Novell®
www.novell.com
Novell CIFS for Linux Administration Guide
Open Enterprise Server
novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
2 SP2
November, 2009
OES 2 SP2: Novell CIFS for Linux Administration Guide
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Service Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
novdocx (en) 13 May 2009
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web site (http://www.novell.com/documentation/).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 13 May 2009
novdocx (en) 13 May 2009
4 OES 2 SP2: Novell CIFS for Linux Administration Guide
Contents
About This Guide 9
1 Overview of CIFS 11
1.1 Understanding CIFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2 CIFS and Universal Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3 CIFS Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4 Advantages of Novell CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.5 CIFS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.6 CIFS Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.7 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2What’s New 15
novdocx (en) 13 May 2009
3 Planning and Implementing CIFS 17
3.1 Planning for CIFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2 CIFS System Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.1 Server Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.2 Server Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.3 Client Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.4 Package Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.3 Constraints, Limitations, and Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.3.1 Co-existence Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.4 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4 Installing and Setting Up CIFS 21
4.1 Preparing for CIFS Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.1.1 Product Interdependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.1.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.1.3 Required Rights and Permissions for a CIFS User/Administrator . . . . . . . . . . . . . . . 22
4.2 Installing and Configuring a CIFS Server through YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.3 Verifying Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.3.1 Verifying Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.3.2 Verifying the File Configuration Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4 Installing the CIFS iManager Plug-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.5 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5 Administering the CIFS Server 31
5.1 Using iManager to Manage CIFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.1.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.1.2 Selecting a Server to Manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.1.3 Setting the CIFS Server and Authentication Properties. . . . . . . . . . . . . . . . . . . . . . . 33
5.1.4 Managing CIFS Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.1.5 Configuring a CIFS User Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.1.6 Stopping CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.2 Using the Command Line to Manage CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Contents 5
5.2.1 Starting CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.2.2 Stopping CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.2.3 Restarting CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.2.4 Modifying the CIFS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.2.5 Anonymous Log In for CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
5.2.6 Working with CIFS Shares. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.2.7 Configuring the CIFS Context Search File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.3 Locks Management for CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.4 Third Party Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.5 DFS Junction Support in CIFS Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.5.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.5.2 Enabling DFS Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.5.3 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.6 Problems Following DFS Junctions with CIFS in Windows 2000/XP Releases. . . . . . . . . . . . 47
5.6.1 Windows Unable to Resolve the NetBIOS Name of the CIFS Server . . . . . . . . . . . . 48
5.6.2 After Modifying the Junction Target, Accessing the Junction Still Leads to the Old
Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.7 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
6 Migrating CIFS from NetWare to OES 2 SP2 Linux 51
novdocx (en) 13 May 2009
7 Running CIFS in a Virtualized Environment 53
7.1 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
8 Configuring CIFS with Novell Cluster Services for an NSS File System 55
8.1 Benefits of Configuring CIFS for High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
8.2 Cluster Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
8.3 CIFS and Cluster Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
8.3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
8.3.2 Using CIFS in a Cluster Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
8.4 Configuring CIFS in a Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
8.4.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
8.4.2 Creating Shared Pools and Accessing Sharepoints . . . . . . . . . . . . . . . . . . . . . . . . . 58
8.4.3 Using a Pre-existing Cluster Pool for CIFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
8.5 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
9 Working with Client Computers 63
9.1 Configuring Client to Use NTLMv1 Authentication Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
9.2 Accessing Files from a Client Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
9.2.1 Accessing Files from a Windows or Windows Vista Client . . . . . . . . . . . . . . . . . . . . 63
9.2.2 Accessing Files from a Linux Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
9.3 Mapping Drives and Mounting Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.3.1 Mapping Drives from a Windows Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.3.2 Mapping Files from a Windows Vista Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.3.3 Mounting Volumes from a Linux Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
10 Troubleshooting CIFS 67
10.1 CIFS Installation and Configuration Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
10.1.1 CIFS is not coming up after installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
10.1.2 CIFS stops after installation and throws an error 669, “schema not extended” . . . . . 67
10.1.3 CIFS is not running with Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
6 OES 2 SP2: Novell CIFS for Linux Administration Guide
10.2 CIFS Log In Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
10.2.1 CIFS does not log in and throws “Password has expired” error . . . . . . . . . . . . . . . . 68
10.3 CIFS Loading Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
10.3.1 CIFS is not starting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
10.3.2 Newly created NSS volumes are not being shared in CIFS . . . . . . . . . . . . . . . . . . . 68
10.4 CIFS Migration Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
10.4.1 After migration, CIFS is not running. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
10.4.2 Different Tree migration is not available in the Migration tool. . . . . . . . . . . . . . . . . . 69
10.5 Junction Target Changes Require DFSUTIL Command Execution to Clear the Cache . . . . . 69
11 Security Guidelines for CIFS 71
11.1 Using Credentials. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
11.2 Using CASA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
11.3 Using VPN Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
11.4 Using SMB Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
11.5 Other Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
ANOVCIFS 73
novdocx (en) 13 May 2009
B Comparing CIFS on NetWare and CIFS on Linux 79
C Documentation Updates 81
C.1 January 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
C.2 November 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
C.3 November 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Contents 7
novdocx (en) 13 May 2009
8 OES 2 SP2: Novell CIFS for Linux Administration Guide
About This Guide
novdocx (en) 13 May 2009
This guide contains information on installing, migrating, configuring, administering, managing, and
®
troubleshooting Novell
CIFS software specific to Windows* CIFS running on Open Enterprise
Server (OES) 2 SP2 Linux.
Chapter 1, “Overview of CIFS,” on page 11
Chapter 2, “What’s New,” on page 15
Chapter 3, “Planning and Implementing CIFS,” on page 17
Chapter 4, “Installing and Setting Up CIFS,” on page 21
Chapter 5, “Administering the CIFS Server,” on page 31
Chapter 6, “Migrating CIFS from NetWare to OES 2 SP2 Linux,” on page 51
Chapter 7, “Running CIFS in a Virtualized Environment,” on page 53
Chapter 8, “Configuring CIFS with Novell Cluster Services for an NSS File System,” on
page 55
Chapter 9, “Working with Client Computers,” on page 63
Chapter 10, “Troubleshooting CIFS,” on page 67
Chapter 11, “Security Guidelines for CIFS,” on page 71
Appendix A, “NOVCIFS,” on page 73
Audience
This guide is intended for OES 2 Linux* administrators who want to use and administer the CIFS
services and to access shares.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to
Novell Documentation Web site (http://www.novell.com/
documentation/feedback.html) and enter your comments there.
Documentation Updates
For the most recent version of the CIFS Guide, visit the OES 2 Documentation Web site (http://
www.novell.com/documentation/oes2sp1/).
Additional Documentation
For documentation on CIFS on NetWare®, see the NFAP guide.
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
in a cross-reference path.
About This Guide 9
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
*
forward slash, such as UNIX
, should use forward slashes as required by your software.
novdocx (en) 13 May 2009
10 OES 2 SP2: Novell CIFS for Linux Administration Guide
1
Overview of CIFS
CIFS (Common Internet File System) is a network file sharing protocol that is based on the SMB
(Server Message Block) protocol. File sharing is achieved through these separate but intertwined
protocols for service announcement, naming, authentication, and authorization.
Section 1.1, “Understanding CIFS,” on page 11
Section 1.2, “CIFS and Universal Password,” on page 11
Section 1.3, “CIFS Features and Capabilities,” on page 12
Section 1.4, “Advantages of Novell CIFS,” on page 12
Section 1.5, “CIFS Server,” on page 13
Section 1.6, “CIFS Terminology,” on page 13
Section 1.7, “What's Next,” on page 14
novdocx (en) 13 May 2009
1
1.1 Understanding CIFS
Novell® CIFS runs on the Open Enterprise Server (OES) 2 SP2 Linux server, uses Novell
eDirectory
access the server data files or other shared resources in one of the following ways:
For Windows, through the Network Neighborhood or My Network, Windows Explorer, and
For Linux, through a SMB client from Linux desktops.
Figure 1-1 Novell CIFS Conceptual Overview
TM
services for user authentication, and allows the Windows and Linux client users to
mapped drives from Windows and Windows Vista* workstations.
1.2 CIFS and Universal Password
Universal Password helps in management of password-based authentication schemes.The Universal
password is not enabled by default. Each CIFS user must be Universal Password enabled to be able
to log in to the CIFS server.
Overview of CIFS
11
To learn more about Universal Password, including how to enable it, see “Novell Password
Management” (http://www.novell.com/documentation/password_management32/
pwm_administration/data/allq21t.html) in the Novell Password Administration Guide (http://
www.novell.com/documentation/password_management32/pwm_administration/data/
bookinfo.html).
1.3 CIFS Features and Capabilities
CIFS implementation supports the following features on OES 2 SP2 Linux:
Support for Windows 7 client
Cross-Protocol File Locking support between AFP, CIFS, and NCP™
Auditing support for File Access activities
Migration capability from NetWare® to Linux
DFS Support
novdocx (en) 13 May 2009
Support for Windows 2000, XP, 2003, Vista Enterprise, Vista Business, and Vista Ultimate
(both 32-bit and 64-bit), and SUSE
systems. For details, see
Support for Universal Password
Support for NTLMv1 authentication mode
Integration with Novell eDirectory
Integration with the Novell Storage Services
Support for Unicode* filenames
Supports the Novell Trustee Model for file access
Does not require Linux User Management (LUM) enabling
Supported by Novell Cluster Services
Administration and configuration through iManager
Section 3.2.3, “Client Operating System Requirements,” on page 17
®
Linux Enterprise Desktop (SLED) 10 as client operating
TM
(NSS) file system
TM
for high availability
1.4 Advantages of Novell CIFS
CIFS on OES 2 Linux simplifies overall network administration by consolidating user
management through Novell eDirectory.
All users who need access to the network are represented in eDirectory through User objects.
This enables administrators to easily and effectively assign trustee rights, control access, and
manage all User objects from a single location on the network.
Support for 1500 concurrent client connections.
Superior performance similar to NetWare
Takes advantage of enhanced interoperability services provided by OES 2 Linux server.
Enhanced Migration Tool support for NetWare CIFS users.
12 OES 2 SP2: Novell CIFS for Linux Administration Guide
®
CIFS.
1.5 CIFS Server
Novell CIFS enables Windows and Linux client workstations to create, copy, delete, move, save,
and open files on an OES 2 Linux server. CIFS allows read and write access from multiple client
systems simultaneously. All these various file operations and sharing of resources on a network are
managed from a CIFS server.
The CIFS protocol offers various services, service announcements, user authentication and
authorization, and naming service running on a CIFS server. For achieving the file sharing and other
services, a CIFS Server uses NetBIOS over TCP/IP (NBT) and SMB services. CIFS file sharing is
achieved by a mechanism called Browsing services or advertising. For details on Browsing and
other services, see
Section 1.6, “CIFS Terminology,” on page 13.
1.6 CIFS Terminology
CIFS is defined by its local implementation rather than a universal specification. The following
sections are terms and definitions that are part of CIFS and are widely used:
NetBIOS Names: Human-readable and visible names assigned to computers on a network. All
NetBIOS computers on a network are configured by the administrator.CIFS uses NetBIOS Naming
Service (NBNS) for name resolution.
novdocx (en) 13 May 2009
Workgroup: A peer-to-peer computer network that shares files and information. Workgroups
simplify network management by organizing servers and services into administrative groups.
Workgroup names are defined by the NetBIOS names.
Domain Name System (DNS): An Internet service that translates domain names into IP addresses.
Browsing: The process of discovering the (NetBIOS names) of CIFS Servers that are on the
network.
Browsing Services: An advertising mechanism used by a CIFS Server to announce and use the
shares available in the network. This service maintains the list of available file and print services.
The list is presented via the Network Neighborhood or My Network Places in Windows, Linux or
SMB clients for Linux.
Local Master Browser (LMB): The workgroup leader for each individual workgroup. Also called
a Master Browser.
Master Browser: A computer that is the workgroup leader for each individual workgroup. Also
called a Local Master Browser or LMB.
Domain Master Browser (DMB): A computer that collects information from several Master
Browsers within a domain.
Backup Browser (BB): Any computer on a network other than a Master Browser. Used to
distribute the browser loads. Based on the network traffic and an election or voting process, a
Backup Browser has the potential to become a Local Master Browser, if required.
OpLocks: Opportunistic locking. A locking and authentication mechanism of file sharing when
there are multiple users or requests to the same share or resource on the network. OpLocks provides
a means to cache a read/write operation on a file without updating the server every time.
Overview of CIFS 13
novdocx (en) 13 May 2009
Novell Product Terms: For definitions of Novell product terminology and other glossary terms
TM
used in this guide, such as NMAS
, NICI, NCPTM, and others, visit the Novell: Glossary of Terms
(http://www.novell.com/company/glossary.html).
1.7 What's Next
If you are planning to implement CIFS on your enterprise server, continue with Chapter 3,
“Planning and Implementing CIFS,” on page 17 to understand the implementation requirements.
14 OES 2 SP2: Novell CIFS for Linux Administration Guide
2
What’s New
The following new features are implemented on Open Enterprise Server (OES) 2 Linux for CIFS:
Installation and Configuration through YaST: CIFS is installed and configured through the
YaST interface on OES 2 Linux. For details, see
CIFS Server through YaST,” on page 23.
Administration and Configuration: iManager provides an advanced level of administration
and configuration of CIFS on OES 2 Linux. For details, see
Manage CIFS,” on page 31.
Migrating to a Linux Platform: NetWare
by using either the new Migration Tool or the miggui command line utility. For details, see
Chapter 6, “Migrating CIFS from NetWare to OES 2 SP2 Linux,” on page 51.
Section 4.2, “Installing and Configuring a
Section 5.1, “Using iManager to
®
CIFS can be migrated to CIFS on OES 2 Linux
novdocx (en) 13 May 2009
2
What’s New
15
novdocx (en) 13 May 2009
16 OES 2 SP2: Novell CIFS for Linux Administration Guide
3
Planning and Implementing CIFS
Planning and implementing CIFS on an Open Enterprise Server (OES) 2 Linux server requires you
to understand the information and requirements discussed in the following sections:
Section 3.1, “Planning for CIFS,” on page 17
Section 3.2, “CIFS System Prerequisites,” on page 17
Section 3.3, “Constraints, Limitations, and Issues,” on page 18
Section 3.4, “What's Next,” on page 19
3.1 Planning for CIFS
The key factors to consider for implementing and enabling Novell® CIFS on your enterprise servers
are:
Upgrading from OES 2 Linux to OES 2 SP2 Linux on your enterprise servers. For details on
installing CIFS on OES 2 SP2 Linux, see
page 21.
Moving from NetWare
from NetWare to OES 2 SP2 Linux,” on page 51.
®
to an OES 2 Linux setup. For details see, Chapter 6, “Migrating CIFS
Chapter 4, “Installing and Setting Up CIFS,” on
novdocx (en) 13 May 2009
3
3.2 CIFS System Prerequisites
To access CIFS servers running on an OES 2 Linux server, client computers must be connected to
the network, properly configured to run NBT (NetBIOS over TCP/IP), and meet the following basic
minimum requirements:
Section 3.2.1, “Server Operating System Requirements,” on page 17
Section 3.2.2, “Server Hardware Requirements,” on page 17
Section 3.2.3, “Client Operating System Requirements,” on page 17
Section 3.2.4, “Package Dependencies,” on page 18
3.2.1 Server Operating System Requirements
Novell Open Enterprise Server 2 Support Pack 1 and later.
3.2.2 Server Hardware Requirements
Same as the OES 2 SP2 Linux hardware requirements. For details, see “Meeting All Server
Software and Hardware Requirements” in the OES 2 SP2: Installation Guide.
3.2.3 Client Operating System Requirements
Windows XP SP2 and SP3.
Windows 7 Client.
Planning and Implementing CIFS
17
Windows Vista Business SP1 and 64-bit SP1, Enterprise SP1 and 64-bit SP1, and Ultimate SP1
and 64-bit SP1.
Mac Client Support.
SUSE
®
Linux Enterprise Desktop versions.
Any NFS* platform capable of NFS v2, NFS v3, or NFS v4, such as Linux, or FreeBSD*.
3.2.4 Package Dependencies
Use the following checklist to verify CIFS dependencies before proceeding:
novdocx (en) 13 May 2009
All Novell CIFS users must be in eDirectory
Novell CIFS supports only Novell Storage Services
NCP
TM
should be up and running for Novell CIFS to function properly.
TM
. Linux-only users are not supported.
TM
(NSS) volumes.
If your eDirectory replica is stored on an eDirectory server earlier than 8.8.3, ensure you
upgrade the server using the
Security Services 2.0.6 patch (http://download.novell.com/
Download?buildid=LYlbZMAom6k~).
3.3 Constraints, Limitations, and Issues
Section 3.3.1, “Co-existence Issues,” on page 18
3.3.1 Co-existence Issues
Do not install any of the following service combinations on the same server as Novell CIFS.
Although not all of the combinations cause pattern conflict warnings, Novell does not support any of
the combinations shown:
File Server (SLES 10 - Samba).
Novell Domain Services for Windows (DSfW).
Any other Samba implementation.
Xen Virtual Machines on the host.
Table 3-1 Novell CIFS and Novell Samba Comparison
Item Novell CIFS Novell Samba
Authentication Password policy is
required to allow
cifs users to
authenticate to
eDirectory.
18 OES 2 SP2: Novell CIFS for Linux Administration Guide
A Samba-compatible Password Policy is required for
compatibility with Windows workgroup authentication.
Item Novell CIFS Novell Samba
novdocx (en) 13 May 2009
File system
support
LUM and
Samba
enablement
NSS is the only file
system supported
for this release.
LUM and Samba
enablement are not
required.
It is recommended (but not required) that you create Samba
shares on NSS data volumes. NSS is fully integrated with
eDirectory for easy management , and using an NSS volume
allows you to take advantage of the rich data security model in
NSS. You can use either iManager for the nssmu utility to create
an NSS volume on an OES2 Linux server. For instruction on how
to setup an NSS volume, see Managing NSS volumes in the
OES2 SP2:File Systems Management Guide.
Users must be enabled for LUM and Samba and assigned to a
Samba group.
3.4 What's Next
To proceed with CIFS installation on an OES 2 Linux server, continue with Chapter 4, “Installing
and Setting Up CIFS,” on page 21.
Planning and Implementing CIFS 19
novdocx (en) 13 May 2009
20 OES 2 SP2: Novell CIFS for Linux Administration Guide
4
Installing and Setting Up CIFS
Novell® CIFS is not installed by default when you install Open Enterprise Server (OES) 2 SP2
Linux. CIFS needs to be selected so it can be installed during OES 2 Linux installation. This section
provides the CIFS installation requirements and procedures.
Section 4.1, “Preparing for CIFS Installation,” on page 21
Section 4.2, “Installing and Configuring a CIFS Server through YaST,” on page 23
Section 4.3, “Verifying Installation,” on page 28
Section 4.4, “Installing the CIFS iManager Plug-In,” on page 29
Section 4.5, “What's Next,” on page 29
4.1 Preparing for CIFS Installation
Section 4.1.1, “Product Interdependencies,” on page 21
Section 4.1.2, “Prerequisites,” on page 21
novdocx (en) 13 May 2009
4
Section 4.1.3, “Required Rights and Permissions for a CIFS User/Administrator,” on page 22
4.1.1 Product Interdependencies
CIFS has product interdependencies that must be considered:
NMAS
NICI (Novell International Cryptographic Infrastructure).
CIFS depends on NMAS for name resolution and authentication of CIFS users. NMAS is dependent
on NICI for encryption and decryption services. A problem with any of these products causes CIFS
users to be denied access to an OES 2 Linux server.
TM
(Novell Modular Authentication Services).
4.1.2 Prerequisites
To properly install and configure CIFS, ensure that the following prerequisites are met:
You are running an OES 2 SP2 Linux server. For more information on installing OES 2 Linux,
see the OES 2 SP2: Installation Guide.
You have a Universal Password. Read “Deploying Universal Password” in the Novell
Password Management Administration Guide (http://www.novell.com/documentation/
password_management32/pwm_administration/data/allq21t.html).
The Universal Password includes the ability to create password policies. It also removes the
need to maintain two separate passwords for CIFS users.
NMAS is installed on or added to an OES 2 Linux server that has a read/write eDirectory
replica of the eDirectory partition where the User objects reside.
NMAS is automatically installed. For more information on NMAS, see the NMAS 3.2
Administration Guide (http://www.novell.com/documentation/nmas32/admin/
index.html?page=/documentation/nmas32/admin/data/a20gkue.html).
TM
Installing and Setting Up CIFS
21
Novell iManager 2.7.3 is installed, configured, and running. For more information on iManager
installation and administration, see the Novell iManager 2.7.3 Administration Guide.
Stop all the running Samba daemons before installing CIFS. Use the following commands:
/etc/init.d/smb stop
/etc/init.d/nmb stop
4.1.3 Required Rights and Permissions for a CIFS User/
Administrator
The NDS user/administrator needs supervisor rights over the container where the server object
is installed.
The NDS user/administrator needs root permissions to install CIFS on an OES 2 Linux server.
The NDS user/administrator needs read, write, create, modify rights over the password policies
sub-container of the security container, for the following reasons:
Adding the CIFS default policy to the password policies.
Modifying policies selected for CIFS, so that the proxy user can read passwords for users
attached to the policy.
novdocx (en) 13 May 2009
Example for CIFS Cluster Rights
The cifs proxy user a, cifs proxy user b, and cifs
proxy user c have the rights to read the eDirectory
CIFS attributes under ou=provo (Virtual server a
and Virtual server b). Hence if these virtual servers
are hosted in any of these three nodes, the
configuration is read by the CIFS service in the
corresponding node.
The cifs proxy user 1, ci
proxy user 3 have rights to read the eDirectory
CIFS attributes under ou=blr (Virtual server 1 and
Virtual server 2). Hence if these virtual servers are
hosted in any of these three nodes, the
configuration is read by the CIFS service in the
corresponding node.
fs proxy user 2, and cifs
If the virtual server requires to be migrated across the branches, then the cifs proxy users have to be
given explicit rights on those branches such that the CIFS attribute information can be read.
22 OES 2 SP2: Novell CIFS for Linux Administration Guide
The attributes for which the cifs proxy user requires rights are, nfapCIFSServername,
nfapCIFSComment, nfapCIFSShares, and nfapCIFSAttach. These attributes must have read, write,
and compare rights. If the rights are defined on the branch(preferable), then the inherit rights also
have to be provided.
novdocx (en) 13 May 2009
In this example, if V
provided access to read the attributes of Virtual server 2. The rights for the above mentioned
attributes can be provided at ou=blr for cifs proxy user c. Hence the same rights holds good for
hosting Virtual server 1 too.
irtual server 2 is to be hosted on node server c, then cifs proxy user c must be
4.2 Installing and Configuring a CIFS Server
through YaST
Follow this procedure to install and configure the CIFS services on an OES 2 SP2 Linux server in
either of the following cases:
Installing CIFS with the bundle of products during OES 2 SP2 Linux installation.
Installing only the Novell CIFS service and its dependencies on an existing OES 2 SP2 Linux
server.
Before you begin, ensure that you have the required
are installing CIFS after installing OES 2 SP2 Linux.
nch YaST, using one of the following methods:
1 Lau
From your Desktop: Click Co
or
From your Terminal: Run the
2 Cl
ick Group > Open Enterprise Server > OES Install and Configuration.
mputer > More Applications > System > YaST.
yast2
command on the server console.
eDirectory admin credentials to proceed, if you
ect Novell CIFS from the software patterns listed.
3 Sel
Installing and Setting Up CIFS 23
IMPORTANT: By default, the CIFS dependency packages are selected: Novell eDirectory,
Novell Linux User Management (LUM), NetWare Core Protocol Server (NCP), Novell
Remote Manager (NRM), and Novell Storage Services (NSS), in addition to other OES 2 SP2
default dependencies or other services dependency packages.
4 Click Accept.
The subsequent pages allow the administrator to configure CIFS on OES 2.
novdocx (en) 13 May 2009
5 To change the default configuration settings for CIFS, click on the Novell CIFS service or click
Next to continue with the default configuration.
NOTE: If you are installing CIFS after installing OES 2 SP2, you are prompted to enter the
eDirectory admin password. Enter the password and click OK to proceed.
24 OES 2 SP2: Novell CIFS for Linux Administration Guide
novdocx (en) 13 May 2009
6 Fill in the following fields and click Next:
Parameter Description
eDirectory server address or host
name
Use secure channel for configuration By default, this option is se
LDAP port for CIFS Server The default is 636. This is preferred. Do not change the
Local NCP Server context Displays the NCPTM Server context.
CIFS Proxy User Name Create a new proxy user. Use the format
CIFS Proxy User Password The password specified here is set in the CIF
Verify CIFS Proxy User Password Re-enter the password for verification. It should be identical
eDirectory Contexts The default is displayed. Select or add a new context,
This is the default eDirectory server IP address. Select from
the drop-down list to change to a different server.
lected. This is preferred.
defaul
t port value during a fresh installation of the tree.
NOTE: If the OES 2 Linux server is attached to an existing
tree, the administrator can change this to another LDAP port.
cn=proxyusername,
file. It cannot be changed. The maximum length is 256
characters.
to
the CIFS proxy user password.
ind
icating where the user resides. Use the Add and Delete
buttons to add and delete contexts.
o=company.
S configuration
Installing and Setting Up CIFS 25
Loading...