HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

9 HP CIFS Deployment Models....................................................................113

Introduction..........................................................................................................................113

Samba Domain Model..........................................................................................................113

Samba Domain Components.............................................................................................116

HP CIFS Server Acting as a PDC...................................................................................116

HP CIFS Server Acting as a BDC...................................................................................116

HP CIFS Acting as the Member Server...........................................................................117

An example of the Samba Domain Model...........................................................................117

A Sample smb.conf File For a PDC................................................................................117

Configuration Options.................................................................................................118

A Sample smb.conf File For a BDC................................................................................119

Configuration Options.................................................................................................119

A Sample smb.conf File for a Domain Member Server.....................................................119

Configuration Options.................................................................................................120

A Sample /etc/nsswitch.ldap File..................................................................................120

Windows Domain Model......................................................................................................121

Components for Windows Domain Model...........................................................................122

An Example of the ADS Domain Model..............................................................................122

A sample smb.conf file For an HP CIFS ADS Member Server.............................................122

A Sample /etc/krb5.conf File.......................................................................................124

A Sample /etc/nsswitch.conf File..................................................................................124

An Example of Windows NT Domain Model.......................................................................125

A Sample smb.conf File for an HP CIFS Member Server...................................................125

Unified Domain Model..........................................................................................................127

Unified Domain Components.............................................................................................128

HP CIFS Acting as a Windows 200x ADS Member Server...............................................128

Setting up the Unified Domain Model.................................................................................128

Setting up LDAP-UX Client Services on an HP CIFS Server......................................................128

Installing and Configuring LDAP-UX Client Services on an HP CIFS Server...........................128

Configuring /etc/krb5.conf to Authenticate Using Kerberos..............................................129

Installing SFU 3.5 on a Window 2000 or 2003 Domain Controller........................................129

An Example of the Unified Domain Model..........................................................................129

A sample smb.conf file For an HP CIFS Member Server....................................................130

A Sample /etc/krb5.conf File.......................................................................................130

A Sample /etc/nsswitch.conf File..................................................................................131

10 Securing HP CIFS Server........................................................................132

Security Protection Methods...................................................................................................132

Restricting Network Access................................................................................................132

Using Host Restrictions.................................................................................................132

An Example...........................................................................................................132

Using Interface Protection.............................................................................................132

Interface Protection Example....................................................................................132

Using a Firewall..........................................................................................................133

Using an IPC$ Share-Based Denial................................................................................133

Protecting Sensitive Information..........................................................................................133

Encrypting Authentication.............................................................................................133

Protecting Sensitive Configuration Files...........................................................................134

Using %m Name Replacement Macro With Caution.............................................................134

Restricting Execute Permission on Stacks..............................................................................135

Automatically Receiving HP Security Bulletins............................................................................135

Reporting New Security Vulnerabilities................................................................................135

11 CIFS File System Module (CFSM) Support.................................................136

Using the CIFS File System Module (CFSM) for Concurrent NFS Client Access ..............................136

Stacking CFSM....................................................................................................................136

Contents 7