HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Configure DOS attribute mapping
map system, map hidden and map archive attributes
There are three parameters, map system, map hidden, and map archive, that can be configured
in Samba to map DOS file attributes to owner, group, and other execute bits in the UNIX file
system.
When using the CIFS Client, you may want to have all three of these parameters turned off. If the
map archive parameter is on, any time a user writes to a file, the owner execute permission will
be set. This is usually not desired behavior for HP CIFS clients or UNIX clients in general.
By default, map system and map hidden are off, and map archive is on.
To turn map archive off, modify /etc/opt/samba/smb.conf as follows:
map archive = no
map readonly attribute
The smb.conf parameter, map readonly, controls how the DOS read only attribute should be
mapped from a UNIX files system
Three valid settings for this parameter are:
yes The read only DOS attribute is mapped to the inverse of the user (owner) write
bit in the UNIX permission mode set. If the owner write bit is not set, the read
only attribute is reported as being set on the file.
permissions The read only DOS attribute is mapped to the effective permissions of the
connecting user, as evaluated by reading the UNIX permissions and POSIX ACL
(if present). If the connecting user does not have permission to modify the file,
the read only attribute is reported as being set on the file.
no The read only DOS attribute is unaffected by permissions.
By default, the map readonly attribute is set to “yes”. Samba uses user (owner) access permission
to determine whether a file is read only. The file access permission is determined by the POSIX
write access permission for user (owner). If the write permission on a file is not set for the user
(owner), then Samba treats that file as read-only. Once Samba identifies a file as read-only, any
write access attempting to that file would immediately result in access denied error. Group members
are unable to write to a file with UNIX write access permission disabled for the user (such as 070
or 060).
If you set this parameter to “permissions”, the file access permissions for group members will
be evaluated by validating UNIX group permissions. Group members can write to files with UNIX
write permission enabled for the group (such as 060 or 070). The smb.conf parameter, store
dos attributes, must be set to No (default), otherwise, the map readonly parameter setting
will be ignored.
Configuring Print Services for HP CIFS Version A.03.01.03
This section provides information about configuring Print Services on systems running HP CIFS
version A.03.01.03. The HP CIFS Server now provides the following NT printing functionality:
• Support for Windows Access Control Lists (ACL) on printer objects
Information about setting up and configuring each of the Print Services (except ACLs) is shown in
the following sections. Information about configuring ACL Support is discussed in a previous section.
Configuring a [printers] share
The following is a minimal printing setup. Use either one of the following two procedures to create
a [printers] share:
22 Installing and configuring HP CIFS Server