HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

101

102

103

104

105

106

107

108

109

110

Configuring Name Service Switch

To use winbind support, you need to configure the Name Service Switch control

file,/etc/nsswitch.conf, to use winbind as the name services for user or group name lookup.

For example, you can set up the /etc/nsswitch.conf file as follows:

passwd: files winbind

group: files winbind

In this example, NSS first checks the files, /etc/passwd and /etc/group, and if no entry is

found, it checks winbind.

For detailed information on how to configure NSS, refer to switch(4) and "Configuring the

Name Service Switch" in NFS Services Administrator's Guide at:

http://docs.hp.com/hpux/netcom/

idmap Backend Support in Winbind

This section describe the idmap rid backend and LDAP backend for idmap support when using

winbind. Examples of configuration files for each backend are provided.

idmap rid Backend Support

The idmap rid facility with winbind provides a unique mapping of Windows SIDs to local UNIX

UIDs and GIDs. The idmap rid facility uses the RID of the user SID to generate the UID and GID

by adding the RID number to a configurable base value. Since the RIDs are allocated by the

centrally managed Windows Domain Controller, this tool permits the CIFS winbind daemons to

generate unique HP-UX UIDs and GIDs across the domain. It can be used for synchronization of

mappings across multiple CIFS servers without an LDAP directory. You can use the idmap rid

facility in a Windows NT domain or a Windows 2000/2003 ADS domain, but it can not be used

in Windows trusted domains.

In HP CIFS Server A.02.03 or later, the idmap rid shared library, idmap_rid.sl(so), is

changed to rid.sl(so).

Limitations Using idmap rid

• The idmap rid facility is only used in a single Windows domain. It doesn't work with

Windows trusted domains. Using the idmap rid method requires that you set the allow

trusted domains parameter to No.

• You must set the idmap_rid range to be equal to both idmap uid and idmap gid ranges

in the smb.conf file.

• When you set the idmap backend parameter to rid, UIDs and GIDs mapping data is only

stored locally.

Configuring and Using idmap rid

To use the idmap rid method, you must configure the following parameters in the smb.conf

file:

• Set idmap backend to rid:<domain name>=<idmap_rid range>.

• Set allow trusted domains to No.

An example of smb.conf using rid is shown below:

[global]

workgroup = DomainA # Doamin name

security = domain or ADS

# idmap section

idmap uid = 50000-60000

idmap Backend Support in Winbind 107