HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Unified Domain components
HP CIFS acting as a Windows 200x ADS Member Server
The HP CIFS member server operating in a unified domain depends on the ADS to be aided by
Services For UNIX (SFU). SFU provides the required management of UNIX UID and GID to Windows
SID mappings. SFU and accompanying documentation is available for download at
http://www.microsoft.com/windows/sfu. Because all user management is unified on the Windows
2000/2003 ADS server, winbind is not required and there are no ID consistency issues regardless
of the number of HP CIFS member servers.
HP CIFS Server uses Kerberos security in a Windows Unified Domain setup. For more information
on how to join an HP CIFS Server to a Windows 200x Domain using Kerberos security, see
“Windows 2003 and Windows 2008 domains” (page 68).
Setting up the Unified Domain Model
You need to set up and configure the following components to deploy an Unified Domain Model
using Windows Services For UNIX (SFU):
• Windows 2000 or 2003 domain controller with Active Directory Service (ADS)
• LDAP-UX Integration software B.03.20 or later on HP CIFS member servers
• SFU 3.5 on Windows 2000 or 2003 Domain Controller
• Install, Configure and Join the HP CIFS Server to the SFU enabled Windows 200x domain.
See “Windows 2003 and Windows 2008 domains” (page 68) for details on configuring
and joining the HP CIFS Server to the Windows domain.
Setting up LDAP-UX Client Services on an HP CIFS Server
In the Unified domain model, you integrate HP CIFS domain member servers with the Windows
200x ADS to centralize management of user accounts databases. You must install the HP LDAP-UX
integration software B.03.20 or later, and configure the LDAP-UX client. This permits the
consolidation of Posix and Windows user accounts on the ADS directory.
You also need to configure the /etc/krb5.conffile to authenticate users using Kerberos.
Installing and configuring LDAP-UX Client Services on an HP CIFS Server
The following summarizes major steps you need to take to install and configure an LDAP-UX Client
Services. For detailed instructions on how to install and configure LDAP-UX Client Services to work
with Windows 2000 ADS, refer to chapter 2, "Installing LDAP-UX Client Services" in LDAP-UX
Client Services with Microsoft Windows 2000 Active Directory Server Administrator's Guide,
available at http://docs.hp.com.
1. Install LDAP-UX Client Services on each HP CIFS member server.
2. Migrate your supported name service data to the directory. Refer to the section, "Importing
Name Service Data into Your Directory" in LDAP-UX Client Services with Microsoft Windows
2000 Active Directory Server Administrator's Guide, available at http://docs.hp.com.
3. Run the setup program to configure LDAP-UX Client Services on a client system. Setup does
the following for you:
• Extends your Active Directory schema with the configuration profile schema, if not already
done.
• Creates a start-up file on the client. This enables each client to download the configuration
profile.
• Creates a configuration profile of directory access information in the directory, to be
shared by a group of (or possibly all) clients.
Unified Domain Model 129