HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
3. Use the following ldapsearch command to verify that you have updated the schema in the
Directory Server with the Samba subschema:
$ /opt/ldapux/bin/ldapsearch -T -b "cn=schema" -s base \
"(objectclass=*)"|grep -i samb
You need to ensure that the output displays the following sambaSamAccount objectclass
when you run the ldapsearch command:
objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount'
DESC 'Samba 3.0 Auxilary SAM Account' STRUCTURAL MUST ( uid $
sambaSID )
Migrating your data to the Directory Server
HP recommends that all UNIX user accounts either in the /etc/passwd file or NIS database files
are migrated to the Directory Server. The LDAP-UX Integration product provides migration scripts
to accomplish the task in an automated way. These scripts are located in /opt/ldapux/migrate
directory. The two shell scripts, migrate_all_online.sh and
migrate_all_nis_online.sh, migrate all your source files in the/etc directory or NIS maps,
while the perl scripts, migrate_passwd.pl, migrate_group.pl, and migrate_hosts.pl,
migrate individual files. The shell scripts call the perl scripts. For detailed information for a complete
description of the migration scripts, and what they do, and how to use them, see the
/opt/ldapux/README files or the "Name Service Migration Scripts" section of LDAP-UX Client
Services B.03.20 Administrator's Guide at http://docs.hp.com
Migrating all your files
The two shell scripts, migrate_all_online.sh and migrate_all_nis_online.sh, migrate
all your name service data either to an LDAP Data Interchange Format (LDIF) file or directly into
your directory. The migrate_all_online.sh shell script gets information from the source files,
such as /etc/passwd, /etc/group, and /etc/hosts. The migrate_all_nis_online.sh
script gets information from your NIS maps using the ypcat(1) command. The scripts take no
parameters but prompt you for needed information. They also prompt you for whether to leave the
output as LDIF or to add the entries to your directory.
NOTE: HP recommends that you keep a small subset of users in the /etc/passwd file, such as
the root user or IT manager. This allows root users having the different password across HP-UX
systems. Also, if the LDAP directory server is unavailable, you can still log into the system.
NOTE: Before you run the migration scripts, you must edit the /opt/ldapux/migrate/
migrate_common.ph file to change the default group objectclass under $RFC2307BIS structure
from ou=Group to ou=Groups. By doing this, it can match with the Samba organizational unit
defaults.
An example
The following example shows the necessary steps to import your data into the LDAP directory using
the migration script, migrare_all_online.sh:
1. Set the environment variable, LDAP_BASEDN, to specify where you want to store your data:
For example, the following command sets the LDAP base DN to org.hp.com:
$ export LDAP_BASEDN="dc=org, dc=hp, dc=com"
Migrating your data to the Directory Server 89