HP CIFS Server Administrator's Guide (5900-1282, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

121

122

123

124

125

126

127

128

129

130

Figure 31 Unified Domain

Windows

ADS DC/SFU

HP-UX

Client

HP CIFS

Windows

and UNIX

users

Member

Server

The Unified Domain Model consists of a Windows 200x server with Active Directory Services

(ADS) configured as a Domain Controller (DC), and a single or multiple HP CIFS member servers.

To use the Windows 200x ADS server as a data repository to consolidate Windows and UNIX

user accounts, you need to install the Services for UNIX (SFU) add-on package which extends the

Active Directory schema based on RFC 2307 to allow integration of POSIX attributes. All user

management is unified on the Windows 2000/2003 ADS Server; winbind is not required. You

must install and configure the LDAP-UX Integration software on your HP CIFS member server. The

LDAP-UX Integration software helps HP CIFS Server machine access UNIX user account data from

the ADS Server.

"LDAP-UX Client Service with Micrsoft Windows 2000 Active Directory Administrator's Guide",

available at http://docs.hp.com, provides help for HP-UX ADS client configurations.

For more information on how to configure Unified Login, see Integrate Logins with HP CIFS Server,

HP-UX, and Windows 2003R2 at: http://www.docs.hp.com/en/15204/CIFSUnifiedLogin.pdf.

Unified Domain Components

HP CIFS Acting as a Windows 200x ADS Member Server

The HP CIFS member server operating in a unified domain depends on the ADS to be aided by

Services For UNIX (SFU). SFU provides the required management of UNIX UID and GID to Windows

SID mappings. SFU and accompanying documentation is available for download at

http://www.microsoft.com/windows/sfu. Because all user management is unified on the Windows

2000/2003 ADS server, winbind is not required and there are no ID consistency issues regardless

of the number of HP CIFS member servers.

HP CIFS Server uses Kerberos security in a Windows Unified Domain setup. For more information

on how to join an HP CIFS Server to a Windows 200x Domain using Kerberos security, see

“Windows 2003 and Windows 2008 Domains” (page 68).

Setting up the Unified Domain Model

You need to set up and configure the following components to deploy an Unified Domain Model

using Windows Services For UNIX (SFU):

• Windows 2000 or 2003 domain controller with Active Directory Service (ADS)

• LDAP-UX Integration software B.03.20 or later on HP CIFS member servers

128 HP CIFS Deployment Models