Manualshelf

HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
start_tls using the un-encrypted port number 389 to connect to the
LDAP ADS server. To disable SSL, set it to No. The default value is No.
ssl cert path This string parameter specifies the file location of the certificate
database files, cert8.db and key3.db. For example, ssl cert
path = /etc/opt/samba. The default value is /etc/opt/ldapux.
workgroup This parameter specifies the name of domain in which the HP CIFS
Server is a domain member server.
security When the HP CIFS Server joins to Windows 2000/2003 native mode
domain as a member server, you must set this parameter to ADS.
password server This parameter defines the NetBIOS name or IP address of the
Windows ADS PDC machine that performs the user name authentication
and validation. The default setting of this parameter is *. If set to the
character *, then Samba will attempt to automatically locate the Primary
Domain Controllers.
encrypt passwords It is an optional parameter. If this parameter is set to yes, the
passwords used to authenticate users are encrypted. The default value
is yes.
netbios name Set this parameter to the NetBIOS name by which a member server is
known.
Setting Permissions for a User
When using the net ads join command on an HP-UX machine to join an HP CIFS Server to a
Windows 2000/2003 ADS Domain as a member server, a normal user is not allowed to perform
the net ads join command. You must configure a Windows user to have create/delete computer
object permissions.
The following Windows users are allowed to run the net ads join command:
An administrator
A user is a member of the ”Administrators, Domain Admins", “Enterprise Admins”or
OU Admins group in the Windows ADS Domain Controller, who has create/delete computer
object permissions by default.
A normal user is granted to have create/delete computer object permissions. Without the
privilege, a normal user does not have permissions to create/delete a machine account in the
Windows ADS database for an HP CIFS Server.
Use the following procedures to grant create/delete computer object permissions to a normal user,
cifsuser, as an example on the Windows 2003 ADS Domain:
1. In the Active Directory Users and Computers console, click View and select
Advanced feature.
2. Click on the Computers object and right click on the properties tab.
3. Select the Security tab on the properties window.
4. Click on the Advanced button.
5. In the permission entries list, select Account operators(YOURADS_DOMAIN\Account
operators) with Create/Delete Computer Objects permission.
6. Click on the Add button.
7. Click on the Advanced button.
8. Click on “Object Type" for specifying search scope to "Users" only. You may need to
remain the check box on "Users" only, remove all others of check boxes. And then click on
the OK button.
Joining an HP CIFS Server to a Windows 2000, Windows 2003, and Windows 2008 Domain 73