HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Samba Domain components
As demand requires multiple servers, this model makes use of a directory server and LDAP access.
You must install and configure LDAP-UX Client Services software on all nodes for centralization of
both POSIX and Windows user data. See “LDAP integration support” (page 78) for detailed
information on how to set up LDAP.
WINS is used for multi-subnetted environments. Multi-subnetted environments require
name-to-IP-address mapping to go beyond broadcast limits of a single LAN segment. HP CIFS
Server provides WINS server capabilities, which can be enabled on one node (usually the PDC)
for the domain and whose address needs to be specified in the configuration of the remaining
nodes (usually BDCs and member servers). PC client configurations also can specify the WINS
server address to ensure that they are able to join the domain. Set wins support = yes in
smb.conf on one HP CIFS Server to be the WINS server. Set "wins server = <ip address>"
in smb.conf on the rest of the HP CIFS Servers. Because Samba supplied WINS does not provide
for replication, the WINS server can be a single point of failure in the network. Consider using
Serviceguard on the WINS server, using client host files or static caches of NetBIOS names in DNS
servers if high availability requirements are needed.
HP CIFS Server acting as a PDC
HP CIFS Server configured as a PDC is responsible for Windows authentication throughout the
domain. "security = user" and "domain logons = yes" smb.conf parameters force
this behavior.
Single server installations may use smbpasswd or tdbsam password backends, but large
installations should use the LDAP backend to provide centralized management of both Posix users
and Windows users. Configure LDAP with passdb backend = ldapsam:ldap://<ldap
server name> or passdb backend = ldapsam_compat:ldap://<ldap server name>.
An important characteristic of a CIFS PDC is browsing control. The parameter, domain master
= yes, causes the server to register the NetBIOS name <pdc name>1B, where 1B is reserved for
the domain master browser. This name will be recognized by other servers.
When you integrate the HP CIFS Server acting as a PDC with the LDAP directory, you must install
the HP LDAP-UX Integration software and configure the LDAP-UX client. This permits the consolidation
of POSIX and Windows user accounts on the LDAP directory. The LDAP database can replace
/etc/passwd and smbpasswd, and the PDC can access the LDAP directory for Windows
authentication.
HP CIFS Server acting as a BDC
The configuration of BDCs is similar to that of the PDC. This enables BDCs to carry much of the
network logon processing. A BDC on a local segment handles logon requests and authenticates
users when the PDC is busy on the local network. When a segment becomes heavily loaded, the
responsibility is off-loaded to another segment's BDC or to the PDC. Therefore, you can optimize
resources and add robustness to network services by deploying BDCs throughout the network.
If you set the local master parameter to yes in smb.conf, browsing can also be spread
throughout the network.
You can promote a BDC to a PDC if the PDC needs to be taken out of service or fails. To promote
a BDC to a PDC, change the domain masterparameter from no to yes.
The PDC and BDCs use the central LDAP directory to store common POSIX and Windows accounts
on the LDAP directory. When you integrate the HP CIFS Server acting as a BDC with the LDAP
directory, you must install the HP LDAP-UX Integration software and configure the LDAP-UX client.
The BDC can access the LDAP directory for Windows authentication.
Samba Domain Model 117