Manualshelf

HP CIFS Server Administrator's Guide (5900-1282, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
919293949596979899100
2. Reply to the samba_setup program to configure the following global LDAP parameters in
the /etc/opt/samba/smb.conf file:
ldap server
ldap suffix
ldap admin dn
ldap ssl
ldap user suffix
ldap group suffix
ldap idmap suffix
ldap machine suffix
ldap delete dn
ldap passwd sync
ldap replication sleep
ldap timeout
See “LDAP Configuration Parameters (page 91), for detailed information on how to configure
these new parameters.
Creating Samba Users in the Directory
This section describes how to create and verify your Samba users in your LDAP directory.
Adding Credentials
When you use the HP CIFS Server with the LDAP feature support, the smbpasswd command
manipulates user accounts information on the LDAP directory rather than the /var/opt/samba/
private/smbpasswd file. You must add the directory manager credentials to the /var/opt/
samba/private/secrets.tdb file before creating Samba users to the LDAP directory.
Run the following command to save the LDAP credentials for the user who can modify the LDAP
directory for Samba information:
$ smbpasswd -w <password of the LDAP Directory Manager>
For example, the following command saves the credentials of the LDAP directory manager:
$ smbpasswd -w dmpasswd
Where dmpasswd is the password of the LDAP directory manager.
NOTE: You must ensure that the password correctly matches with the password for the ldap
admin directory manager. This password is for user administration and is stored for later use. If
the password is incorrect, no error message is displayed, but the user administration will fail when
attempted.
Adding a Samba User to the LDAP Directory
An existing POSIX user must already exists in the LDAP directory before you run the smbpasswd
-a command to add the corresponding Samba user and its sambaSamAccount information
required for HP CIFS Server user authentication.
If the POSIX user does not already exist in the LDAP directory server, you must first add the POSIX
user entry with your HP Netscape/Red Hat Directory Server commands. You can use the
ldapmodify tool to add, modify or delete the POSIX user account in an LDAP directory. See the
“LDAP Directory Management Tools” (page 166) section in the “Tool Reference” chapter for more
information on these LDAP directory management tools.
Creating Samba Users in the Directory 93