HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
6. Run the following command to verify your configuration:
$ /opt/ldapux/bin/ldapsearch -T -b "cn=schema" -s base \
"(objectclass=*)"|grep -i posix
Ensure that the posixAccount objectclass is displayed in the output when you run the
ldapsearch command. The output is as follows:
objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard
LDAP objectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $
gidNumber $ homeDirectory) MAY ( userPassword $ loginShell $ gecos
$ description ) X-ORIGIN 'RFC 2307' )
objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard
LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY (
userPassword $ memberUid $description ) X-ORIGIN 'RFC 2307' )
NOTE: You can use the ldapsearch command-line utility to locate and retrieve LDAP
directory entries. This utility opens a connection to the specified server using the specified
Distinguished Name (DN) and password, and locates entries based on the specified search
filter. For details, see the Netscape Directory Server Administrator's Guide or the Red Hat
Directory Server Administrator's Guide available at http://www.docs.hp.com/en/internet.html.
Enabling Secure Sockets Layer (SSL)
The HP CIFS Server provides Secure Sockets Layer (SSL) support to secure communication between
CIFS servers and SSL enabled LDAP directory servers.
If you plan to use SSL and it is not already in use for LDAP, you need to enable it on the Directory
Server and LDAP-UX clients. When you have enabled the LDAP server and clients, then you can
configure the HP CIFS Server to use SSL.
You must set up the Certification Authority (CA) Server properly before you plan to enable SSL
communication over LDAP.
Read the following subsections for more information on configuring the LDAP directory server,
LDAP-UX client and HP CIFS Server with SSL support if you plan to use it.
Configuring the Directory Server to enable SSL
Use the following steps to configure your Netscape Directory Server to enable SSL communication
over LDAP:
1. Obtain and install a certificate for your Directory Server, and configure the Netscape Directory
Server to trust the Certification Authority's (CA's) certificate.
For detailed instructions, see the "Obtaining and Installing Server Certificates" section of the
"Managing SSL" chapter in Netscape Directory Server 6.1 Administrator's Guide at
http://docs.hp.com.
2. Turn on SSL in your directory.
For detailed instructions on how to enable SSL in your directory server, see the "Activating
SSL" section of the "Managing SSL" chapter in Netscape Directory Server 6.1 Administrator's
Guide at http://docs.hp.com.
3. Configure the Administration Server to connect to an SSL-enabled directory server.
For detailed instructions on how to configure the administration server to connect to an SSL
enabled directory server, see Managing Servers with Netscape Console available at
http://docs.hp.com.
86 LDAP integration support