HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Table 13 Global parameters (continued)
DescriptionParameter
Specifies whether the HP CIFS Server should sync the LDAP password
with the NT and LM hashes for normal accounts on a password
change. This option can be set to one of three values:
ldap passwd sync
• Yes: Update the LDAP, NT and LM passwords and update the
pwdLastSet time.
• No: Update NT and LM passwords and update the pwdLastSet
time.
• Only: Only update the LDAP password and let the LDAP server do
the rest.
The default value is No.
When Samba is requested to write to a read-only LDAP replica, it is
redirected to talk to the read-write master server. This server then
ldap replication sleep
replicates the changes back to the local server. The replication might
take some seconds, especially over slow links. Certain client activities
can become confused by the 'success' that does not immediately
change the LDAP back-end's data. This option simply causes Samba
to wait a short time and allows the LDAP server to catch up. The value
is specified in milliseconds, the maximum value is 5000 (5 seconds).
By default, ldapreplication sleep = 1000 (1 second).
Specifies in seconds how long the HP CIFS Server waits for the LDAP
server to respond to the connect request if the LDAP server is down
or unreachable. The default value is 15 (in seconds).
ldap timeout
Specifies the Secure Sockets Layer (SSL) support. HP CIFS Server
A.02.03 or later supports theldap ssl = start_tls option.
ldap ssl
Specifies Yes to enable this feature using the port number 636 to
connect to the LDAP directory server. If you choose to use Start TLS,
set it to start_tls to enable SSL using port number 389 to connect to
the LDAP directory server. To disable SSL , set it to No. By default,
this parameter is set to No.
Specifies if the Samba must use Secure Sockets Layer (SSL) support
when connecting to the LDAP server, using the Active Domain Server
(ADS) methods.
NOTE: The Remote Procedure Call (RPC) methods are not affected
by the ldap ssl ads parameter. If the ldap ssl is value is
set to no, this will not affect the ldap ssl ads parameter.
ldap ssl ads
Specifies in seconds how long the LDAP library calls must wait for
the LDAP servers to connect the request. The ldap connection
ldap connection
timeout
timeout parameter is useful in failure scenarios when one or more
LDAP servers are not reachable. The ldap connection timeout
parameter must be supported by the LDAP library.
NOTE: The ldap connection timeout is different from the
ldap timeout parameter as this parameter does not affect any
LDAP server operations.
By default, this parameter is set to ldap connection timeout = 2
Configuring LDAP feature support
After installing the HP CIFS Server, the existing configuration continues to operate as currently
configured. To enable the LDAP support, you must configure the relative LDAP configuration
parameters in the /etc/opt/samba/smb.conf file by using the SWAT tool or the editor.
NOTE: HP recommends that new installation customers run the samba_setup program to set
up and configure the HP CIFS Server.
Configuring the HP CIFS Server 93