Manualshelf

HP CIFS Windows 2000 Interoperability (October 2002)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
11121314151617181920
CIFS/9000 and Windows 2000 Interoperability
Hewlett-Packard
14
SIDHistory and the accompanying tools are important elements that must be fully
understood. Microsoft has provided many documents explaining SIDHistory in detail.
If a new Windows 2000 domain is being designed, then SIDHistory’s Native Mode
dependancy is not so important. Also, SIDHistory emphasis is directly related to usage of
ACLs on domain resources. If ACLs are not used, or if most resource ACLs are POSIX (like
with CIFS/9000 see the topic in the “Active Directory” module), then SIDHistory will likely
not be an issue.
3.4 PDC Emulator
Windows 2000 Advanced Directory domains include the designation of a PDC Emulator, or
FSMO PDC Emulator (Flexible Single Operation Master). The PDCE is usually resident on
the forest root domain controller in both Mixed Mode and Native Mode domains, but includes
NT4.0 functionality when the domain is in Mixed Mode.
A Native Mode PDCE provides the following services:
Password changes replicated to preferentially: Any password change at a DC in the
domain will be replicated to the PDCE first.
Bad password logon attempts routed here: A bad password at logon could be the
result of a password change from some other DC in the domain. Since the PDCE gets
all password changes preferentially, any bad password at logon gets routed here to
ensure that the password was not changed , but did not have time to be replicated
throughout the domain.
Account Lockouts: All domain account lockouts are processed here.
Group Policy Objects: The PDCE holds the domain Group Policy Objects
A Mixed Mode PDCE provides all of the Native Mode PDCE services, plus the following:
Holds the write copy of the SAM database: The SAM database is the NT4.0 account
facsimile that provides NT4.0 compatibility in Mixed Mode.
Distributes SAM database to BDCs in the domain.
Acts as the domain Master Browser to update browse lists throughout the domain
(NetBIOS Suffix <0x1B>).
Because a member server does not hold a copy of the ADS or SAM database, a member
server is not affected by the services that the FSMO PDC Emulator provides. CIFS/9000
Server assumes a member server role in a Windows domain.
3.5 Windows 2000 Domain Mode: CIFS/9000
Interoperability
The decision to implement Windows 2000 in Mixed Mode or Native Mode has important
functionality ramifications throughout the domain. However, the CIFS/9000 server can
operate in either mode fairly transparently because:
CIFS/9000 Server is a Member server
CIFS/9000 Server has no SAM database
CIFS/9000 Server processes no Windows user/group updates
CIFS/9000 Server passes through all authentication requests
CIFS/9000 Server is not affected by the group functionality that is added with Native
Mode
CIFS/9000 Server is administered by SWAT (Samba Web Administration Tool), and
is not affected by Windows 2000 administration policies