HP CIFS Server Administrator's Guide Version A.03.01.04 (5900-2303), April 2012

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

101

102

103

104

105

106

107

108

109

110

centrally managed Windows Domain Controller, this tool permits the CIFS winbind daemons to

generate unique HP-UX UIDs and GIDs across the domain. It can be used for synchronization of

mappings across multiple CIFS servers without an LDAP directory. You can use the idmap rid

facility in a Windows NT domain or a Windows 2000/2003 ADS domain, but it can not be used

in Windows trusted domains.

In HP CIFS Server A.02.03 or later, the idmap rid shared library, idmap_rid.sl(so), is

changed to rid.sl(so).

Limitations using idmap rid

• The idmap rid facility is only used in a single Windows domain. It doesn't work with

Windows trusted domains. Using the idmap rid method requires that you set the allow

trusted domains parameter to No.

• You must set the idmap_rid range to be equal to both idmap uid and idmap gid ranges

in the smb.conf file.

• When you set the idmap backend parameter to rid, UIDs and GIDs mapping data is only

stored locally.

Configuring and using idmap rid

To use the idmap rid method, you must configure the following parameters in the smb.conf

file:

• Set idmap backend to rid:<domain name>=<idmap_rid range>.

• Set allow trusted domains to No.

An example of smb.conf using rid is shown below:

[global]

workgroup = DomainA # Doamin name

security = domain or ADS

# idmap section

idmap uid = 50000-60000

idmap gid = 50000-60000

idmap backend = rid:DomainA=50000-60000

allow trusted domains = no

Check the log file to see if the rid shared library is loaded after you configure and setup rid.

LDAP backend support

When multiple CIFS Servers participate in a Windows NT or Windows ADS domain and make

use of winbind, you can configure multiple CIFS Servers to store ID maps in an LDAP directory.

Making use of an LDAP server and configuring CIFS servers with the idmap backend parameter

in smb.conf will ensure that all UIDs and GIDs are unique across the domain. This is important

in order to support Windows access to NFS shares.

NOTE: The HP CIFS Server does not support the ad option for idmap backend. For Windows

ADS environments, you can consider to use idmap rid. See the “idmap rid Backend Support”

section for detailed information

Configuring the LDAP backend

To manage ID maps in an LDAP backend server, set idmap backend = ldap:ldap://<LDAP server

name>. The following is an example of /etc/smb.conf file which has machine

ldaphostA.company.com as the idmap backend:

[global]

workgroup = DomainA # Doamin name

idmap backend support in Winbind 107