Integrate Logins with HP CIFS Server, HP-UX, and Windows 2003R2/2008
18
Note: A “net ads join” will by default add the HP CIFS Server to the computers container in the
Active Directory schema. This can be customized to add the server to other containers in the schema
by adding options for custom placement, such as “net ads join servers”, where servers is the
destination OU in the directory.
Milestone 2
At this point in the configuration a Windows user in the domain should be able to mount a share to
the HP CIFS Server. In the absence of winbind, you will have to configure a username.map file for
local HP-UX UID mapping for logons, and map Active Directory users to local users in /etc/passwd.
Earlier the AD user buffy was created. Now a local user buffy should be created in /etc/passwd.
An /etc/opt/samba/username.map file is created with a single line “buffy = ATCWIN1\buffy”.
Note: The username.map file is very sensitive to syntax, and the syntax may vary based upon your
version of CIFS/Samba. The HP-UX user always is listed first. The Windows user may require the
domain name – as in the example above. The domain name is always the shortened NetBIOS
domain name – NOT the fully qualified domain name. Often a different HP-UX user is mapped, as in
“michelle = ATCWIN1\buffy”.
In the sample smb.conf above, the username.map file is already configured. Verify that the Windows
domain user buffy can map a share to the CIFS/Samba server. This is a temporary step to verify that
CIFS server domain member logons are functioning, before continuing on in the next step.
Use the “HP CIFS Server and Kerberos” whitepaper to find detailed steps to verify that Kerberos
authentication is working correctly.
NOTE: See Appendix F for screen shots of W2008 service principals and CIFS A.02.04 (Samba
3.0.30) changes to service principals. These changes have no effect upon the configuration or
operation of HP-CIFS Server.