Manualshelf

HP-UX HB v13.00 Ch-20 - CIFS

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Virtual Server Operating Environment (VSE-OE) LTU
21222324252627282930
HP-UX Handbook Rev 13.00 Page 22 (of 40)
Chapter 20 CIFS
October 29, 2013
We have often realized that applications such as MS Outlook and SAP printing have problems if
oplocks is turned to yes. At least as a test we recommend to set it to no:
oplocks = no
General user validation
Sometimes it is important to have a good insight to what happens if a user “maps a network
drive” on his Windows client or just enters a UNC path in the run command line of the startmenu
like \\sambasrv. The first step is called session-setup and the second is called tree-connect.
session-setup:
At first cifs-server (samba) examines if a Windows-account/Windows-user is known to the
system. How cifs-server will authenticate the user which sends an "encrypted password" from
Windows is ruled by smb.conf configuration:
smbpasswd (security = share/user)
a Windows-password-server (security = domain/server)
tree-connect:
After successful validation of the Windows-access the Windows-user will be mapped. If the
Windows-user equals a unix-user then cifs-server will look into the /etc/passwd (NIS
respectively). If the Windows-user does not match a unix-user cifs-server will look up the the
nt-user in the user.map file:
mapable to unix-user then /etc/passwd (or NIS)
if unknown then map to "guest account"
The following picture will illustrate this for a Samba which is configured as Domain-Member-
Server. Which includes "encrypt passwords = yes”, as WindowsNT, Windows2000 and
WindowsXP send encrypted passwords only.