HP HP-UX Common Internet File System Administrator's Guide
HP CIFS Server Administrator's Guide Version A.03.02.00
HP-UX 11i v3
HP Part Number: 5900-2578
Published: January 2013
© Copyright 2012, 2013 Hewlett-Packard Development Company, L.P.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial
Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under
vendor's standard commercial license.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
HP CIFS Server is derived from the Open Source Samba product and is subject to the GPL license.
Trademark Acknowledgements
UNIX® is a registered trademark of The Open Group. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation.
Contents
About this document....................................................................................10
Intended audience..................................................................................................................10
New and changed documentation in this edition........................................................................10
Typographical conventions.......................................................................................................10
Publishing history....................................................................................................................10
Document organization...........................................................................................................11
HP welcomes your comments...................................................................................................12
1 Introduction to the HP CIFS Server...............................................................13
HP CIFS Server description and features....................................................................................13
Features............................................................................................................................13
Samba open source software and HP CIFS Server..................................................................14
Flexibility..........................................................................................................................14
HP CIFS Server documentation: Printed and Online.....................................................................15
HP CIFS documentation roadmap.............................................................................................15
HP CIFS Server file and directory roadmap................................................................................17
2 Installing and configuring the HP CIFS Server...............................................19
HP CIFS Server requirements and limitations...............................................................................19
HP CIFS Server installation requirements...............................................................................19
HP CIFS Server memory requirements...................................................................................19
Software requirements........................................................................................................19
Swap space requirements...................................................................................................19
Memory requirements.........................................................................................................20
Step 1: Installing HP CIFS Server software..................................................................................20
An example......................................................................................................................21
Step 2: Running the configuration script.....................................................................................21
Step 3: Modify the configuration..............................................................................................22
Configuration modification..................................................................................................22
Configure case sensitivity....................................................................................................22
Configure for SMB2 Features...............................................................................................24
Configuring print services for HP CIFS version A.03.02.00......................................................24
Configuring a [printers] share.........................................................................................24
Creating a [printers] share..............................................................................................25
Setup Server for automatically uploading printer driver files................................................25
Setup Client for automatically uploading of printer drivers..................................................26
Publishing printers in an MS Windows 2003/2008 R2 ADS domain.......................................26
Setting up HP CIFS Server for publishing printers support....................................................26
Publishing printers from a windows client..........................................................................27
Verifying that the printer is published...............................................................................28
Commands used for publishing printers............................................................................29
Searching printers....................................................................................................29
Removing a printer...................................................................................................29
Re-Publishing a printer...............................................................................................29
Setting up Distributed File System (DFS) support.....................................................................29
Setting up a DFS Tree on a HP CIFS Server.......................................................................30
Setting up DFS links in the DFS root directory on a HP CIFS Server.......................................30
MC/ServiceGuard high availability support..........................................................................31
Step 4: Starting the HP CIFS Server...........................................................................................31
Starting and stopping daemons individually..........................................................................32
Configuring automatic start at system boot............................................................................32
Stopping and re-starting daemons to apply new settings.........................................................32
Contents 3
Other samba configuration issues.............................................................................................33
Translate open-mode locks into HP-UX advisory locks..............................................................33
Performance tuning using change notify................................................................................33
Special concerns when using HP CIFS Server on a Network File System (NFS) or a Clustered File
System (CFS).....................................................................................................................33
NetBIOS names are not supported on port 445.....................................................................34
3 Managing HP-UX file access permissions from Windows
NT/XP/2000/Vista/Windows 7..................................................................35
Introduction............................................................................................................................35
UNIX file permissions and POSIX ACLs......................................................................................35
Viewing UNIX permissions from windows..............................................................................35
The VxFS POSIX ACL file permissions....................................................................................38
Using the Windows NT Explorer GUI to create ACLs...................................................................39
Using the Windows Vista Explorer GUI to create ACLs................................................................41
POSIX ACLs and Windows XP, Windows Vista and Windows 7 clients..........................................44
Viewing UNIX permissions from Windows XP, Windows Vista and Windows 7 clients.................44
Setting permissions from Windows XP, Windows Vista and Windows 7 clients...........................45
Viewing ACLs from Windows 7 clients..................................................................................46
Displaying the owner of a file..............................................................................................47
HP CIFS Server directory ACLs and Windows XP, Windows Vista and Windows 7 clients................47
Directory ACL types............................................................................................................47
Viewing ACLs from Windows 7 clients..................................................................................47
Viewing basic ACLs from Windows 7 clients.....................................................................47
Viewing advanced ACLs from Windows 2000 clients........................................................48
Mapping Windows XP directory inheritance values to POSIX...................................................49
Modifying directory ACLs from Windows XP clients................................................................50
Removing an ACE entry from Windows XP clients..............................................................52
Examples................................................................................................................52
Adding directory ACLs from Windows XP clients....................................................................54
POSIX default owner and owning group ACLs........................................................................55
POSIX ACEs with zero permissions.......................................................................................55
In conclusion..........................................................................................................................55
4 Windows style domains............................................................................57
Introduction............................................................................................................................57
Advantages of the Samba Domain model.............................................................................57
Primary domain controllers..................................................................................................57
Backup domain controllers..................................................................................................58
Advantages of backup domain controllers........................................................................58
Limitations....................................................................................................................58
Domain members...............................................................................................................58
Configure the HP CIFS Server as a PDC.....................................................................................58
Configure the HP CIFS Server as a BDC....................................................................................59
Promote a BDC to a PDC in a Samba Domain.......................................................................60
Domain member server...........................................................................................................60
Configure the HP CIFS Server as a member server..................................................................60
Join an HP CIFS Server to an NT Domian, Windows 2000/2003 (as a pre-Windows 2000
computer), or Samba Domain.............................................................................................61
Step-by-step procedure...................................................................................................62
Create the machine trust accounts.............................................................................................62
Configure domain users...........................................................................................................64
Join a Windows client to a Samba Domain................................................................................64
Roaming profiles....................................................................................................................67
Configuring roaming profiles...............................................................................................67
Configuring user logon scripts..................................................................................................68
4 Contents
Running logon scripts when logging on.................................................................................68
Home drive mapping support...................................................................................................68
Trust relationships...................................................................................................................69
Configuring smb.conf for trusted users..................................................................................69
Establishing a trust relationship on an HP CIFS PDC with another Samba Domain......................69
Establishing a trust relationship on an HP CIFS PDC with an NT domain....................................70
Trusting an NT Domain from a Samba Domain.................................................................70
Trusting a Samba Domain from an NT domain..................................................................70
Establishing a trust relationship on an HP CIFS member server of a Samba Domain or an NT
domain............................................................................................................................70
5 Windows 2003 and Windows 2008 domains.............................................71
Introduction............................................................................................................................71
HP CIFS and other HP-UX Kerberos applications co-existence........................................................71
HP-UX Kerberos client software and LDAP integration software dependencies..................................71
Strong authentication support ..................................................................................................72
Steps to install Certification Authority (CA) on a Windows ADS server......................................72
Steps to download the CA certificates from Windows CA server..............................................73
Configuring HP CIFS server to enable startTLS........................................................................73
Joining an HP CIFS server to a Windows 2003 and Windows 2008 domain.................................74
Configuration parameters....................................................................................................74
Setting permissions for a user..............................................................................................75
Step-by-step procedure.......................................................................................................76
Trust relationships...................................................................................................................78
Establishing external trust relationships between HP CIFS PDCs and Windows 2003 and Windows
2008 domains..................................................................................................................78
Establishing a trust relationship on an HP CIFS member server of a Windows 2003 or Windows
2008 domain...................................................................................................................79
6 LDAP integration support...........................................................................81
Overview..............................................................................................................................81
HP CIFS server advantages.................................................................................................82
Network environments.............................................................................................................82
Domain model networks.....................................................................................................82
CIFS Server acting as the Primary Domain Controller (PDC)................................................82
CIFS Server acting as the member server..........................................................................82
CIFS Server acting as Backup Domain Controller (BDC) to Samba PDC................................82
CIFS server acting as an Active Directory Service (ADS) member server................................82
Workgroup model networks................................................................................................83
UNIX user authentication - /etc/passwd, NIS migration..........................................................83
The CIFS authentication with LDAP integration........................................................................83
Summary of installing and configuring......................................................................................84
Installing and configuring your directory server...........................................................................84
Installing the directory server...............................................................................................84
Configuring your directory server.........................................................................................85
Verifying the directory server...............................................................................................85
Installing LDAP-UX client services on an HP CIFS server................................................................85
Configuring the LDAP-UX client services.....................................................................................85
Quick configuration............................................................................................................86
Enabling Secure Sockets Layer (SSL)..........................................................................................89
Configuring the directory server to enable SSL.......................................................................89
Configuring the LDAP-UX client to use SSL..............................................................................90
Configuring HP CIFS Server to enable SSL.............................................................................90
Extending the Samba subschema into your directory server..........................................................91
Samba subschema differences between HP CIFS Server versions..............................................91
Procedures to extend the Samba subschema into your directory...............................................91
Contents 5
Migrating your data to the directory server................................................................................92
Migrating all your files........................................................................................................92
An example..................................................................................................................92
Migrating individual files....................................................................................................93
Environment variables....................................................................................................93
General syntax for perl migration scripts...........................................................................93
Migration scripts...........................................................................................................93
Examples.....................................................................................................................94
Migrating your data from one backend to another.................................................................94
Configuring the HP CIFS Server................................................................................................95
LDAP configuration parameters............................................................................................95
Configuring LDAP feature support.........................................................................................96
Creating Samba users in the directory.......................................................................................97
Adding credentials.............................................................................................................97
Adding a Samba user to the LDAP directory .........................................................................98
Verifying Samba uers.........................................................................................................98
Syntax.........................................................................................................................99
Option.........................................................................................................................99
Example......................................................................................................................99
Management tools..................................................................................................................99
7 Winbind support....................................................................................100
Overview............................................................................................................................100
Winbind features..................................................................................................................100
Winbind process flow...........................................................................................................102
Winbind supports non-blocking, asynchronous functionality........................................................103
When and how to deploy Winbind........................................................................................104
Commonly asked questions...............................................................................................104
Considering alternatives....................................................................................................105
Configuring HP CIFS Server with Winbind...............................................................................107
Winbind configuration parameters.....................................................................................107
Unsupported parameters or options...............................................................................108
A smb.conf example....................................................................................................109
Configuring Name Service Switch......................................................................................109
idmap backend support in Winbind........................................................................................109
idmap rid backend support ..............................................................................................109
Limitations using idmap rid ...............................................................................................110
Configuring and using idmap rid.......................................................................................110
LDAP backend support .....................................................................................................110
Configuring the LDAP backend..........................................................................................110
Starting and stopping winbind...............................................................................................111
Starting winbind..............................................................................................................111
Stopping winbind............................................................................................................111
Automatically starting winbind at system startup...................................................................111
An Example for file ownership by winbind users.......................................................................111
wbinfo Utility.......................................................................................................................112
8 Kerberos support....................................................................................113
Introduction..........................................................................................................................113
Kerberos overview................................................................................................................113
Kerberos CIFS authentication example................................................................................114
HP-UX Kerberos application co-existence..................................................................................114
Components for Kerberos configuration...............................................................................114
Configuring krb5.keytab...................................................................................................115
6 Contents
9 HP CIFS deployment models....................................................................117
Introduction..........................................................................................................................117
Samba domain model...........................................................................................................117
Samba Domain components..............................................................................................120
HP CIFS Server acting as a PDC....................................................................................120
HP CIFS Server acting as a BDC...................................................................................120
HP CIFS acting as the member server.............................................................................121
An example of the Samba Domain model...........................................................................121
A Sample smb.conf file for a PDC.................................................................................121
Configuration options..................................................................................................122
A Sample smb.conf file for a BDC.................................................................................123
Configuration options..................................................................................................123
A Sample smb.conf file for a domain member server.......................................................123
Configuration options..................................................................................................124
A Sample /etc/nsswitch.ldap file..................................................................................124
Windows domain model.......................................................................................................125
Components for Windows domain model...........................................................................126
An Example of the ADS domain model...............................................................................126
A sample smb.conf file For an HP CIFS ADS member server..............................................126
A sample /etc/krb5.conf file........................................................................................128
A sample /etc/nsswitch.conf file...................................................................................128
An example of Windows NT domain model........................................................................129
A Sample smb.conf file for an HP CIFS member server.....................................................129
Unified domain model...........................................................................................................131
Unified domain components..............................................................................................132
HP CIFS acting as a Windows 200x ADS member server.................................................132
Setting up the unified domain model..................................................................................132
Setting up LDAP-UX client services on an HP CIFS Server.......................................................132
Installing and configuring LDAP-UX client services on an HP CIFS Server.............................132
Configuring /etc/krb5.conf to authenticate using Kerberos...............................................133
Installing SFU 3.5 on a Window 2003 or 2008 R2 ADS Domain Controller............................133
An Example of the Unified omain Model.............................................................................133
A sample smb.conf file for an HP CIFS member server.....................................................134
A sample /etc/krb5.conf file........................................................................................134
A sample /etc/nsswitch.conf file...................................................................................135
10 Securing HP CIFS Server........................................................................136
Security protection methods....................................................................................................136
Restricting network access.................................................................................................136
Using host restrictions..................................................................................................136
An example...........................................................................................................136
Using interface protection.............................................................................................136
Interface protection example....................................................................................136
Using a firewall...........................................................................................................137
Using an IPC$ share-based denial.................................................................................137
Protecting sensitive information..........................................................................................137
Encrypting authentication.............................................................................................137
Protecting sensitive configuration files.............................................................................138
Using %m name replacement macro With caution................................................................138
Restricting execute permission on stacks..............................................................................139
Restricting user access......................................................................................................139
Automatically receiving HP security bulletins.............................................................................139
Reporting new security vulnerabilities..................................................................................140
11 Configuring HA HP CIFS........................................................................141
Overview of HA HP CIFS Server.............................................................................................141
Contents 7
Recommended clients.......................................................................................................141
Installing highly available HP CIFS Server...........................................................................141
HA HP CIFS Server installation......................................................................................141
Configure a highly available HP CIFS Server.......................................................................142
Introduction................................................................................................................142
Instructions.................................................................................................................142
Edit the package configuration file samba.conf...............................................................144
Edit the samba.cntl control script ..................................................................................145
Edit the samba.mon monitor script.................................................................................147
Create the MC/ServiceGuard binary configuration file....................................................147
Special notes for HA HP CIFS Server.......................................................................................148
12 HP-UX configuration for HP CIFS.............................................................154
HP CIFS process model.........................................................................................................154
TDB memory-mapped access for HP CIFS Server.......................................................................154
Fixed size memory map support on HP-UX 11i v3 PA systems.................................................154
Configuration parameters.............................................................................................154
Mostly Private Address Space (MPAS) support on HP-UX 11i v3 IA systems...............................158
Unified file cache support on an HP-UX 11i v3 system...........................................................159
What to do if you encounter memory map error messages....................................................159
Constraints......................................................................................................................159
Overview of Kernel configuration parameters...........................................................................160
Configuring Kernel parameters for HP CIFS..............................................................................160
Swap space requirements.................................................................................................161
Memory requirements.......................................................................................................161
13 Tool reference.......................................................................................162
HP CIFS management tools....................................................................................................162
Smbpasswd ...................................................................................................................162
Syntax.......................................................................................................................163
Examples...................................................................................................................164
Syncsmbpasswd..............................................................................................................164
Options.....................................................................................................................164
Example....................................................................................................................164
Pdbedit ..........................................................................................................................165
Syntax.......................................................................................................................165
Examples...................................................................................................................167
net ................................................................................................................................168
Net commands...........................................................................................................168
Syntax for net user.......................................................................................................169
Examples...................................................................................................................170
wbinfo ...........................................................................................................................170
Syntax.......................................................................................................................170
Examples...................................................................................................................172
LDAP directory management tools...........................................................................................172
ldapmodify.....................................................................................................................173
Syntax.......................................................................................................................173
ldapmodify options.....................................................................................................173
Examples...................................................................................................................173
ldapsearch......................................................................................................................173
Syntax.......................................................................................................................174
ldapsearch options......................................................................................................174
Examples...................................................................................................................174
ldapdelete......................................................................................................................174
Syntax.......................................................................................................................175
ldapdelete options......................................................................................................175
8 Contents
Examples...................................................................................................................175
Glossary..................................................................................................176
Index.......................................................................................................178
Contents 9
About this document
This document describes how to install, configure, and administer the HP CIFS Server product. It
is the official documentation supported for the HP CIFS Server product. This document provides
HP-UX common variations, features, and recommendations tested and supported by HP. Other
documentations such as The Samba How To Collection and Using Samba, 2nd Edition supplied
with the HP CIFS Server product are provided as a convenience to the user. This document and
all the previous-release related documents are located at www.hp.com/go/hpux-networking-docs.
Intended audience
This document is intended for system administrators, who want to install, configure, and administer
the HP CIFS Server product. For additional information about the HP CIFS Server, see HP CIFS
Server documentation online at www.hp.com/go/hpux-networking-docs.
New and changed documentation in this edition
This edition documents the following changes for HP CIFS Server version A.03.02.00:
• HP CIFS Server version A.03.02.00 is based on open source Samba 3.6.6.
• HP CIFS Server now supports Windows Server 2008, Windows Server 2008r2, Windows
Vista and Windows 7 operating systems. Support for these operating systems is documented.
NOTE: Starting from version A.03.01.xx, HP CIFS Server does not provide support for CFSM.
HP provides support only for the contents described in the HP CIFS Server Administrator Guide.
Typographical conventions
Table 1 Documentation conventions
display, program/script code and
command names or parameters.
Publishing history
Table 2 Publishing history details
Document Manufacturing Part
Number
5900–2303
5900–2006
Operating Systems
Supported
11i v3
11i v3
ExamplesFontType of Information
> user logged in.MonotypeRepresentations of what appears on a
ItalicsEmphasis in text, actual document titles.
Users should verify that the power is turned off before
removing the board.
Related DocumentsBoldHeadings and sub-headings.
Publication DateSupported Product
Versions
January 2013A.03.02.00HP-UX 11i v35900-2578
April 2012A.03.01.04HP-UX 11i v2 and HP-UX
October 2011A.03.01.03HP-UX 11i v2 and HP-UX
10
5900-1743
September 2011A.03.01.02HP-UX 11i v35900-1766
May 2011A.03.01.01HP-UX 11i v2 and HP-UX
11i v3
Table 2 Publishing history details (continued)
Document Manufacturing Part
Number
5900-1282
5990-5097
B8725-90143
Operating Systems
Supported
11i v3
v2, and HP-UX 11i v3
v2, and HP-UX 11i v3
Publication DateSupported Product
Versions
December 2010A.03.01HP-UX 11i v2 and HP-UX
March 2010A.02.04HP-UX 11i v1, HP-UX 11i
May 2009A.02.04HP-UX 11i v1, HP-UX 11i
January 2008A.02.03.0311i v1, v2 and v3B8725-90133
June 2007A.02.03.0111i v2 and v3B8725-90118
February 2007A.02.0311i v1, v2 and v3B8725-90110
August 2006A.02.0311i v1, v2B8725-90103
April 2006A.02.0211i v1, v2B8725-90101
October 2005A.02.0211i v1, v2B8725-90093
February 2005A.02.01.0111i v1, v2B8725-90079
December 2004A.02.0111i v1, v2B8725-90074
June 2004A.01.11.0111.0, 11i v1, v2B8725-90063
February 2004A.01.1111.0, 11i v1, v2B8725-90061
Document organization
This manual describes how to install, configure, administer and use the HP CIFS Server product.
The manual is organized as follows:
Chapter 1 Introduction to the HP CIFS Server Use this chapter to obtain a summary and an
introduction of HP CIFS Server architecture, available documentation resources
and product organization roadmap.
Chapter 2 Installing and Configuring the HP CIFS Server Use this chapter to learn how to
install, configure the HP CIFS Server product.
Chapter 3 Managing HP-UX File Access Permissions from Windows NT/XP Use this chapter
to understand how to use Windows NT and XP clients to view and change UNIX
file permissions and POSIX Access Control List on an HP CIFS Server.
Chapter 4 NT Style Domains Use this chapter to learn how to set up and configure the HP
CIFS Server as a PDC or BDC. This chapter also describes the process for joining
an HP CIFS Server to an NT style domain, Samba domain, or a Windows
2003/2008 R2 ADS domain as a pre-Windows 2000 compatible computer.
Chapter 5 Windows 2003 and Windows 2008 Domains Use this chapter to understand the
process for joining an HP CIFS Server to a Windows 200x Domain using Kerberos
security.
Chapter 6 LDAP-UX Integration Support Use this chapter to learn how to install, configure
and verify the HP Netscape Directory, HP LDAP-UX Integration product and HP
CIFS Server software with LDAP feature support.
Chapter 7 Winbind Support Use this chapter to learn how to set up and configure the HP
CIFS Server with the winbind support.
September 2003A.01.1011.0, 11i v1, v2B8725-90053
March 2002A.01.0811.0, 11i v1B8725-90021
Document organization 11
Chapter 8 Kerberos Support Use this chapter to understand configuration detail which can
be used when HP CIFS Server co-exists with other HP-UX applications that make
use of the Kerberos security protocol.
Chapter 9 HP CIFS Deployment Models This chapter describes three HP CIFS deployment
models: Samba Domain, Windows Domain, and Unified Domain. Examples of
configuration files for each deployment model are provided for reference.
Chapter 10 Securing HP CIFS Server Use this chapter to understand the network security
methods that you can use to protect your HP CIFS Server.
Chapter 11 Configuring HA HP CIFS Use this chapter to understand the procedures required
to configure the active-standby or active-active High Availability configuration.
Chapter 12 HP-UX Configuration for HP CIFS This chapter provides guidance for configuring
and optimizing the HP-UX kernel and system for use with HP CIFS.
Chapter 13 Tool Reference This chapter describes tools for management of Samba user, group
account database.
HP welcomes your comments
HP welcomes your comments and suggestions on this document. We are truly committed to provide
documentation that meets your needs. You can send comments to: docsfeedback@hp.com
Please include the following information along with your comments:
• The complete title of the manual and the part number. The part number appears on the title
page of printed and PDF versions of a manual.
• The section numbers and page numbers of the information on which you are commenting.
• The version of HP-UX that you are using.
12
1 Introduction to the HP CIFS Server
This chapter provides a general introduction to this document, HP CIFS, information about Samba,
the Open Source Software suite upon which the HP CIFS server is based, HP enhancements to the
Samba source, along with the various documentation resources available for HP CIFS.
HP CIFS Server description and features
The HP CIFS Server product implements many Windows Servers features on HP-UX. The Microsoft
Common Internet File System (CIFS) protocol, sometimes called Server Message Block (SMB), is a
Windows network protocol for remote file and printer access. Because the HP CIFS Server product
gives HP-UX access to the CIFS protocol, HP CIFS Server enables HP-UX to interoperate in network
environments exposed to Windows clients and servers by means of a Windows native protocol.
The HP CIFS Server source is based on Samba, an Open Source Software (OSS) project first
developed in 1991 by Andrew Tridgell. Samba has been made available to HP and others under
the terms of the GNU Public License (GPL). The goal of GPL software is to encourage the cooperative
development of new software. To learn about the GNU Public License, refer to the web site at
http://www.fsf.org. A Samba team continues to update the Samba source. To learn about the
Samba team, visit their web site at http://www.samba.org.
Features
HP CIFS Server merges the HP-UX and Windows environments by integrating HP-UX and Windows
features as follows:
• Authentication Mechanisms and Secure Communication Methods including:
Netscape Directory Server/Red Hat Directory Service (NDS/RHDS) via LDAP◦
◦ Windows Active Directory Services (ADS)
◦ Kerberos, NTLMv2, and SMB Signing Support
◦ HP CIFS internal mechanisms to facilitate HP-UX and Windows compatibility such as
username mapping, winbind, and idmap_rid.
• File System Access Support
• Network Printer Access Support
• Domain Features and “Network Neighborhood” Browsing
HP CIFS Server A.03.02.00 release supports the following new features:
• Full support for SMB2
SMB2 within Samba is implemented with a brand new asynchronous server architecture,
allowing Samba to display the performance enhancements SMB2 brings to Microsoft networking
technology.
• Improved Printing Support
Print subsystem has been rewritten to use automatically generated RPCs and provides greater
compatibility with the Windows SPOOLSS print subsystem architecture, including export of
printer data via registry interfaces.
HP CIFS Server description and features 13
• Simplified Identity Mapping
For this release, ID mapping has been rewritten yet again with the goal of making the
configuration simpler and more coherent while keeping the needed flexibility and even adding
to the flexibility in some respects.
• Caching of user credentials by winbind
Winbind allows to logon using cached credentials.
Integrated authentication mechanisms means that administrators can centrally manage both UNIX
and Windows users, groups, and user attributes on their choice of Windows ADS, NT, NDS/RHDS,
or HP CIFS Server’s tdbsam or smbpasswd account databases. The CIFS clients can have their
users authenticated through a single Windows interface enabling HP-UX and Windows server
resource access by means of secure communication channels.
Integrated file system access means that users can use Windows clients and interfaces including
Windows GUIs and applications such as Microsoft Office to read, write, copy, or execute files on
HP-UX and Windows clients and servers. Users and administrators can use Windows to set access
control rights on files stored on HP-UX.
Integrated printer access means that users can publish and find network printers, download drivers
from HP-UX systems, and print to printers with Windows interfaces.
Integrated domain features and network neighborhood means that HP-UX Servers and their file
systems can participate in Windows NT or Windows 2003/2008 R2 ADS domain and can be
found through Windows interfaces along Windows resources. HP CIFS Servers can also present
their own domain.
Samba open source software and HP CIFS Server
Since the HP CIFS Server source is based on Samba open source software, it gains the advantages
of the evolutionary growth and improvement efforts of Samba developers around the world. In
addition, HP CIFS Server also provides the following support:
• Includes Samba defect fixes and features only when they meet expectations for enterprise
reliability.
• Provides HP developed defect fixes and enhancement requests for HP customers.
• Source is compiled and tuned specifically for the HP-UX platform and integrated with the latest
HP-UX environments.
• Adds customized scripts and Serviceguard templates for HP-UX environments.
• Provides documentation specifically for HP-UX users.
Flexibility
In order to accommodate a great variety of environments, HP CIFS Server provides many features
with hundreds of configuration options. Various management tools are available to establish and
control CIFS attributes. Chapter 13, “Tool Reference”, explains the management tools. Chapter 2,
“Installing and Configuring the HP CIFS Server”, discusses the installation and configuration process.
You must first understand the deployment environment and choose the appropriate features for
your server. The concept of “Samba Domain”, “Windows Domain”, and “Unified Domain” models
was developed to assist in deploying HP CIFS Server based on the particulars of various popular
network environments. Hence, Chapter 9, “HP CIFS Deployment Models”, describes each model
and the relevant configuration parameters required to establish servers in each deployment model.
Windows domain concepts are applied within the deployment models. HP CIFS Servers can
participate in either older NT style or newer Windows 2003/Windows 2008 style domains.
Chapter 4, “NT Style Domains”, describes how an HP CIFS Server can participate in an NT style
14 Introduction to the HP CIFS Server
domain. Chapter 5, “Windows 2003 and Windows 2008 Domains”, describes how an HP CIFS
Server joins a Windows 2003 or a Windows 2008 domain as an ADS domain member server.
HP CIFS Server manages a given configuration using a configuration file, /etc/opt/samba/
smb.conf (by default) which contains configuration parameters set appropriately for the specific
installation. HP CIFS Server must also maintain internal data (including Trivial Data Base (TDB))
files and log files in the /var/opt/samba directory (by default). See Table 1-2, Table 4 (page
17), for the full HP CIFS Server product layout.
HP CIFS Server documentation: Printed and Online
The set of documentation that comprises the information you will need to explore the full features
and capabilities of the HP CIFS product consists of non-HP books available at most technical
bookstores, and this printed and online manual HP CIFS Server Administrator's Guide available
on the following web site:
http://www.docs.hp.com
A list of current recommended non-HP Samba documentation is:
• The Official Samba-3 HOWTO and Reference Guide by John H. Terpstra and Jelmer R.
Vernooij, Editors, ISBN: 0-13-145355-6.
• Samba-3 By Example Practical exercises to Successful Deployment by John H. Terpstra, ISBN:
0-13-147221-6.
• Using Samba, 2nd Edition Robert Eckstein, David Collier-Brown, Peter Kelly and Jay Ts.
(O'Reilly, 2000), ISBN: 0-596-00256-4..
• Samba, Integrating UNIX and Windows by John D Blair (Specialized Systems Consultants,
Inc., 1998), ISBN: 1-57831-006-7.
• Samba Web site: http://www.samba.org/samba/docs.
When using the HP CIFS product, HP recommends that you refer to The Samba HOWTO Collection
and Samba-3 by Example, shipped with the product in the /opt/samba/docs directory. The
book, Using Samba, 2nd Edition, can also be found in /opt/samba/swat/using_samba. All
three books are also available through Samba Web Administration Tool (SWAT).
IMPORTANT: The book Using Samba, 2nd Edition describes a previous version of Samba
(V.2.0.4). However, much of the information in Using Samba, 2nd Edition is applicable to this
version of the CIFS Server. Readers should always use the HP-provided Samba man pages or the
SWAT help facility for the most definitive information on the HP CIFS server.
NOTE: Please note that non-HP Samba documentation sometimes includes descriptions of features
and functionality planned for future releases of Samba, or that are only offered on certain operating
system platforms. The authors of these books do not always provide information indicating which
features are in existing releases and which features will be available in future Samba releases, or
are specific to a particular operating system.
HP CIFS documentation roadmap
Use the following road map to locate the Samba and HP CIFS documentation that provides details
of the features and operations of the HP CIFS Server.
Table 3 Documentation roadmap
Server Description
Document Title: Chapter: SectionHP CIFS Product
HP CIFS Server Administrator's Guide: Chapter 1, "Introduction to the HP
CIFS Server"
Samba Meta FAQ No. 2, "General Information about Samba"
Samba FAQ No. 1, "General Information"
HP CIFS Server documentation: Printed and Online 15
Table 3 Documentation roadmap (continued)
Document Title: Chapter: SectionHP CIFS Product
Samba Server FAQ: No. 1, "What is Samba"
Using Samba: Chapter 1, "Learning the Samba"
Samba Man Page: samba(7)
HP CIFS Client Administrator's Guide: Chapter 1, "Introduction to the HP
CIFS Client"
Client Description
HP Add-on Features
Server Installation
Client Installation
Samba GUI Administration Tools
Server Configuration
Client Configuration
Server deployment models
HP CIFS Client Administrator's Guide: Chapter 1, "Introduction to the HP
CIFS Client"
HP CIFS Server Administrator's Guide: Chapter 1 "Introduction to the HP
CIFS Server," Section: "HP CIFS Enhancements to the Samba Server Source"
and Chapter 3, "Access Control Lists (ACLs)."
HP CIFS Client Administrator's Guide: Chapter 1, "Introduction to the HP
CIFS Client,". Sections: "HP CIFS Extensions" and "ACL Mappings."
HP CIFS Server Administrator's Guide: Chapter 2. "Installing and
Configuring the HP CIFS Server"
Samba FAQ: No 2, "Compiling and Installing Samba on a UNIX Host."
HP CIFS Client Administrator's Guide: Chapter 2. "Installing and Configuring
the HP CIFS Client"
Samba HOWTO and Reference Guide: Chapter 30, "SWAT - The Samba
Web Administration Tool" or Using Samba: Chapter 2, "Installing Samba
on a Unix System"
HP CIFS Server Administrator's Guide: Chapter 2, "Installing and
Configuring the HP CIFS Server"
HP CIFS Client Administrator's Guide: Chapter 2, "Installing and Configuring
the HP CIFS Client"
HP CIFS Server supports three deployment models: Samba Domain Model,
Windows Domain Model and Unified Domain Model. See HP CIFS Server
Administrator's Guide: Chapter 9, "HP CIFS Deployment Models"
Server: Samba Scripts
SMB & CIFS File Protocols
Client Utilities
Server Printing
HP CIFS Client Administrator's Guide: Chapter 8, "PAM NTLM"Configuration: PAM
HP-UX Man page: pam(3)
HP-UX Man page: pam.conf
HP CIFS Server Administrator's Guide, Chapter 2Server: Starting & Stopping
HP CIFS Client Administrator's Guide, Chapter 2.Client: Starting & Stopping
Using Samba: Appendix D, "Summary of Samba Daemons and Commands"
for detailed information about the command-line parameters for Samba
programs such as smbd, nmbd, smbstatus and smbclient.
HP CIFS Client Administrator's Guide: Chapter 9, "HP CIFS Deployment
Domain Models"
Using Samba: Chapter 1, "Learning the Samba"SMB & CIFS Network Design
Samba Meta FAQ No. 4, "Designing an SMB and CIFS Network"
Refer to man pages in SWATSamba Man Pages
Samba HOWTO and Reference GuideServer Utilities
HP CIFS Client Administrator's Guide: Chapter 5, "Command-line Utilities"
Samba HOWTO and Reference Guide: Chapter17, "classic Printing
Support"
16 Introduction to the HP CIFS Server
Table 3 Documentation roadmap (continued)
Document Title: Chapter: SectionHP CIFS Product
Server Browsing
Client Troubleshooting
NIS and HP CIFS
Refer to Chapter 9, "Network Browsing" in Samba HOWTO and Reference
Guide for a description of browsing functionality and all browing options.
HP CIFS Client Administrator's Guide: Chapter 11, "Securing CIFS Server".Server Security
Part V, Troubleshooting, Samba HOWTO and Reference GuideServer Troubleshooting
Using Samba, "Chapter 9, Troubleshooting Samba"
Samba FAQs No. 4, "Specific Client Application Problems" and No 5,
"Miscellaneous" DIAGNOSIS.txt in the /opt/samba/docs directory
Samba Man page: debug2html(1), smbd(8), nmbd(8), smb.conf(5)
HP CIFS Client Administrator's Guide: Chapter 6, "Troubleshooting and
Error Messages"
HP CIFS now works with NIS and NIS+. For detailed information on special
options, refer to Samba HOWTO and Reference Guide.
HP CIFS Server file and directory roadmap
The default base installation directory of HP CIFS Server product is /opt/samba. The HP CIFS
configuration files are located in the directory /etc/opt/samba. The HP CIFS log files and any
temporary files are created in /var/opt/samba.
Table 1-2 briefly describes the important directories and files that comprise the CIFS Server.
Table 4 Files and directory description
/opt/samba
/opt/samba_src
/opt/samba/bin
/opt/samba/script
/opt/samba/swat
/opt/samba/HA
/var/opt/samba
/etc/opt/samba
/etc/opt/samba/smb.conf
DescriptionFile/Directory
This is the base directory for most of the HP CIFS Server
product files.
This is the directory that contains the source code for the
HP CIFS Server (if the source bundle was installed).
This is the directory that contains the binaries for HP CIFS
Server, including the daemons and utilities.
This directory contains the man pages for HP CIFS Server./opt/samba/man
This directory contains various scripts which are utilities
for the HP CIFS Server.
This directory contains html and image files which the
Samba Web Administration Tool (SWAT) needs.
This directory contains example High Availability scripts,
configuration files, and README files.
This directory contains the HP CIFS Server log files as well
as other dynamic files that the HP CIFS Server uses, such
as lock files.
This directory contains configuration files which the HP
CIFS Server uses, primarily the smb.conf file.
This is the main configuration file for the HP CIFS Server
which is discussed in great detail elsewhere.
/etc/opt/samba/smb.conf.default
/opt/samba/LDAP3
This is the default smb.conf file that ships with the HP CIFS
server. This can be modified to fit your needs.
This directory contains files which HP CIFS Server uses
for LDAP integration support.
HP CIFS Server file and directory roadmap 17
Table 4 Files and directory description (continued)
DescriptionFile/Directory
/opt/samba/COPYING, /opt/samba_src/COPYING,
/opt/samba_src/samba/COPYING
/sbin/init.d/samba
/etc/rc.config.d/samba
/sbin/rc2.d/S900samba, /sbin/rc1.d/K100samba
These are copies of the GNU Public License which applies
to the HP CIFS Server.
This is the script that starts HP CIFS Server at boot time
and stops it at shutdown (if it is configured to do so).
This text file configures whether the HP CIFS server starts
automatically at boot time or not.
These are links to /sbin/init.d/samba which are actually
executed at boot time and shutdown time to start and stop
the HP CIFS Server, (if it is configured to do so).
18 Introduction to the HP CIFS Server
2 Installing and configuring the HP CIFS Server
This chapter describes the procedures to install and configure the HP CIFS Server software. It
contains the following sections:
• HP CIFS Server Requirements and Limitations
• Step 1: Installing HP CIFS Server Software
• Step 2: Running the Configuration Script
• Step 3: Modify the Configuration
• Step 4: Starting the HP CIFS Server
HP CIFS Server requirements and limitations
Prior to installing the HP CIFS product, check that your system can accommodate the following
product requirements and limitations.
HP CIFS Server installation requirements
The HP CIFS Server requires approximately 215 MB of disk space for installation on an HP-UX 11i
v3 system. The HP CIFS Server source code files requires approximately 36 MB of disk space.
NOTE: The CIFS Server source code files are not required for execution of HP CIFS Server. You
can choose not to install them or you can remove them after installation at the following location:
/opt/samba_src
HP CIFS Server memory requirements
An smbd process is usually created for each new connection. Each smbd requires about 4 MB of
system memory on HP-UX 11i v3.
The smbd process may now also allocate memory for specialized caching requirements as needed.
The size and timing of these memory allocations vary widely depending on the client type and the
resources being accessed. However, most client access patterns will not trigger such specialized
caching. System administrators should routinely monitor memory utilization in order to evaluate
this dynamic memory behavior. You may need to adjust HP-UX server memory configurations to
accommodate these changes while upgrading from previous versions.
See Chapter 12, "HP-UX Configuration for HP CIFS" in this manual for more detailed information.
Software requirements
The following describes software requirements:
• HP CIFS Server A.02.04.02 or later requires LDAP-UX Integration product, J4269AA, to be
installed.
• Kerberos v5 Client E.1.6.2.10 or later is required to support HP CIFS Server integration with
a Windows 2003 or Windows 2008 ADS Domain Controller (DC) on HP-UX 11i v3.
Swap space requirements
Due to the one-process-per-client model of HP CIFS, perhaps the most stringent requirement imposed
on the system is that of swap space. HP-UX reserves a certain amount of swap space for each
process that is launched, to prevent it from being aborted in case it needs to swap out some pages
during times of memory pressure. Other operating systems, only reserve swap space when it is
needed. This results in the process not finding the swap space that it needs, in which case it has
to be terminated by the OS.
HP CIFS Server requirements and limitations 19
Each smbd process will reserve about 2 MB of swap space and depending on the type of client
activity, process size may grow up to 4 MB of swap space. For a maximum of 2048 clients, 4 *
2048 or about 8 GB of swap space would be required. Therefore, HP recommends configuring
enough swap space to accommodate the maximum number of simultaneous clients connected to
the HP CIFS server.
Memory requirements
Each smbd process requires approximately 4 MB of memory on HP-UX 11i v3. For 2048 clients,
therefore, the system must have at least 8 GB of physical memory. This is over and above the
requirements of other applications that will be running concurrent with HP CIFS.
Step 1: Installing HP CIFS Server software
If the HP CIFS Server software has been pre-installed on your system, you may skip Step 1 and go
directly to "Step 2: Running the Configuration Script".
HP CIFS Server Upgrades:
If you are upgrading an existing HP CIFS Server configuration, HP recommends that you create a
backup copy of your current environment. The SD install procedure may alter or replace your
current configuration files. All files under /var/opt/samba, /etc/opt/samba and /opt/samba
must be saved in order to ensure that you will be able to return to your current configuration, if
necessary. For example:
$ stopsmb
or if winbind is in use, then do:
$ stopsmb -w
$ mkdir /tmp/cifs_save
$ tar -cvf /tmp/cifs_save/var_backup.tar /var/opt/samba
$ tar -cvf /tmp/cifs_save/etc_backup.tar /etc/opt/samba
$ tar -cvf /tmp/cifs_save/optsamba_backup.tar /opt/samba
Do not use the -o option with the tar command. This will ensure proper file ownership.
If a problem with the upgrade does occur, use SD to remove the entire HP CIFS Server product
and restore your previous backup version. Once this is done, you may restore the saved
configuration files and the HP CIFS Server. For example:
$ tar -xvf /tmp/cifs_save/var_backup.tar
$ tar -xvf /tmp/cifs_save/etc_backup.tar
$ tar -xvf /tmp/cifs_save/optsamba_backup.tar
This procedure is not intended to replace a comprehensive backup strategy that includes user data
files.
If you are in security = domain, or security = ads mode, it will probably be necessary
to re-join an HP CIFS Server to the domain once you restore your previous backup version. See
“Windows style domains” (page 57) and “Windows 2003 and Windows 2008 domains” (page
71) for details on how to re-join an HP CIFS Server to a Windows domain.
Overview:
Installation of the HP CIFS Server software includes loading the HP CIFS Server filesets using the
swinstall(1M) utility, completing the HP CIFS configuration procedures, and starting Samba using
the startsmb script.
Installing From a Software Depot File:
To install the HP CIFS Server software from a depot file, such as those downloadable from
http://www.hp.com/go/softwaredepot, enter the following at the command line:
20 Installing and configuring the HP CIFS Server
swinstall options -s /path/filename ProductNumber
Where the ProductNumber is CIFS-SERVER for HP-UX 11i v3.
options is -x autoreboot=true
path must be an absolute path, it must start with /, for example,/tmp.
filename is the name of the downloaded depot file, usually a long name of the form:
CIFS-SERVER_A.03.02.00_HP-UX_B.11.31_IA_PA.depot
An example
For example, to install HP CIFS Server A.03.02.00 on an HP-UX 11i v3 system from a downloaded
depot file, enter the following command:
swinstall -x autoreboot=true \
-s /tmp/CIFS-SERVER_A.03.02.00_HP-UX_B.11.31_IA_PA.depot CIFS-SERVER
Step 2: Running the configuration script
The samba_setup configuration script is intended for new installations only. Prior to running the
samba_setup configuration script, you must obtain some basic configuration information and might
need to install additional software based on the HP CIFS deployment domain model you use. You
need to supply the following before you run the samba_setup script:
• Decide whether an HP CIFS to be a WINS server or not.
• Obtain the WINS IP address if the HP CIFS accesses an existing WINS server.
• Provide the following global LDAP parameters information if you choose to use an LDAP
backend:
◦ the fully qualified distiguished name for the LDAP directory server
◦ ldap SSL
◦ ldap suffix
◦ ldap user suffix
◦ ldap group suffix
◦ ldap admin dn
For detailed information on how to configure LDAP parameters, see “LDAP integration support”
(page 81).
• Obtain the name of your HP CIFS Server.
• Provide the following information if you choose to use the Windows NT4 domain:
the name of your domain◦
◦ the name of your Primary Domain Controller (PDC)
◦ the names of Backup Domain Controllers (BDCs)
◦ administrator user name and password
See “Windows style domains” (page 57) for detailed.
Step 2: Running the configuration script 21
• Provide the following information if you choose to use the Windows Active Directory Server
(ADS) realm:
◦ the name of your realm
◦ the name of your Domain Controller
◦ administrator user name and password
◦ LDAP-UX Integration product is installed
◦ Ensure that the most recent Kerberos client product is installed
For detailed information on how to join an HP CIFS Server to a Windows 2000/2003 Domain
using Kerberos security, see “Windows 2003 and Windows 2008 domains” (page 71).
• Select the following authentication security type if you attempt to use the workgroup
environment:
◦ Server-level security: When this security type is specified, password authentication is
handled by another SMB password server. When a client attempts to access a specific
share, Samba checks that the user is authorized to access the share. Samba then validates
the password via the SMB password server.
NOTE: HP does not recommend you use the server-level security type, this security type
will be unavailable in the future.
◦ User-level security: When this security type is specified, each share is assigned specific
users. When a request is made for access, Samba checks the user's user name and
password against a local list of authorized users and only gives access if a match is
made.
◦ Share-level security: When this security type is specified, each share (directory) has at
least one password associated with it. Anyone with a password will be able to access
the share. There are no other access restrictions.
• Run the Samba configuration script using the command below.
/opt/samba/bin/samba_setup
The script will modify the smb.conf file according to the information that you have entered.
Step 3: Modify the configuration
Configuration modification
HP CIFS Server requires configuration modifications for the following functionality:
• Case Sensitivity for the Client and Server for UNIX Extensions
• DOS Attribute Mapping
• Print Services for version A.03.02.00
• Distributed File System (DFS) Support
• Configure MC/ServiceGuard High Availability (HA)
Configure case sensitivity
By default, the HP CIFS Server is configured to be case insensitive, like Windows.
NOTE: HP recommends that when using CIFS Extensions for UNIX, both the CIFS Client and
Server be configured to be case sensitive.
22 Installing and configuring the HP CIFS Server
For the CIFS Server, edit the server configuration file: /etc/opt/samba/smb.conf as follows.
case sensitive = yes
For the CIFS Client configuration, in the /etc/opt/cifsclient/cifsclient.cfg file, ensure the following
default is set:
caseSensitive = yes
map system, map hidden and map archive Attributes
There are three parameters, map system, map hidden, and map archive, that can be configured
in Samba to map DOS file attributes to owner, group, and other execute bits in the UNIX file
system.
When using the CIFS Client, you may want to have all three of these parameters turned off. If the
map archive parameter is on, any time a user writes to a file, the owner execute permission will
be set. This is usually not desired behavior for HP CIFS clients or UNIX clients in general.
By default, map system and map hidden are off, and map archive is on.
To turn map archive off, modify /etc/opt/samba/smb.conf as follows:
map archive = no
map readonly attribute
The smb.conf parameter, map readonly, controls how the DOS read only attribute should be
mapped from a UNIX files system.
Three valid settings for this parameter are:
yes The read only DOS attribute is mapped to the inverse of the user (owner) write
bit in the UNIX permission mode set. If the owner write bit is not set, the read
only attribute is reported as being set on the file.
permissions The read only DOS attribute is mapped to the effective permissions of the
connecting user, as evaluated by reading the UNIX permissions and POSIX ACL
(if present). If the connecting user does not have permission to modify the file,
the read only attribute is reported as being set on the file.
no The read only DOS attribute is unaffected by permissions.
By default, the map readonly attribute is set to “yes”. Samba uses user (owner) access permission
to determine whether a file is read only. The file access permission is determined by the POSIX
write access permission for user (owner). If the write permission on a file is not set for the user
(owner), then Samba treats that file as read-only. Once Samba identifies a file as read-only, any
write access attempting to that file would immediately result in access denied error. Group members
are unable to write to a file with UNIX write access permission disabled for the user (such as 070
or 060).
If you set this parameter to “permissions”, the file access permissions for group members will
be evaluated by validating UNIX group permissions. Group members can write to files with UNIX
write permission enabled for the group (such as 060 or 070). The smb.conf parameter, store
dos attributes, must be set to No (default), otherwise, the map readonly parameter setting
will be ignored.
Step 3: Modify the configuration 23
Configure for SMB2 Features
Table 5 List of SMB2 parameters
DefaultDescriptionParameter Name
max protocol = SMB2
smb2 max read
smb2 max write
smb2 max trans
This parameter enables SMB2
protocol. We can test SMB2 feature
only with Windows 7 or windows
vista client.
smb2 max read = 65536This option specifies the protocol
value that smbd(8) will return to a
client, informing the client of the
largest size that may be returned by
a single SMB2 read call.
NOTE: Currently this parameter is
hardcoded to 65536 and cannot be
configured.
smb2 max write = 65536This option specifies the protocol
value that smbd(8) will return to a
client, informing the client of the
largest size that may be sent to the
server by a single SMB2 write call.
NOTE: Currently this parameter is
hardcoded to 65536 and cannott be
configured.
smb2 max trans = 65536This option specifies the protocol
value that smbd(8) will return to a
client, informing the client of the
largest size of buffer that may be
used in querying file meta-data via
QUERY_INFO and related SMB2
calls.
smb2 max credits
number of outstanding simultaneous
SMB2 operations that Samba tells
the client it will allow. You should
never need to set this parameter.
async smb echo handler
Samba should fork the async smb
echo handler. It can be beneficial if
your file system can block syscalls for
a very long time. In some
circumstances, it prolongs the timeout
that Windows uses to determine
whether a connection is dead.
Configuring print services for HP CIFS version A.03.02.00
This section provides information about configuring Print Services on systems running HP CIFS
version A.03.02.00. The HP CIFS Server now provides the following NT printing functionality:
• Support for Windows Access Control Lists (ACL) on printer objects
Information about setting up and configuring each of the Print Services (except ACLs) is shown in
the following sections. Information about configuring ACL Support is discussed in a previous section.
Configuring a [printers] share
The following is a minimal printing setup. Use either one of the following two procedures to create
a [printers] share:
smb2 max credits = 8192This option controls the maximum
async smb echo handler = noThis parameter specifies whether
24 Installing and configuring the HP CIFS Server
1. SWAT (Samba Administration Tool)
-or-
2. Create a [printers] share in the /etc/opt/samba/smb.conf file. Refer to the following example:
[hpdeskjet]
path = /tmp
printable = yes
Where "hpdeskjet" is the name of the printer to be added.
Creating a [printers] share
Configure a [printers] share in the /etc/opt/samba/smb.conf file. Refer to the following example:
[printers]
path = /tmp
printable = yes
browseable = no
This share is required if you want the printer's list to be displayed in SWAT, which is not defined
in the smb.conf file, but exists on the HP CIFS Server. If this share is not defined, the printer's list
will display only those printer shares which are defined in the smb.conf file.
Setup Server for automatically uploading printer driver files
In order to add a new driver to your Samba host using version A.03.01.04 of the software, one
of two conditions must hold true:
1. The account used to connect to the Samba host must have a uid of 0 (i.e. a root account),
or...
2. The account used to connect to the Samba host must be a member of the printer admin list.
This will require a [global] smb.conf parameter as follows:
printer admin = netadmin
The connected account must still possess access to add files to the subdirectories beneath [print$].
Keep in mind that all files are set to 'read only' by default, and that the printer admin parameter
must also contain the names of all users or groups that are going to be allowed to upload drivers
to the server, not just 'netadmin'.
The following is an example of the other parameters required:
1. Create a [print$] share in the smb.conf file that points to an empty directory named
"/etc/opt/samba/printers" on the HP CIFS Server. Refer to the following example:
[print$]
path = /etc/opt/samba/printers
browseable = yes
guest ok = yes
read only = yes
write list = netadmin
In this example, the parameter "write list" specifies that administrative lever user accounts will
have write access for updating files, on the share.
2. Create the subdirectory tree, under the [print$] share, for each architecture that needs to be
supported. Refer to the following example:
cd /etc/opt/samba/printers
mkdir W32X86
mkdir Win40
Step 3: Modify the configuration 25
There are two possible locations (subdirectories) for keeping driver files, depending upon
what version of Windows the files are for:
For Windows NT, XP, Windows 2000, Vista, or Windows 7 driver files, the files will be stored
in the /etc/opt/samba/printers/W32X86 subdirectory.
For Windows 9x driver files, the files will be stored in the /etc/opt/samba/printers/Win40/0
subdirectory.
Setup Client for automatically uploading of printer drivers
Printer driver files can be automatically uploaded from disk to the printers on a HP CIFS Server.
Here are the steps:
1. Connect to CIFS Server by running the \\[server name] command or browse to CIFS
Server through Network Neighborhood.Make sure you are connected as a member of
the printer admin list.
2. From the CIFS Server, double click on the "Printers" or "Printers and Faxes" folder. A list of
printers available from your CIFS Server will be shown in the folder. Viewing the printer
properties will result in the error message:
The printer driver is not installed on this computer. Some printer
properties will not be accessible unless you install the printer
driver. Do you want to install the driver now?
3. Click "no" in the error dialog and the printer properties window will be displayed.
4. Click on the 'Advanced' tab, then the 'New Driver..." button.
5. Select the printer driver e.g. hp LaserJet 5i. You will be asked for the driver files. Give the
path where the driver files are located. The driver files will be uploaded from the disk, and
stored into the subdirectories under the [print$] share.
Publishing printers in an MS Windows 2003/2008 R2 ADS domain
Publishing printers makes HP CIFS Server printers searchable in an Microsoft Windows 2003/2008
R2 ADS domain. If a Windows client is a domain member of the ADS domain, that client can
search for the printer and install it.
Setting up HP CIFS Server for publishing printers support
Use the following procedures to set up an HP CIFS Server for publishing printers support:
1. Create the printer shares for each printer and a [printers] share in the smb.conf file.
The following is an example of a [printers] share:
[printers]
path = /tmp
printable = yes
browseable = yes
See the following example for settng up a specific printer share, where lj1005 is the name
of the printer:
[lj1005]
path = /tmp
printable = yes
2. Create a [print$] share in the smb.conf file and set the path parameter to a directory named
/etc/opt/samba/printers. See the following example:
[print$]
path = /etc/opt/samba/printers
use client driver = no
26 Installing and configuring the HP CIFS Server
browseable = yes
guest ok = yes
read only = yes
write list = netadmin
In the above example, the write list parameter specifies that administrative level user
account has write access for updating files on this share. The use client driver parameter
must be set toNo.
3. Configure the printer admin parameter to specify a list of domain users that are allowed
to connect to an HP CIFS Server. See the following example:
[global]
printer admin = cifsuser1,cifsuser2
4. If the HP CIFS Server is not yet a member of the ADS domain, then run the net ads join
-U Administrator%password command to join an HP CIFS Server to the ADS domain
as a domain member server. See section "Join an HP CIFS Server to a Windows 2000/2003
Domain as an ADS Member Server" in “Windows 2003 and Windows 2008 domains” (page
71) for details.
Publishing printers from a windows client
Use the following procedures to publish printers from a windows client which is a domain member
of the ADS domain:
1. Log in to your window client as a user who is a member of the printer admin list. For example,
the user's name is cifsuser1.
2. Click on start.
3. Click on the run tab.
4. Type \\<HP CIFS Server name> in the open box to connect to an HP CIFS Server. For
example, type \\hpserverA. hpserverA is the name of an HP CIFS Server.
5. Click on the printers folder.
6. Double click on a printer and select printer, then the properties tab.
7. Click on sharing tab in the properties windows screen.
8. Check the list in the directory check-box in the sharing windows screen. See the
following screen snapshot for an example:
Step 3: Modify the configuration 27
Figure 1 Publishing printer screen
Verifying that the printer is published
On an HP CIFS Server system, you can run the net ads printer search command to verify
that the printer is published. For example, verify that the printer hpdesklj2 is published, type:
$ net ads printer search hpdesklj2
After you ran the above command, the output is shown as follows:
objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:hpdesklj2
serverName:HPSERVERA
On a windows client, you can also use the following steps to verify that the printer is published:
1. Log in to your window client as a user who is a member of the printer admin list. For example,
the user's name is cifsuser1.
2. Click on start.
3. Click on the search tab.
4. Click on buttons to find network printers.
5. Select the name of the ADS domain in the In box.
6. Click on the find now tab.
28 Installing and configuring the HP CIFS Server
Commands used for publishing printers
This section describes the net ads printer command used for publishing printers support on
an HP CIFS Server.
Searching printers
To search a printer across the entire Windows 2003/2008 R2 ADS domain, run the following
command:
$ net ads printer search <printer_name>
Without specifying the printer name, the command searches all printers available on the ADS
domain.
For example, the following command searches all printers available on the ADS domain:
$ net ads printer search
After you ran the above command, the output is shown as follows:
objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:hpdesklj2
serverName:HPSERVERA
objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:lj1005
serverName:HPSERVERA
objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:lj3200
serverName:HPSERVERB
Removing a printer
To remove a printer from the ADS domain, run the following command:
$ net ads printer remove <printer_name>
For example, the following command removes the printer lj1005 from the ADS domain:
$ net ads printer remove lj1005
Re-Publishing a printer
To publish a printer for the first time, you must use the procedures described in section "Publishing
Printers from a Windows Client". If you remove a printer, you can use the following command to
re-publish it:
$ net ads printer publish <printer_name>
For example, the following command re-publishes the printer lj1005 to the ADS domain:
$ net ads printer publish lj1005
Setting up Distributed File System (DFS) support
This section will provide the procedures for:
• Setting up a DFS Tree on a HP CIFS Server
• Setting up DFS Links in the DFS root directory on a HP CIFS Server
Step 3: Modify the configuration 29
NOTE: HP does not recommend filesharing of the root directory. Only subdirectories under the
root should be set up for filesharing.
Setting up a DFS Tree on a HP CIFS Server
After the DFS Tree is set up using this procedure, users on DFS clients can browse the DFS tree
located on the HP CIFS Server at \\servername\DFS.
1. Select a HP CIFS Server to act as the Distributed File System (DFS) root directory.
2. Configure a HP CIFS server as a DFS server by modifying the smb.conf file to set the global
parameter host msdfs to yes. Example:
[global]
host msdfs = yes
3. Create a directory to act as a DFS root on the HP CIFS Distributed File System (DFS) Server.
4. Create a share and define it with the parameter path = directory of DFS root in the
smb.conf file. Example:
[DFS]
path = /export/dfsroot
5. Modify the smb.conf file and set the msdfs root parameter to yes. Example:
[DFS]
path = /export/dfsroot
msdfs root = yes
Setting up DFS links in the DFS root directory on a HP CIFS Server
A Distributed File System (DFS) root directory on a HP CIFS Server can host DFS links in the form
of symbolic links which point to other servers.
Before setting up DFS links in the DFS root directory, you should set the permissions and ownership
of the root directory so that only designated users can create, delete or modify the DFS links.
Symbolic link names should be all lowercase. All clients accessing a DFS share should have the
same user name and password.
An example for setting up DFS links follows:
1. Use the ln command to set up the DFS links for "linka" and "linkb" on the /export/dfsroot
directory. Both "linka" and "linkb" point to other servers on the network. Example commands:
cd /export/dfsroot
chown root /export/dfsroot
chmod 775 /export/dfsroot
ln -S msdfs:serverA\\shareA linka
ln -S msdfs:serverB\\shareB serverC\\shareC linkb
2. If you use the ls -l command on the /export/dfsroot directory, it should show an output similar
to this one:
lrwxrwxrwx l root sys 24 Oct 30 10:20
linka -> msdfs:serverA\\shareA
lrwxrwxrwx l root sys 30 Oct 30 10:25
linkb -> msdfs:serverB\\shareB, serverC\\shareC
In this example, "serverC" is the alternate path for "linkb". Because of this, if "serverB" goes
down, "linkb" can still be accessed from "serverC". "linka" and "linkb" are share names.
Accessing either one will take users directly to the appropriate share on the network.
30 Installing and configuring the HP CIFS Server
Loading...