Manualshelf

HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
101102103104105106107108109110
cannot differentiate which user actually created the file or directory from a file system
perspective.
Why can’t I use the net groupmap utility to map a windows group to a UNIX group, then
add UNIX members to this group?
The net groupmap feature allows administrators to assign Windows group RIDs to UNIX groups,
so they can be recognized by Windows clients allowing them to be used when setting permissions
on the local server resources. A complete SID is generated by appending the entered RID to the
SID of the server, making local groups on CIFS member servers. You edit /etc/group to add
Windows or winbind names as members, but they are not recognized by the files system when
granting access.
Considering Alternatives
The purpose of winbind is to automate the creation of UIDs and GIDs and maintain their
correspondence to the Windows SIDs in order to minimize identity management efforts but this
may not be required in all environments. Your environment may have few users or may already
have additional HP-UX user requirements for UNIX user activities in which separate Windows and
UNIX management is acceptable (consider the use of a user name map file, see SWAT help for
smb.conf parameter username map). Also, there are several alternatives that may meet your
requirements. Consider the following alternatives before deploying winbind:
Username map script
One alternative to winbind for assigning UIDs is to create and configure a username map
script” to selectively assign users. This allows you to write a script that potentially creates
and/or assigns a native UNIX user name based on the windows name requesting access. The
groups that a specific user belongs to depends on how the script is implemented, but it will
be a native UNIX group because the mapping is to a native UNIX user. The results of the user
name map script overwrite any match in the user name map file if the script provides an output
name.
Create users on-the-fly
One alternative to winbind is to allow an HP-UX user to be added “on-the-fly” during a
Windows user’s first HP CIFS login. Set the add user script parameter in the smb.conf
file. For example:
add user script = /usr/sbin/useradd -g users c "Auto_Account" -s
/bin/false %u
For the above example, the %u is a macro that specifies the Windows user name. The HP-UX
user name is created to match the Windows name. It is stored and is managed in the same
way as other UNIX users separate from Windows users
102 Winbind Support