Manualshelf

HP CIFS Windows 2000 Interoperability (October 2002)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
31323334353637383940
CIFS/9000 and Windows 2000 Interoperability
Hewlett-Packard
33
A group properties screen from the extended schema shows the following attributes:
UNIX Attributes tab
UNIX Group ID
UNIX group members
5.4 CIFS/9000 Access Control Lists
Windows 2000 resides on the Microsoft Windows NTFS file system, and utilizes NTFS ACLs.
CIFS/9000 preferably resides on the JFS 3.3 file system, and utilizes POSIX ACLs. NTFS
ACLs are integrated with the Windows SID security model, and POSIX ACLs are integrated
with the UNIX UID security model. Although a POSIX UID can be placed upon the
Windows user principal in the ADS (as has been shown in the previous topic) Windows does
not have the ability to interpret the UID or enforce security based upon its user
identification. Conversely, HP-UX does not have the ability to interpret a Windows SID or
enforce security based upon its user identification.
To enforce Windows user permissions on files and directories that reside on HP-UX and JFS,
the Windows user must be mapped to the HP-UX UID. This can be accomplished through
implicitly mapping the users by using the same name for Windows and HP-UX, or by
explicitly mapping the users with the usermap.txt file that is configurable in Samba. The
mapped UID is then placed upon the ACL, and permissions are enforced by JFS and HP-UX.
Unified Login accomplishes user mapping transparently by using one username for both
Windows and HP-UX accounts, without the need for a mapping file.
5.5 ADS Integration Issues
5.5.1 ACL management from Windows 2000 Pro
NT4.0 clients can manage CIFS/9000 JFS 3.3 ACLs from explorer, just like a native NTFS
ACL. The same operation from a Windows 2000 Pro client results in the explorer aborting
intermittently. This is caused by a change to the SMB calls used by the Windows 2000 Pro
client to modify ACLs. A fix for this problem is known and being integrated into the
CIFS/9000 Server code.
5.5.2 Unified Logon UNIX Group Management
Windows 2000 Advanced Server administration tools add the Windows distinguished user
name to the POSIX group member user lists. The POSIX user name should be added not
the Windows 2000 distinguished user name. This problem has been reported to Microsoft.
5.5.3 HP-UX User Name 8 Characters
HP-UX user names are limited to 8 characters in length. A primary benefit of Unified Login
is the consolidation of 2 platform user names Windows and HP-UX into 1 user name. To
accomplish this, the Windows user name must comply with the HP-UX length restriction of 8
characters.
SFU 2.0 (required for Unified Login) will extend the ADS schema and the scripts will add
the user name based upon the HP-UX data source (/etc/passwd or NIS). It will actually place