HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
“workgroup” parameter of smb.conf. Enter and confirm the trust password and select
OK.
• To add Windows 2000 as a trusted domain, click the Add button next to the box titled
“Domains that trust this domain”. For “Trusting Domain”, enter the Samba
PDC domain name. Enter and confirm the trust password and select OK.
5. When prompted, review the confirmation and select Yes.
6. Enter the administrator name and password.
7. Select Finish, and then OK.
For an Windows 2003 domain controller, use the Administrative Tools utility to perform
the following steps:
1. From the Start menu, select Programs -> Administrative Tools -> Active
Directory Domains and Trusts.
2. Right click on the desired Active Directory domain name and select Properties.
3. Select the tab Trusts, then click New Trusts. Click Next.
4. Specify the Samba PDC domain name and select Next. The Samba domain name is the
domain name specified in the “workgroup” parameter in smb.conf.
5. Select your choice of trust type, One-way: incoming, One-way: outgoing, or Two-way and
select Next.
6. Enter and confirm the trust password.
7. Review and select Next.
8. Select Yes and select Next, two more times.
9. Select Finish and then OK.
NOTE: Windows Server 2003 Service Pack 1 (SP1) may require the RestrictAnonymous
registry subkey to be set to 0 and the value of the RestrictNullSessAccess registry subkey
also to be set to 0. Run regedit from the start button and find RestrictNullSessAccess
under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ LanmanServer\
Parameters. For more details, refer to “trusts RestrictNullSessAccess” on the Microsoft TechNet
at http://technet.microsoft.com.
Alternatively, if you do not want to change the registry on Windows Server 2003 Service Pack 1
(SP1), you can use the --set-auth-user option of the wbinfo command to set a domain user
account and password for the Winbind service. Using this option enables the Winbind service to
authenticate itself with a valid domain user account while accessing the user and group information
from the Windows 2003 Server.
To create the corresponding configuration of the Samba domain PDC for two way trust relationship
with the Windows domain, logon as root and execute the following steps:
1. Run the following command to start the winbind daemon:
startsmb -winbind
2. Add a trust account for the trusting Windows domain to /etc/passwd. Add the trusting
domain name with the “$” using the useradd command.
For example, the following command adds a trust account for the trusting Windows domain
name, windomainA, to /etc/passwd:
useradd windomainA$
Due to the maximum name length of 8 for the useradd command, you may need to edit
/etc/passwd to add the trusting Windows domain name account.
3. Run smbpasswd to add a trusting Windows domain Samba account to your trusted Samba
domain database and create a password for the trusting account. Use the same trusting
76 Windows 2003 and Windows 2008 domains