HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Components for Windows Domain Model
HP CIFS Server supports the NTLMv1/NTLMv2 security used for NT domain membership and
Kerberos security used for Windows 2000/2003 native membership, so HP CIFS Servers can be
managed in any Windows 2000/2003 ADS, Windows 200x mixed mode, or NT environment.
HP CIFS Server does not support a true SAM database and can not participate as a domain
controller in an Windows NT, Windows 2000 or Windows 2003 domain. HP CIFS supports
winbind, which can be used to avoid explicitly allocating POSIX users and groups for Windows
users and groups mapping. Winbind provides UID and GID generation and mapping for Windows
users. Set smb.conf parameters to idmap uid = <uid range> and idmap gid = <gid
range>. See “Winbind support” (page 97) for detailed information on winbind. When you
deploy multiple HP CIFS Servers, you can use the LDAP directory to maintain unique ID maps across
multiple systems. idmap=rid is a smb.conf parameter. To centralize management of ID maps
in an LDAP directory, set the idmap backend parameter to ldap:ldap://<ldap server
name> in the smb.conf file .
You can use wins server = <Windows or NT WINS server address> smb.conf
parameter for access throughout a multi-subnetted network. Avoid using the WINS server supplied
by HP CIFS if Windows or NT WINS servers are available, because HP CIFS WINS servers cannot
replicate the WINS data.
"LDAP-UX Client Service with Microsoft Windows 2000 Active Directory Administrator's Guide",
available at http://docs.hp.com, provides help for HP-UX ADS client configurations.
An example of the ADS Domain Model
Figure 9-7 shows an example of the Windows 2000/2003 ADS Domain Model which has the
realm named HPCIF23DOM.ORG.HP.COM, an ADS domain controller machine hpcif23, an HP
CIFS Server machine hpcif54 acting as a native member server and the Netscape Directory
Server system hptem128.
Figure 29 An example of the ADS Domain Model
Windows
ADS/DC
“hptem128”
idmaps
“hpcif23”
Realm:
HPCIF23DOM.
.ORG.HP.COM
windows
users
HP CIFS ADS
Member Server
“hpcif54”
NDS LDAP
winbind
kerberos client
winbind daemon
libnss_winbind
idmap backend = ldap
winbind
A sample smb.conf file for an HP CIFS ADS Member Server
The following is a sample Samba configuration File, /etc/smb.conf, used for an HP CIFS Server
machine hpcif54 acting as a ADS member server in the sample ADS Domain Model shown in
Figure 9-7:
Windows Domain Model 123