HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Where <directory server name> is the fully qualified name of the target directory server.
• HP CIFS Server A.02.03 or later supports the start_tls option to the ldap_ssl parameter.
To enable SSL connections to the directory server, set the following parameters one of the two
ways shown below in the [Global] section of the smb.conf file:
To use the SSL port 636 set:
ldap ssl = yes
If you choose to use the Start TLS option with port 389 set:
ldap ssl = start_tls
For detailed information on how to enable SSL on the HP CIFS Server, see “LDAP configuration
parameters” (page 92).
Extending the Samba subschema into your Directory Server
You now need to extend the Directory Server schema with the Samba subschema from the HP CIFS
Server into your Directory Server. Ensure that you have configured your LDAP directory and LDAP-UX
Client Services before extending the schema.
Set the passwd backend parameter to ldapsam:ldap://<ldap server name>.
Samba subschema differences between HP CIFS Server versions
New HP CIFS Server releases sometimes extend the attributes for use but update are backwards
compatible with older versions of LDAP schemas.
Procedures to extend the Samba subschema into your Directory Server
Use the following steps to extend the Samba subschema
/opt/samba/LDAP3/98samba–3.4.3.ldif in HP CIFS Server A.02.* into the Directory
Server:
1. Run the ftp commands to get the /opt/samba/LDAP3/98samba-3.4.3.ldif file from
the HP CIFS Server and place it in the Directory Server:
For example, the following commands copy /opt/samba/LDAP3/98samba-3.4.3.ldif
file from the HP CIFS Server to the /var/opt/netscape/servers/
sldapd-hostA.hp.com/config/schema/98samba-3.4.3.ldif file in the Directory
Server, hostA.hp.com:
cd /opt/samba/LDAP3
ftp hostA.org.hp.com
user root
root passwd
cd /var/opt/netscape/servers/sldapd-hostA.hp.com/config/schema
put 98samba-3.4.3.ldif
quit
2. Log in to your Directory Server and restart the daemon, slapd. This is to ensure that the
sambaSamAccount subschema is recognized by the LDAP directory.
$ /var/opt/netscape/servers/slapd-<server name>/restart-slapd
For example:
$ /var/opt/netscape/servers/slapd-hostA.hp.com/restart-slapd
88 LDAP integration support