HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Advantages
The advantages of using the shared sambaUnixIDPool method are as follows:
– UIDs and GIDs are unique across all domain member servers that access this LDAP
database.
– Native non-winbind users can be authorized using the POSIX objectclass and LDAP
PAM module from the same LDAP database.
– The database can be replicated. Replication reduces the likelihood of data loss and
provides backup servers if the primary server is unavailable.
– A single LDAP database can provide consistent ID data for a large number of domain
member servers and greatly reduces network traffic and the load on domain and
trust Domain Controllers.
• ID mapping
Winbind creates mappings between given Windows SIDs and corresponding HP-UX UIDs
and GIDs. Winbind uses one of the methods described above to create a mapping between
HP-UX UIDs/GIDs and Windows SIDs. With a Windows SID, winbind either finds the existing
UID and GID map or creates a new map if none currently exits.
• Identity storage
Winbind maintains a database where it stores the mappings between HP-UX UIDs and GIDs
and Windows SIDs. In the simplest case, winbind maintains the database in a local Trivial
Data Base (TDB) file called winbind_idmap.tdb. If the idmap backend parameter in
smb.conf has been specified as ldap:ldap://<ldap server name>:[389], then
instead of using a local mapping file, winbind maintains the ID mapping data in the Directory
Server database. It is important to back up the data often, particularly if you use a solution
other than the idmap rid method. Refer to the tdbbackup man page for detailed information
about TDB file backup.
Winbind process flow
Figure 7–1 shows winbind process flow in a Windows Domain environment.
Winbind process flow 99