HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Backup Domain Controllers
Advantages of Backup Domain Controllers
HP CIFS Server with BDC support provides the following benefits to the customer:
• The BDC can authenticate user logon for users and workstations that are members of the
domain when the wide area network link to a PDC is down. A BDC plays an important role
in both domain security and network integrity.
• The BDC can pick up network logon requests and authenticate users while the PDC is very
busy on the local network. It can help to add robustness to network services.
• The BDC can be promoted to a PDC if the PDC needs to be taken out of services or fails. This
is an important feature of domain controller management. To promote a BDC to a PDC on
the HP CIFS Server, change the domain master parameter from "no" to "yes".
Limitations
The following is a list of limitations for the BDC support:
• HP CIFS Server can only function as a BDC to an HP CIFS PDC.
• HP CIFS Server and MS Windows server can each function as a BDC to its own type of PDC.
• HP CIFS Server cannot create Security Account Management (SAM) update delta files. It
cannot inter-operate with a PDC to synchronize the SAM from delta files that are held by a
BDC.
• The Samba 3.0 BDC does not support replication to a PDC. Running a Samba 3.0 BDC with
a non-LDAP backend can have the difficulty in synchronizing the SAM database. Refer to
Table 5.1, Domain Backend Account Distribution Option, in the Official Samba HOWTO and
Reference Guide for more information on possible design configuration for a PDC/BDC
infrastructure.
Domain members
• The following member servers are supported:
Windows NT◦
◦ Windows 2000 and Windows 2003
◦ HP CIFS Server
• Users on a domain member machine can access network resources within the domain. Some
examples of these resources are file and printer shares and application servers
• Domain members do not perform the user authentication for user logons. Instead, the member
sends the credentials to a domain controller via a secure channel. The domain controller
checks the credentials against those in its database and returns the results to the member
server. Access is granted based on the results returned
Configure HP CIFS Server as a PDC
When configured to act as a Primary Domain Controller (PDC), the HP CIFS Server should create
machine accounts for Windows Clients (member servers). To enable this feature, choose "Primary
Domain Controller" when executing samba_setup, then verify the following:
1. The smb.conf file is as shown if the HP CIFS Server acting as a PDC does not use the LDAP
backend:
[global]
workgroup = SAMBADOM #Samba Domain
security = user
Configure HP CIFS Server as a PDC 55