HP CIFS Server Administrator's Guide Version A.03.01.01 (5900-1282, May 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

101

102

103

104

105

106

107

108

109

110

UNIX user requirements are likely to drive management of users in Samba Domain deployments.

HP recommends that you use the syncsmbpasswd script to generate Samba user entries

based on the existing UNIX user entries. See the syncsmbpasswd man page for more

information. Note that the name "syncsmbpasswd" originates from the name of the password

file. This tool only creates Samba user entries, it is not possible to translate UNIX passwords

into Samba passwords. Winbind bases its mappings on existing Windows/Samba identities

rather than existing UNIX users so it may be of little use in many Samba Domains.

Domain member servers may use winbind to minimize management of all domain users.

However, HP CIFS Primary Domain Controllers may only make use of winbind to minimize

management of trusted domain users.

• Windows Domain Model

In the Windows Domain deployment, Window NT or ADS Domain Controller does not utilize

Windows Services for UNIX (SFU) to maintain UNIX UID and GID data. HP CIFS Servers

participate as member servers and may benefit from the use of winbind to create the local

UNIX UIDs and GIDs required to correspond to Windows identities or when other domains

are trusted. Even when a Windows Domain Controller provides primary domain authentication,

HP CIFS member servers would benefit from the use of an LDAP directory server, so winbind

can be used while storing ID maps in an LDAP directory and maintaining unique ID maps

across multiple HP CIFS member servers. You can deploy Winbind with the idmap rid method

when your environment does not require domain trusts.

• Unified Login Domain Model

In the Unified Domain environment, the Windows 2000 or 2003 Domain Controller maintains

the unique user UID and GID data with Windows Services for UNIX (SFU). So that it is not

necessary to deploy winbind.

Configuring HP CIFS Server with Winbind

You must set up and configure your HP CIFS Server to use the winbind feature support.

Winbind Configuration Parameters

Table 7-1 shows the list of global parameters used to control the behavior of winbind. These

parameters are set in the /etc/opt/samba/smb.conf file in the [global] section. Refer to

the smb.conf man page for more details.

Table 14 Global Parameters

DescriptionParameter

This string variable specifies the separator to separate domain name and user

name. For example,winbind separator = \

winbind separator

This variable specifies the UID range for domain users. For example, idmap

uid = 50000–60000

idmap uid

This variable specifies the GID range for domain groups. For example, idmap

gid = 50000–60000

idmap gid

This boolean variable enables enumeration of winbind users. Set this parameter

to Yes to allow and No to disallow enumeration of winbind users.

winbind enum users

This boolean variable enables enumeration of winbind groups. Set this

parameter to Yes to allow and No to disallow enumeration of winbind groups.

winbind enum groups

104 Winbind Support