HP CIFS Server Administrator's Guide Version A.03.01.02 (5900-1766, September 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

100

Table 13 Global Parameters (continued)

DescriptionParameter

Specifies whether the HP CIFS Server should sync the LDAP password

with the NT and LM hashes for normal accounts on a password

change. This option can be set to one of three values:

ldap passwd sync

• Yes: Update the LDAP, NT and LM passwords and update the

pwdLastSet time.

• No: Update NT and LM passwords and update the pwdLastSet

time.

• Only: Only update the LDAP password and let the LDAP server do

the rest.

The default value is No.

When Samba is requested to write to a read-only LDAP replica, it is

redirected to talk to the read-write master server. This server then

ldap replication sleep

replicates the changes back to the local server. The replication might

take some seconds, especially over slow links. Certain client activities

can become confused by the 'success' that does not immediately

change the LDAP back-end's data. This option simply causes Samba

to wait a short time and allows the LDAP server to catch up. The value

is specified in milliseconds, the maximum value is 5000 (5 seconds).

By default, ldapreplication sleep = 1000 (1 second).

Specifies in seconds how long the HP CIFS Server waits for the LDAP

server to respond to the connect request if the LDAP server is down

or unreachable. The defualt value is 15 (in seconds).

ldap timeout

Specifies the Secure Sockets Layer (SSL) support. HP CIFS Server

A.02.03 or later supports theldap ssl = start_tls option.

ldap ssl

Specifies Yes to enable this feature using the port number 636 to

connect to the LDAP directory server. If you choose to use Start TLS,

set it to start_tls to enable SSL using port number 389 to connect to

the LDAP directory server. To disable SSL , set it to No. By default,

this parameter is set to No.

Specifies if the Samba must use Secure Sockets Layer (SSL) support

when connecting to the LDAP server, using the Active Domain Server

(ADS) methods.

NOTE: The Remote Procedure Call (RPC) methods are not affected

by the ldap ssl ads parameter. If the ldap ssl is value is

set to no, this will not affect the ldap ssl ads parameter.

ldap ssl ads

Specifies in seconds how long the LDAP library calls must wait for

the LDAP servers to connect the request. The ldap connection

ldap connection

timeout

timeout parameter is useful in failure scenarios when one or more

LDAP servers are not reachable. The ldap connection timeout

parameter must be supported by the LDAP library.

NOTE: The ldap connection timeout is different from the

ldap timeout parameter as this parameter does not affect any

LDAP server operations.

By default, this parameter is set to ldap connection timeout = 2

Configuring LDAP Feature Support

After installing the HP CIFS Server, the existing configuration continues to operate as currently

configured. To enable the LDAP support, you must configure the relative LDAP configuration

parameters in the /etc/opt/samba/smb.conf file by using the SWAT tool or the editor.

Configuring the HP CIFS Server 93