HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
NOTE: You must ensure that the password correctly matches with the password for the ldap
admin directory manager. This password is for user administration and is stored for later use. If
the password is incorrect, no error message is displayed, but the user administration will fail when
attempted.
Adding a Samba user to the LDAP directory
An existing POSIX user must already exists in the LDAP directory before you run the smbpasswd
-a command to add the corresponding Samba user and its sambaSamAccount information
required for HP CIFS Server user authentication.
If the POSIX user does not already exist in the LDAP directory server, you must first add the POSIX
user entry with your HP Netscape/Red Hat Directory Server commands. You can use the
ldapmodify tool to add, modify or delete the POSIX user account in an LDAP directory. See the
“LDAP directory management tools” (page 168) section in the “Tool Reference” chapter for more
information on these LDAP directory management tools.
Procedures for Adding a Samba User
1. Use the ldapmodify command to create the POSIX user account entry to the LDAP directory
server:
For example, the following ldapmodify command adds the POSIX user account entry,
usercifs1, to the LDAP directory server, ldapserver:
ldapmodify -a -D "cn=Directory Manager,dc=hp,dc=com" -w dmpasswd
-h ldapserver -f new.ldif
As an example, the following LDIF update file, new.ldif, contains update statements to
create the user account, usercifs1, to the LDAP directory server:
dn: uid=usercifs1,ou=Pepole, dc=example,dc=hp,dc=com
objectclass: top
objectclass: account
objectclass: posixAccount
memberuid: usercifs1
homedirectory: /home/usercifs1
loginshell: /usr/bin/krh
gecos: Usercifs1 Hu, 40N-20
For more information on how to use the ldapmodify tool to modify the entries of the LDAP
directory server using the LDIF update file, refer to the “Creating Directory Entries” chapter in
“Part 1, Administering Red Hat Director Server” of the “Netscape/Red Hat Directory Server
Administrator's Guide”.
2. Run the smbpasswd -a command to add the sambaSamAccount information for a user to
the LDAP directory server if the smb.conf parameter, passwd_backend, is set to ldapsam:
smbpasswd -a <user name>
For example, the following command creates the Samba account for the user, cifsuser1:
smbpasswd -a cifsuser1
Verifying Samba users
You can use the ldapsearch command-line utility to locate and retrieve LDAP directory entries.
This utility opens a connection to the specified server using the specified Distinguished Name (DN)
and password, and locates entries based on the specified search filter.
This section describes a portion of the available options for the ldapsearch command. See the
““LDAP directory management tools” (page 168) section in chapter 13, “Tool Reference” for a more
complete description of this command.
Creating Samba users in directory 95