Manualshelf

HP CIFS Windows 2000 Interoperability (October 2002)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
21222324252627282930
CIFS/9000 and Windows 2000 Interoperability
Hewlett-Packard
28
This operation creates an object in the Active Directory for the CIFS/9000 server.
5.2 Windows 2000 and CIFS/9000 Account
Interoperability
Windows 2000 file system security is based upon NTFS file system attributes. User and
group permissions are set and enforced by the usage of user and group Security Identifiers
(SIDs) on Access Control Entries (ACEs) that are contained on Access Control Lists (ACLs).
ACLs are present for NTFS files, directories, and other domain resources. For Windows
2000, SIDs are stored in the Active Directory.
CIFS/9000 Server is an HP-UX user-space application. It runs on UNIX, therefore must
implement UNIX account security on the files and directories that will ultimately be
exported to Windows clients. HP-UX users and groups have synonymous identifiers called
User ID (UID) and Group ID (GID). Like Windows SIDs, UIDs and GIDs are associated with
every UNIX user and group. Permissions for files and directories are set and enforced by the
usage of UIDs and GIDs.
UIDs and GIDs are stored in a UNIX account flat file or database. The typical storage
mechanisms are:
Files: /etc/passwd, /etc/group
NIS
NIS(+)
LDAP Directory
HP-UX must access one of these storage mechanisms to retrieve user account data when
setting or enforcing server resource security, even if the originator of the request is a
Windows client.
HP-UX does not recognize a Windows SID, and therefore does not set or enforce file or
directory permissions based up on the Windows SID. Instead, CIFS/9000 provides a
mapping facility for Windows user names to be associated with an HP-UX user name and its
UID. Using this mapping facility, a Windows user may be assigned an HP-UX UID, and file
permissions may be set and enforced for Windows clients.
The recommended file system for CIFS/9000 Server is JFS 3.3 (VxFS) with the file system
layout version 4 (see http://www.docs.hp.com/hpux/os/11.0/index.html for more details). JFS
3.3 includes POSIX ACL storage and enforcement. CIFS/9000 Server interoperates with JFS
3.3 ACLs, and allows Windows clients to set and manage security attributes on the POSIX
ACL in accordance with the user mapping facility.
Separate Windows and HP-UX account databases must be maintained and synchronized on
their respective platforms to enforce the CIFS/9000 security model:
Ø Windows
Users
Groups
Ø UNIX
Users
Groups
Map
Equivalent Structure
OR