Manualshelf

HP CIFS Server Administrator's Guide (5900-1282, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
919293949596979899100
Advantages
The advantages of using the shared sambaUnixIDPool method are as follows:
UIDs and GIDs are unique across all domain member servers that access this LDAP
database.
Native non-winbind users can be authorized using the POSIX objectclass and LDAP
PAM module from the same LDAP database.
The database can be replicated. Replication reduces the likelihood of data loss and
provides backup servers if the primary server is unavailable.
A single LDAP database can provide consistent ID data for a large number of domain
member servers and greatly reduces network traffic and the load on domain and
trust Domain Controllers.
ID mapping
Winbind creates mappings between given Windows SIDs and corresponding HP-UX UIDs
and GIDs. Winbind uses one of the methods described above to create a mapping between
HP-UX UIDs/GIDs and Windows SIDs. With a Windows SID, winbind either finds the existing
UID and GID map or creates a new map if none currently exits.
Identity storage
Winbind maintains a database where it stores the mappings between HP-UX UIDs and GIDs
and Windows SIDs. In the simplest case, winbind maintains the database in a local Trivial
Data Base (TDB) file called winbind_idmap.tdb. If the idmap backend parameter in
smb.conf has been specified as ldap:ldap://<ldap server name>:[389], then
instead of using a local mapping file, winbind maintains the ID mapping data in the Directory
Server database. It is important to back up the data often, particularly if you use a solution
other than the idmap rid method. Refer to the tdbbackup man page for detailed information
about TDB file backup.
Winbind Process Flow
Figure 7–1 shows winbind process flow in a Windows Domain environment.
98 Winbind Support