HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

101

102

103

104

105

106

107

108

109

110

NOTE: On HP-UX 11v1 and v2, this solution is limited by the useradd command’s eight

character maximum name length. All the Windows user names have to be limited to eight

characters. The command fails if the %u macro user name does not meet the constraints of the

useradd command.

NOTE: On HP-UX 11v3, you can explicitly enable the system for expanded user and group

names by using the lugadmin command. Refer to the lugadmin man page for details. The

lugadmin –e option enables long user name. When the system is enabled for long user

and group names, it cannot be disabled. When the expanded user and group name feature

is enabled, all the user and group management commands (useradd, usermod, userdel,

groupadd, groupmod and groupdel) allow you to create and update users with long user

and group names. Some products have limitations, consult HP-UX 11v3 documentation before

enabling long name feature.

• Unified Login (Microsoft Identity Manager for UNIX or Services For Unix)

For environments with Windows 2003 or 2008 Domain Controllers, Microsoft offers Identity

Management for Unix or Services for UNIX (SFU) which provide a variety of tools to support

Windows and UNIX inter-operability including sharing identity credentials. IMU and SFU

download and technical papers are available from Microsoft’s TechNet at the following web

site:

http://technet.microsoft.com

SFU features are incorporated into Windows Active Directory Server 2003 Release 2 (R2),

so no download is necessary for this version.

There are two approaches to integrate HP-UX account management and authentication with

Windows IMU and SFU:

◦ NIS

One of the SFU tools, Server for NIS, enables Windows to serve as a NIS server. Windows

Active Directory Server (ADS) stores user account and group information including SID,

UID, and GID in the Windows ADS schema.

◦ LDAP

When using LDAP-UX Client Services, HP-UX uses Windows ADS directly. SID, UID, and

GID information is stored as attributes of a user account in the Windows ADS schema.

With IMU and SFU, HP CIFS Server can access both Windows and UNIX identity information

from the Windows Domain Controller.

For more information on configuring HP CIFS Server for Unified Login, see Integrate Logins

with HP CIFS Server, HP-UX, and Windows 2003R2 at: http://www.docs.hp.com/en/15204/

CIFSUnifiedLogin.pdf.

HP CIFS Deployment Model Consideration

When winbind is desired, consider how your environment best fits into the following HP

CIFS deployment models. See Chapter 9 (page 114) for detailed information on HP CIFS

deployment models.

• Samba Domain Model

A Samba Domain consists of HP CIFS Servers and no Windows Domain Controllers. The

Samba Domain deployment may benefit from the use of winbind when the domain trusts

other domains. Rather than managing local UNIX users for corresponding Windows/Samba

users for all trusted domains, winbind can be used to generate the UIDs and GIDs required

for the trusted domains. When multiple domains are involved, HP suggests that you configure

winbind with LDAP to use the sambaUnixIDPool identity allocation algorithm.

When and How to Deploy Winbind 103