HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

141

142

143

144

145

146

147

148

149

150

• Security Files

An important security file is secrets.tdb. Machine account information is among the important

contents of this file. Since this file will be updated periodically (as defined in smb.conf by

machine password timeout, 604800 seconds by default), HP recommends that you locate

secrets.tdb on a shared logical volume. The location of the secrets.tdb file is defined by the

smb.conf parameter, private dir. For example, private dir =

/var/opt/samba/shared_vol_1/private will result in the file

/var/opt/samba/shared_vol_1/private/secrets.tdb.

User authentication is also dependent on several entries in different security files. Other

important security files are the user password file, smbpasswd and passdb.tdb. If you have

your Samba server configured with the "passdb backend = smbpasswd", for example,

then you have an smbpasswd file. By default, this file is located in the path

/var/opt/samba/private but the passdb backend parameter can be in two parts, the

backend name and a location string that has meaning only to that particular backend. For

example, passdb backend =

tdbsam:/var/opt/samba/private/path1/passdb.tdb,

smbpasswd:/var/opt/samba/private/path2/smbpasswd will result in files

/var/opt/samba/private/path1/passdb.tdb and /var/opt/samba/private/path2/smbpasswd.

For both the machine account file and user password file, HP recommends that you store the

files in a common and secure directory on a shared logical volume.

• Username Mapping File

If you configure your Samba server to use a username mapping file, HP recommends that you

configure it to be located on a shared logical volume. This way, if changes are made, all the

nodes will always be up-to-date. The username mapping file location is defined in smb.conf

by the parameter username map, e.g. username map =

/var/opt/samba/shared_vol_1/username.map. There is no username map file by

default.

• Winbind Configurations

Add the commented winbind lines in samba.mon and samba.cntl as reviously described.

Winbind makes use of several files winbindd.pid, winbindd_cache.tdb, winbindd_idmap.tdb,

and directory winbindd_privileged, in the /var/opt/samba/locks directory.

You may want to put the entire /var/opt/samba/locks directory on a logical shared volume

but the locking data may not be correctly interpreted after a failover. You may want to add

a line to your startup script to remove the locking data file .../locks/locking.tdb.

• Samba as a WINS Server

If you configure your Samba server to be a WINS server by setting the wins support

parameter to yes, it will store the WINS database in the file

/var/opt/samba/locks/WINS.DAT.

If this file is not on a logical shared volume, when a failover occurs, there will be a short period

of time when all the WINS clients update the Samba WINS server with their address. However,

if this short period of time to restore the WINS database is not acceptable, you can reduce

the period of time to restore the full WINS service.

To do so, configure /var/opt/samba/locks/WINS.DAT to be a symbolic link to a WINS.DAT

file on a logical shared volume. HP does not recommend putting the entire

/var/opt/samba/locks directory on a logical shared volume, because the locking data may

not be correctly interpreted after a failover.

146 Configuring HA HP CIFS