HP CIFS Server Administrator's Guide Version A.03.01.04 (5900-2303), April 2012

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

101

102

103

104

105

106

107

108

109

110

participate as member servers and may benefit from the use of winbind to create the local

UNIX UIDs and GIDs required to correspond to Windows identities or when other domains

are trusted. Even when a Windows Domain Controller provides primary domain authentication,

HP CIFS member servers would benefit from the use of an LDAP directory server, so winbind

can be used while storing ID maps in an LDAP directory and maintaining unique ID maps

across multiple HP CIFS member servers. You can deploy Winbind with the idmap rid method

when your environment does not require domain trusts.

• Unified Login Domain Model

In the Unified Domain environment, the Windows 2000 or 2003 Domain Controller maintains

the unique user UID and GID data with Windows Services for UNIX (SFU). So that it is not

necessary to deploy winbind.

Configuring HP CIFS Server with Winbind

You must set up and configure your HP CIFS Server to use the winbind feature support.

Winbind configuration parameters

Table 7-1 shows the list of global parameters used to control the behavior of winbind. These

parameters are set in the /etc/opt/samba/smb.conf file in the [global] section. Refer to

the smb.conf man page for more details.

Table 14 Global parameters

DescriptionParameter

This string variable specifies the separator to separate domain name and user

name. For example,winbind separator = \

winbind separator

This variable specifies the UID range for domain users. For example, idmap

uid = 50000–60000

idmap uid

This variable specifies the GID range for domain groups. For example, idmap

gid = 50000–60000

idmap gid

This boolean variable enables enumeration of winbind users. Set this parameter

to Yes to allow and No to disallow enumeration of winbind users.

winbind enum users

This boolean variable enables enumeration of winbind groups. Set this

parameter to Yes to allow and No to disallow enumeration of winbind groups.

winbind enum groups

This string variable specifies the type of the idmap backend that is used. The

syntax can be:

idmap backend

• idmap backend =

This is the default where the local idmap tdb file is used.

• idmap backend = rid:<domain name>=<idmap_rid_range>

The ID mappings are generated by the idmap rid facility. For example, idmap

backend = rid:DomainA=50000–60000.

• idmap backend = ldap:ldap://<ldap server name>[:389]

The ID mapping data is stored in a common LDAP directory server backend.

For example, idmap backend = ldap:ldap://ldapserverA.hp.com.

This integer variable specifies the number of seconds the winbindd daemon

caches user and group information before querying a Windows NT server again.

The default value is 300.

winbind cache time

This boolean variable controls whether to enable or disable winbind caching

for the user or group list entries. When this parameter is set to Yes, the winbind

winbind cache ug list

daemon, winbindd, caches the user or group list entries into the winbindd

104 Winbind support