Step 3: Modify the Configuration

HP CIFS Server requires configuration modifications for the following functionality:

Case Sensitivity for the Client and Server for UNIX Extensions
DOS Attribute Mapping
Print Services for version A.02.02 (current version)
Distributed File System (DFS) Support
Configure MC/ServiceGuard High Availability (HA)

Configure Case Sensitivity

By default, the HP CIFS Server is configured to be case insensitive, like Windows.




	NOTE: HP recommends that when using CIFS Extensions for UNIX, both the CIFS Client and Server be configured to be case sensitive.

For the CIFS Server, edit the server configuration file: /etc/opt/samba/smb.conf as follows.

case sensitive = yes

For the CIFS Client configuration, in the /etc/opt/cifsclient/cifsclient.cfg file, ensure the following default is set:

caseSensitive = yes

Configure DOS Attribute Mapping

map system, map hidden and map archive Attributes

There are three parameters, map system, map hidden, and map archive, that can be configured in Samba to map DOS file attributes to owner, group, and other execute bits in the UNIX file system.

When using the CIFS Client, you may want to have all three of these parameters turned off. If the map archive parameter is on, any time a user writes to a file, the owner execute permission will be set. This is usually not desired behavior for HP CIFS clients or UNIX clients in general.

By default, map system and map hidden are off, and map archive is on.

To turn map archive off, modify /etc/opt/samba/smb.conf as follows:

map archive = no

map readonly Attriubte

The smb.conf parameter, map readonly, controls how the DOS read only attribute should be mapped from a UNIX files system

Three valid settings for this parameter are:

yes: The read only DOS attribute is mapped to the inverse of the user (owner) write bit in the UNIX permission mode set. If the owner write bit is not set, the read only attribute is reported as being set on the file.
permissions: The read only DOS attribute is mapped to the effective permissions of the connecting user, as evaluated by reading the UNIX permissions and POSIX ACL (if present). If the connecting user does not have permission to modify the file, the read only attribute is reported as being set on the file.
no: The read only DOS attribute is unaffected by permissions.

By default, the map readonly attribute is set to “yes”. Samba uses user (owner) access permission to determine whether a file is read only. The file access permission is determined by the POSIX write access permission for user (owner). If the write permission on a file is not set for the user (owner), then Samba treats that file as read-only. Once Samba identifies a file as read-only, any write access attempting to that file would immediately result in access denied error. Group members are unable to write to a file with UNIX write access permission disabled for the user (such as 070 or 060).

If you set this parameter to “permissions”, the file access permissions for group members will be evaluated by validating UNIX group permissions. Group members can write to files with UNIX write permission enabled for the group (such as 060 or 070). The smb.conf parameter, store dos attributes, must be set to No (default), otherwise, the map readonly parameter setting will be ignored.

Configuring Print Services for HP CIFS Version A.02.02

This section provides information about configuring Print Services on systems running HP CIFS version A.02.02. The HP CIFS Server now provides the following NT printing functionality:

Printer driver files may be downloaded to Windows NT, 2000 and XP clients that do not have them
Printer driver files may be uploaded using the Windows NT/XP/2000 Add Printer wizard
Support for Windows Access Control Lists (ACL) on printer objects

Information about setting up and configuring each of the Print Services (except ACLs) is shown in the following sections. Information about configuring ACL Support is discussed in a previous section.

Configuring a [printers] share

The following is a minimal printing setup. Use either one of the following two procedures to create a [printers] share:

SWAT (Samba Administration Tool)
-or-
Create a [printers] share in the /etc/opt/samba/smb.conf file. Refer to the following example:
[hpdeskjet] path = /tmp printable = yes
Where "hpdeskjet" is the name of the printer to be added.

Creating a [printers] share

Configure a [printers] share in the /etc/opt/samba/smb.conf file. Refer to the following example:

[printers]

path = /tmp

printable = yes

browseable = no

This share is required if you want the printer's list to be displayed in SWAT, which is not defined in the smb.conf file, but exists on the HP CIFS Server. If this share is not defined, the printer's list will display only those printer shares which are defined in the smb.conf file.

Setup Server for automatically uploading printer driver files

In order to add a new driver to your Samba host using version A.02.01 of the software, one of two conditions must hold true:

The account used to connect to the Samba host must have a uid of 0 (i.e. a root account), or...
The account used to connect to the Samba host must be a member of the printer admin list. This will require a [global] smb.conf parameter as follows:
printer admin = netadmin

The connected account must still possess access to add files to the subdirectories beneath [print$]. Keep in mind that all files are set to 'read only' by default, and that the printer admin parameter must also contain the names of all users or groups that are going to be allowed to upload drivers to the server, not just 'netadmin'.

The following is an example of the other parameters required:

Create a [print$] share in the smb.conf file that points to an empty directory named "/etc/opt/samba/printers" on the HP CIFS Server. Refer to the following example:
[print$]
path = /etc/opt/samba/printers
browseable = yes
guest ok = yes
read only = yes
write list = netadmin
In this example, the parameter "write list" specifies that administrative lever user accounts will have write access for updating files, on the share.
Create the subdirectory tree, under the [print$] share, for each architecture that needs to be supported. Refer to the following example:
cd /etc/opt/samba/printers
mkdir W32X86
mkdir Win40
There are two possible locations (subdirectories) for keeping driver files, depending upon what version of Windows the files are for:
For Windows NT, XP or Windows 2000 driver files, the files will be stored in the /etc/opt/samba/printers/W32X86 subdirectory.
For Windows 9x driver files, the files will be stored in the /etc/opt/samba/printers/Win40/0 subdirectory.

Setup Client for automatically uploading of printer drivers

Printer driver files can be automatically uploaded from disk to the printers on a HP CIFS Server. Here are the steps:

Connect to CIFS Server by running the \\[server name] command or browse to CIFS Server through Network Neighborhood.Make sure you are connected as a member of the printer admin list.
From the CIFS Server, double click on the "Printers" or "Printers and Faxes" folder. A list of printers available from your CIFS Server will be shown in the folder. Viewing the printer properties will result in the error message:
The printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the driver now?
Click "no" in the error dialog and the printer properties window will be displayed.
Click on the 'Advanced' tab, then the 'New Driver..." button.
Select the printer driver e.g. hp LaserJet 5i. You will be asked for the driver files. Give the path where the driver files are located. The driver files will be uploaded from the disk, and stored into the subdirectories under the [print$] share.

Publishing Printers in an MS Windows 2000/2003 ADS Domain

Publishing printers makes HP CIFS Server printers searchable in an Microsoft Windows 2000/2003 ADS domain. If a Windows client is a domain member of the ADS domain, that client can search for the printer and install it.

Setting up HP CIFS Server for Publishing Printers Support

Use the following procedures to set up an HP CIFS Server for publishing printers support:

Create the printer shares for each printer and a [printers] share in the smb.conf file. The following is an example of a [printers] share:
[printers]
path = /tmp
printable = yes
browseable = yes
See the following example for settng up a specific printer share, where lj1005 is the name of the printer:
[lj1005] path = /tmp printable = yes
Create a [print$] share in the smb.conf file and set the path parameter to a directory named /etc/opt/samba/printers. See the following example:
[print$]
path = /etc/opt/samba/printers
use client driver = no
browseable = yes
guest ok = yes
read only = yes
write list = netadmin
In the above example, the write list parameter specifies that administrative level user account has write access for updating files on this share. The use client driver parameter must be set toNo.
Configure the printer admin parameter to specify a list of domain users that are allowed to connect to an HP CIFS Server. See the following example:
[global]
printer admin = cifsuser1,cifsuser2
If the HP CIFS Server is not yet a member of the ADS domain, then run the net ads join -U Administrator%password command to join an HP CIFS Server to the ADS domain as a domain member server. See section "Join an HP CIFS Server to a Windows 2000/2003 Domain as an ADS Member Server" in Chapter 5 “Windows 2000/2003 Domains” for details.

Publishing Printers from a Windows Client

Use the following procedures to publish printers from a windows client which is a domain member of the ADS domain:

Log in to your window client as a user who is a member of the printer admin list. For example, the user's name is cifsuser1.
Click on start.
Click on the run tab.
Type \\<HP CIFS Server name> in the open box to connect to an HP CIFS Server. For example, type \\hpserverA. hpserverA is the name of an HP CIFS Server.
Click on the printers folder.
Double click on a printer and select printer, then the properties tab.
Click on sharing tab in the properties windows screen.
Check the list in the directory check-box in the sharing windows screen. See the following screen snapshot for an example:

Figure 2-1 Publishing Printer Screen

Verifying that the Printer is Published

On an HP CIFS Server system, you can run the net ads printer search command to verify that the printer is published. For example, verify that the printer hpdesklj2 is published, type:

$ net ads printer search hpdesklj2

After you ran the above command, the output is shown as follows:

objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:hpdesklj2
serverName:HPSERVERA

On a windows client, you can also use the following steps to verify that the printer is published:

Log in to your window client as a user who is a member of the printer admin list. For example, the user's name is cifsuser1.
Click on start.
Click on the search tab.
Click on buttons to find network printers.
Select the name of the ADS domain in the In box.
Click on the find now tab.

Commands Used for Publishing Printers

This section describes the net ads printer command used for publishing printers support on an HP CIFS Server.

Searching Printers

To search a printer across the entire Windows 2000/2003 ADS domain, run the following command:

$ net ads printer search <printer_name>

Without specifying the printer name, the command searches all printers available on the ADS domain.

For example, the following command searches all printers available on the ADS domain:

$ net ads printer search

After you ran the above command, the output is shown as follows:

objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:hpdesklj2
serverName:HPSERVERA

objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:lj1005
serverName:HPSERVERA

objectClass:top
objectClass:leaf
objectClass:connectionPoint
objectClass:printQuene
printerName:lj3200
serverName:HPSERVERB

Removing a Printer

To remove a printer from the ADS domain, run the following command:

$ net ads printer remove <printer_name>

For example, the following command removes the printer lj1005 from the ADS domain:

$ net ads printer remove lj1005

Re-Publishing a Printer

To publish a printer for the first time, you must use the procedures described in section "Publishing Printers from a Windows Client". If you remove a printer, you can use the following command to re-publish it:

$ net ads printer publish <printer_name>

For example, the following command re-publishes the printer lj1005 to the ADS domain:

$ net ads printer publish lj1005

Setting Up Distributed File System (DFS) Support

This section will provide the procedures for:

Setting up a DFS Tree on a HP CIFS Server
Setting up DFS Links in the DFS root directory on a HP CIFS Server




	NOTE: HP does not recommend filesharing of the root directory. Only subdirectories under the root should be set up for filesharing.

Setting Up a DFS Tree on a HP CIFS Server

After the DFS Tree is set up using this procedure, users on DFS clients can browse the DFS tree located on the HP CIFS Server at \\servername\DFS.

Select a HP CIFS Server to act as the Distributed File System (DFS) root directory.
Configure a HP CIFS server as a DFS server by modifying the smb.conf file to set the global parameter host msdfs to yes. Example:
[global]
host msdfs = yes
Create a directory to act as a DFS root on the HP CIFS Distributed File System (DFS) Server.
Create a share and define it with the parameter path = directory of DFS root in the smb.conf file. Example:
[DFS]
path = /export/dfsroot
Modify the smb.conf file and set the msdfs root parameter to yes. Example:
[DFS]
path = /export/dfsroot
msdfs root = yes

Setting Up DFS Links in the DFS Root Directory on a HP CIFS Server

A Distributed File System (DFS) root directory on a HP CIFS Server can host DFS links in the form of symbolic links which point to other servers.

Before setting up DFS links in the DFS root directory, you should set the permissions and ownership of the root directory so that only designated users can create, delete or modify the DFS links.

Symbolic link names should be all lowercase. All clients accessing a DFS share should have the same user name and password.

An example for setting up DFS links follows:

Use the ln command to set up the DFS links for "linka" and "linkb" on the /export/dfsroot directory. Both "linka" and "linkb" point to other servers on the network. Example commands:
cd /export/dfsroot
chown root /export/dfsroot
chmod 775 /export/dfsroot
ln -S msdfs:serverA\\shareA linka
ln -S msdfs:serverB\\shareB serverC\\shareC linkb
If you use the ls -l command on the /export/dfsroot directory, it should show an output similar to this one:
lrwxrwxrwx l root sys 24 Oct 30 10:20
linka -> msdfs:serverA\\shareA
lrwxrwxrwx l root sys 30 Oct 30 10:25
linkb -> msdfs:serverB\\shareB, serverC\\shareC
In this example, "serverC" is the alternate path for "linkb". Because of this, if "serverB" goes down, "linkb" can still be accessed from "serverC". "linka" and "linkb" are share names. Accessing either one will take users directly to the appropriate share on the network.
Refer to the following screen snapshot for an example:

Figure 2-2 Link Share Names Example

MC/ServiceGuard High Availability Support

Highly Available HP CIFS Server allows the HP CIFS Server product to run on an MC/ServiceGuard cluster of nodes. MC/ServiceGuard allows you to create high availability clusters of HP 9000 server computers.

Template files for version A.02.02 have been revised to allow any number of cluster nodes and other advantages over previous schemes.

Follow the configuration procedures provided in Chapter 11.