HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

121

122

123

124

125

126

127

128

129

130

For more information on how to configure Unified Login, see Integrate Logins with HP CIFS Server,

HP-UX, and Windows 2003R2 at: http://www.docs.hp.com/en/15204/CIFSUnifiedLogin.pdf.

Unified Domain Components

HP CIFS Acting as a Windows 200x ADS Member Server

The HP CIFS member server operating in a unified domain depends on the ADS to be aided by

Services For UNIX (SFU). SFU provides the required management of UNIX UID and GID to Windows

SID mappings. SFU and accompanying documentation is available for download at

http://www.microsoft.com/windows/sfu. Because all user management is unified on the Windows

2000/2003 ADS server, winbind is not required and there are no ID consistency issues regardless

of the number of HP CIFS member servers.

HP CIFS Server uses Kerberos security in a Windows Unified Domain setup. For more information

on how to join an HP CIFS Server to a Windows 200x Domain using Kerberos security, see

“Windows 2003 and Windows 2008 Domains” (page 68).

Setting up the Unified Domain Model

You need to set up and configure the following components to deploy an Unified Domain Model

using Windows Services For UNIX (SFU):

• Windows 2000 or 2003 domain controller with Active Directory Service (ADS)

• LDAP-UX Integration software B.03.20 or later on HP CIFS member servers

• SFU 3.5 on Windows 2000 or 2003 Domain Controller

• Install, Configure and Join the HP CIFS Server to the SFU enabled Windows 200x domain.

See “Windows 2003 and Windows 2008 Domains” (page 68) for details on configuting

and joining the HP CIFS Server to the Windows domain.

Setting up LDAP-UX Client Services on an HP CIFS Server

In the Unified domain model, you integrate HP CIFS domain member servers with the Windows

200x ADS to centralize managemnt of user accounts databases. You must install the HP LDAP-UX

integration software B.03.20 or later, and configure the LDAP-UX client.This permits the consolidation

of Posix and Windows user accounts on the ADS directory.

You also need to configure the /etc/krb5.conffile to authenticate users using Kerberos.

Installing and Configuring LDAP-UX Client Services on an HP CIFS Server

The following summarizes major steps you need to take to install and configure an LDAP-UX Client

Services. For detailed instructions on how to install and configure LDAP-UX Client Services to work

with Windows 2000 ADS, refer to chapter 2, "Installing LDAP-UX Client Services" in LDAP-UX

Client Services with Microsoft Windows 2000 Active Directory Server Administrator's Guide,

available at http://docs.hp.com.

1. Install LDAP-UX Client Services on each HP CIFS member server.

2. Migrate your supported name service data to the directory. Refer to the section, "Importing

Name Serice Data into Your Directory" in LDAP-UX Client Services with Microsoft Windows

2000 Active Directory Server Administrator's Guide, available at http://docs.hp.com.

3. Run the setup program to configure LDAP-UX Client Services on a client system. Setup does

the following for you:

• Extends your Active Directory schema with the configuration profile schema, if not already

done.

• Creates a start-up file on the client. This enables each client to download the configuration

profile.

Unified Domain Model 129