Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP CIFS Server 3.0g Administrator's Guide version A.02.03.01: HP-UX 11i v1, v2 and v3 > Chapter 7 Winbind Support

Configuring HP CIFS Server with Winbind
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

You must set up and configure your HP CIFS Server to use the winbind feature support.

Winbind Configuration Parameters

Table 7-1 shows the list of global parameters used to control the behavior of winbind. These parameters are set in the /etc/opt/samba/smb.conf file in the [global] section. Refer to the smb.conf man page for more details.

Table 7-1 Global Parameters

Parameter

Description
winbind separator

This string variable specifies the separator to separate domain name and user name. For example,winbind separator = \

.
idmap uidThis variable specifies the UID range for domain users. For example, idmap uid = 50000–60000
idmap gidThis variable specifies the GID range for domain groups. For example, idmap gid = 50000–60000
winbind enum usersThis boolean variable enables enumeration of winbind users. Set this parameter to Yes to allow and No to disallow enumeration of winbind users. By default, this parameter is set to Yes.
winbind enum groups This boolean variable enables enumeration of winbind groups. Set this parameter to Yes to allow and No to disallow enumeration of winbind groups. By default, this parameter is set to Yes.
idmap backendThis string variable specifies the type of the idmap backend that is used. The syntax can be:

  • idmap backend =

    This is the default where the local idmap tdb file is used.

  • idmap backend = rid:<domain name>=<idmap_rid_range>

    The ID mappings are generated by the idmap rid facility. For example, idmap backend = rid:DomainA=50000–60000.

  • idmap backend = ldap:ldap://<ldap server name>[:389]

    The ID mapping data is stored in a common LDAP directory server backend. For example, idmap backend = ldap:ldap://ldapserverA.hp.com.

winbind cache timeThis integer variable specifies the number of seconds the winbindd daemon caches user and group information before querying a Windows NT server again. The default value is 300.
winbind use default domainThis boolean variable specifies whether the winbindd daemon operates on users without domain component in their username. Users without a domain component are treated as a part of the winbindd server's own domain. The default setting is No.
template homedirThis string variable specifies the winbind users a home direcotry. For example, template homedir = /home/%U
template shellThis string variable specifies the winbind users a login shell. For example, template shell = /shin/ksh.

 

NOTE:

  • The HP CIFS Server does not support the ad option for idmap backend.

  • The idmap rid utility requires that the parameter, allow trusted domains = No, must be specified, as it is not compatible with multiple domain environments. The idmap uid and idmap gid ranges must also be specified.

Unsupported Parameters or Options

Table 7–2 shows the parameters or options which are not supported by the HP CIFS Server.

Table 7-2 Unsupported Parameters or Options

winbind nss infoThis string variable control how winbind retrieves name service information to construct a user's home directory and login shell. Only the template option is functional, the SFU option is not supported by HP CIFS Server. If set to template, winbind constructs a user's home directory and login shell using the parameters of template shell and templatehomedir. The default setting is template
winbind nested groupsThis is a boolean variable. If set to yes, this parameter activates the support for nested groups. Nested groups are also called local groups or aliases. Nested groups are defined locally on any machine (they are shared between DC's through their SAM) and can contain users and global groups from any trusted SAM. To be able to use nested groups, you need to run nss_winbind. This parameter is not yet supported by HP CIFS Server. You may consider to use net groupmap. Refer to net groupmap help for detailed information.

 

A smb.conf Example

An example of smb.conf file is shown below:

[global]
workgroup = DomainA  # Doamin name
security = domain or ADS   

# Winbindd section
idmap uid = 50000-60000
idmap gid = 50000-60000
idmap backend = 
winbind enum users = no
winbind enum groups = no
winbind use default domain = no
winbind cache time = 300
winbind separator = \
template homedir = /home/%U
template shell = /sbin/sh

[shareA]
path = /tmp/shareA
guest ok = no
writable = yes

Configuring Name Service Switch

To use winbind support, you need to configure the Name Service Switch control file,/etc/nsswitch.conf, to use winbind as the name services for user or group name lookup.

For example, you can set up the /etc/nsswitch.conf file as follows:

passwd:     files winbind
group:      files winbind

In this example, NSS first checks the files, /etc/passwd and /etc/group, and if no entry is found, it checks winbind.

For detailed information on how to configure NSS, refer to switch(4) and "Configuring the Name Service Switch" in NFS Services Administrator's Guide at:

http://docs.hp.com/hpux/netcom/



When and How to Deploy Winbind
  		 


idmap Backend Support in Winbind  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.