Name Service Switch
To use winbind support, you need to configure the Name Service Switch control file,
/etc/nsswitch.conf, to use winbind as the name services for user or group name lookup.
For example, you can set up the /etc/nsswitch.conf file as follows:
passwd: files winbind
group: files winbind
In this example, NSS first checks the files, /etc/passwd and /etc/group, and if no entry is
found, it checks winbind.
For detailed information on how to configure NSS, refer to switch(4) and "Configuring the
Name Service Switch" in NFS Services Administrator's Guide at:
http://docs.hp.com/hpux/netcom/
idmap backend support in Winbind
This section describe the idmap rid backend and LDAP backend for idmap support when using
winbind. Examples of configuration files for each backend are provided.
idmap rid backend support
The idmap rid facility with winbind provides a unique mapping of Windows SIDs to local UNIX
UIDs and GIDs. The idmap rid facility uses the RID of the user SID to generate the UID and GID
by adding the RID number to a configurable base value. Since the RIDs are allocated by the
centrally managed Windows Domain Controller, this tool permits the CIFS winbind daemons to
106 Winbind support