HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
NOTE: The difference between the access based share enum (S) parameter and
the access based enumeration parameter is that in access based share enum
(S) only the share permissions are evaluated and security descriptors are not used in computing
enumeration access rights.
• cache directory (G)
This parameter specifies the directory where the TBD files containing non-persistent data are
stored. The default setting of this parameter is cache directory =
/var/opt/samba/locks.
• client ntlmv2 auth (G)
This parameter determines if smbclient(8) authenticates servers using the NTLMv2 encrypted
password requests. If you enable this parameter, only NTLMv2 and LMv2 responses are
authenticated and NTLMv1 client lanman auth and client plaintext auth
authentication is disabled. If you disable this parameter, then an NTLM response is sent by
the client. The default setting for this parameter is client ntlmv2 auth = no.
NOTE: Web sites that follow the Best Practice security polices enable only NTLMv2 responses.
• client ldap sasl wrapping (G)
This parameter defines whether the LDAP traffic is signed or sealed. The values for this
parameter are plain, sign, and seal.
The client ldap sasl wrapping (G) parameter is useful when Domain Controllers
are enforcing the usage of signed LDAP connections. You can control the LDAP sign and
seal with the "HKLM\System\CurrentControlSet\Services\ NTDS\Parameters\
LDAPServerIntegrity" registry key on a Windows server. The default setting for this
parameter is client ldap sasl wrapping = plain.
NOTE: For HP CIFS Server, the krb5 library is used as a MIT version library. The default
plain value does not affect the krb5 clock skew errors.
• cups connection timeout (G)
NOTE: This parameter is available only when printing value is set to cups.
This parameter specifies the time is seconds that smbd must wait when trying to connect to
the CUPS server. The connection fails after the set time. The default setting for this parameter
is cups connection timeout = 30.
• debug class (G)
When this boolean parameter is enabled, it displays the debug class (DBGC_CLASS)
in the debug header. The default setting for this parameter is debug class = no.
• dedicated keytab file (G)
This parameter specifies the path of the Kerberos keytab file when the kerberos method
is set to dedicated keytab. The default setting for this parameter is dedicated keytab
file = [/usr/local/etc/krb5.keytab].
• init logon delayed hosts (G)
This parameter specifies the host names, addresses, and networks for which the samlogon
must be delayed. Use the init logon delay parameter to set the delay time. The default
setting for this parameter is init logon delayed hosts = [150.203.5.
myhost.mynet.de ].
TDB Memory-Mapped access for HP CIFS Server 151