HP CIFS Server Administrator's Guide Version A HP-UX 11i v2 and HP-UX 11i v3

(1)

HP CIFS Server Administrator's Guide

Version A.03.02.00

HP-UX 11i v2 and HP-UX 11i v3

HP Part Number: 5900-3071 Published: March 2013

(2)

Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

HP CIFS Server is derived from the Open Source Samba product and is subject to the GPL license. Trademark Acknowledgements

(3)

About this document...10

Intended audience...10

New and changed documentation in this edition...10

Typographical conventions...10

Publishing history...10

Document organization...11

HP welcomes your comments...12

1 Introduction to the HP CIFS Server...13

HP CIFS Server description and features...13

Features...13

Samba open source software and HP CIFS Server...14

Flexibility...14

HP CIFS Server documentation: Printed and Online...15

HP CIFS documentation roadmap...15

HP CIFS Server file and directory roadmap...17

2 Installing and configuring the HP CIFS Server...19

HP CIFS Server requirements and limitations...19

HP CIFS Server installation requirements...19

HP CIFS Server memory requirements...19

Software requirements...19

Swap space requirements...19

Memory requirements...20

Step 1: Installing HP CIFS Server software...20

An example...21

Step 2: Running the configuration script...21

Step 3: Modify the configuration...22

Configuration modification...22

Configure case sensitivity...22

Configure for SMB2 Features...24

Configuring print services for HP CIFS version A.03.02.00...24

Configuring a [printers] share...24

Creating a [printers] share...25

Setup Server for automatically uploading printer driver files...25

Setup Client for automatically uploading of printer drivers...26

Publishing printers in an MS Windows 2003/2008 R2 ADS domain...26

Setting up HP CIFS Server for publishing printers support...26

Publishing printers from a windows client...27

Verifying that the printer is published...28

Commands used for publishing printers...29

Searching printers...29

Removing a printer...29

Re-Publishing a printer...29

Setting up Distributed File System (DFS) support...29

Setting up a DFS Tree on a HP CIFS Server...30

Setting up DFS links in the DFS root directory on a HP CIFS Server...30

MC/ServiceGuard high availability support...31

Step 4: Starting the HP CIFS Server...31

Starting and stopping daemons individually...32

Configuring automatic start at system boot...32

Stopping and re-starting daemons to apply new settings...32 Contents 3

(4)

Other samba configuration issues...33

Translate open-mode locks into HP-UX advisory locks...33

Performance tuning using change notify...33

Special concerns when using HP CIFS Server on a Network File System (NFS) or a Clustered File System (CFS)...33

NetBIOS names are not supported on port 445...34

3 Managing HP-UX file access permissions from Windows

NT/XP/2000/Vista/Windows 7...35

Introduction...35

UNIX file permissions and POSIX ACLs...35

Viewing UNIX permissions from windows...35

The VxFS POSIX ACL file permissions...38

Using the Windows NT Explorer GUI to create ACLs...39

Using the Windows Vista Explorer GUI to create ACLs...41

POSIX ACLs and Windows XP, Windows Vista and Windows 7 clients...44

Viewing UNIX permissions from Windows XP, Windows Vista and Windows 7 clients...44

Setting permissions from Windows XP, Windows Vista and Windows 7 clients...45

Viewing ACLs from Windows 7 clients...46

Displaying the owner of a file...47

HP CIFS Server directory ACLs and Windows XP, Windows Vista and Windows 7 clients...47

Directory ACL types...47

Viewing ACLs from Windows 7 clients...47

Viewing basic ACLs from Windows 7 clients...47

Viewing advanced ACLs from Windows 2000 clients...48

Mapping Windows XP directory inheritance values to POSIX...49

Modifying directory ACLs from Windows XP clients...50

Removing an ACE entry from Windows XP clients...52

Examples...52

Adding directory ACLs from Windows XP clients...54

POSIX default owner and owning group ACLs...55

POSIX ACEs with zero permissions...55

In conclusion...55

4 Windows style domains...57

Introduction...57

Advantages of the Samba Domain model...57

Primary domain controllers...57

Backup domain controllers...58

Advantages of backup domain controllers...58

Limitations...58

Domain members...58

Configure the HP CIFS Server as a PDC...58

Configure the HP CIFS Server as a BDC...59

Promote a BDC to a PDC in a Samba Domain...60

Domain member server...60

Configure the HP CIFS Server as a member server...60

Join an HP CIFS Server to an NT Domian, Windows 2000/2003 (as a pre-Windows 2000 computer), or Samba Domain...61

Step-by-step procedure...62

Create the machine trust accounts...62

Configure domain users...64

Join a Windows client to a Samba Domain...64

Roaming profiles...67

Configuring roaming profiles...67

(5)

Running logon scripts when logging on...68

Home drive mapping support...68

Trust relationships...69

Configuring smb.conf for trusted users...69

Establishing a trust relationship on an HP CIFS PDC with another Samba Domain...69

Establishing a trust relationship on an HP CIFS PDC with an NT domain...70

Trusting an NT Domain from a Samba Domain...70

Trusting a Samba Domain from an NT domain...70

Establishing a trust relationship on an HP CIFS member server of a Samba Domain or an NT domain...70

5 Windows 2003 and Windows 2008 domains...71

Introduction...71

HP CIFS and other HP-UX Kerberos applications co-existence...71

HP-UX Kerberos client software and LDAP integration software dependencies...71

Strong authentication support ...72

Steps to install Certification Authority (CA) on a Windows ADS server...72

Steps to download the CA certificates from Windows CA server...73

Configuring HP CIFS server to enable startTLS...73

Joining an HP CIFS server to a Windows 2003 and Windows 2008 domain...74

Configuration parameters...74

Setting permissions for a user...75

Step-by-step procedure...76

Trust relationships...78

Establishing external trust relationships between HP CIFS PDCs and Windows 2003 and Windows 2008 domains...78

Establishing a trust relationship on an HP CIFS member server of a Windows 2003 or Windows 2008 domain...79

6 LDAP integration support...81

Overview...81

HP CIFS server advantages...82

Network environments...82

Domain model networks...82

CIFS Server acting as the Primary Domain Controller (PDC)...82

CIFS Server acting as the member server...82

CIFS Server acting as Backup Domain Controller (BDC) to Samba PDC...82

CIFS server acting as an Active Directory Service (ADS) member server...82

Workgroup model networks...83

UNIX user authentication - /etc/passwd, NIS migration...83

The CIFS authentication with LDAP integration...83

Summary of installing and configuring...84

Installing and configuring your directory server...84

Installing the directory server...84

Configuring your directory server...85

Verifying the directory server...85

Installing LDAP-UX client services on an HP CIFS server...85

Configuring the LDAP-UX client services...85

Quick configuration...86

Enabling Secure Sockets Layer (SSL)...89

Configuring the directory server to enable SSL...89

Configuring the LDAP-UX client to use SSL...90

Configuring HP CIFS Server to enable SSL...90

Extending the Samba subschema into your directory server...91

Samba subschema differences between HP CIFS Server versions...91

Procedures to extend the Samba subschema into your directory...91 Contents 5

(6)

Migrating your data to the directory server...92

Migrating all your files...92

An example...92

Migrating individual files...93

Environment variables...93

General syntax for perl migration scripts...93

Migration scripts...93

Examples...94

Migrating your data from one backend to another...94

Configuring the HP CIFS Server...95

LDAP configuration parameters...95

Configuring LDAP feature support...96

Creating Samba users in the directory...97

Adding credentials...97

Adding a Samba user to the LDAP directory ...98

Verifying Samba uers...98

Syntax...99 Option...99 Example...99 Management tools...99

7 Winbind support...100

Overview...100 Winbind features...100

Winbind process flow...102

Winbind supports non-blocking, asynchronous functionality...103

When and how to deploy Winbind...104

Commonly asked questions...104

Considering alternatives...105

Configuring HP CIFS Server with Winbind...107

Winbind configuration parameters...107

Unsupported parameters or options...108

A smb.conf example...109

Configuring Name Service Switch...109

idmap backend support in Winbind...109

idmap rid backend support ...109

Limitations using idmap rid ...110

Configuring and using idmap rid...110

LDAP backend support ...110

Configuring the LDAP backend...110

Starting and stopping winbind...111

Starting winbind...111

Stopping winbind...111

Automatically starting winbind at system startup...111

An Example for file ownership by winbind users...111

wbinfo Utility...112

8 Kerberos support...113

Introduction...113

Kerberos overview...113

Kerberos CIFS authentication example...114

HP-UX Kerberos application co-existence...114

Components for Kerberos configuration...114

(7)

9 HP CIFS deployment models...117

Introduction...117

Samba domain model...117

Samba Domain components...120

HP CIFS Server acting as a PDC...120

HP CIFS Server acting as a BDC...120

HP CIFS acting as the member server...121

An example of the Samba Domain model...121

A Sample smb.conf file for a PDC...121

Configuration options...122

A Sample smb.conf file for a BDC...123

A Sample smb.conf file for a domain member server...123

A Sample /etc/nsswitch.ldap file...124

Windows domain model...125

Components for Windows domain model...126

An Example of the ADS domain model...126

A sample smb.conf file For an HP CIFS ADS member server...126

A sample /etc/krb5.conf file...128

A sample /etc/nsswitch.conf file...128

An example of Windows NT domain model...129

A Sample smb.conf file for an HP CIFS member server...129

Unified domain model...131

Unified domain components...132

HP CIFS acting as a Windows 200x ADS member server...132

Setting up the unified domain model...132

Setting up LDAP-UX client services on an HP CIFS Server...132

Installing and configuring LDAP-UX client services on an HP CIFS Server...132

Configuring /etc/krb5.conf to authenticate using Kerberos...133

Installing SFU 3.5 on a Window 2003 or 2008 R2 ADS Domain Controller...133

An Example of the Unified omain Model...133

A sample smb.conf file for an HP CIFS member server...134

A sample /etc/krb5.conf file...134

A sample /etc/nsswitch.conf file...135

10 Securing HP CIFS Server...136

Security protection methods...136

Restricting network access...136

Using host restrictions...136

An example...136

Using interface protection...136

Interface protection example...136

Using a firewall...137

Using an IPC$ share-based denial...137

Protecting sensitive information...137

Encrypting authentication...137

Protecting sensitive configuration files...138

Using %m name replacement macro With caution...138

Restricting execute permission on stacks...139

Restricting user access...139

Automatically receiving HP security bulletins...139

Reporting new security vulnerabilities...140

11 Configuring HA HP CIFS...141

Overview of HA HP CIFS Server...141 Contents 7

(8)

Recommended clients...141

Installing highly available HP CIFS Server...141

HA HP CIFS Server installation...141

Configure a highly available HP CIFS Server...142

Introduction...142

Instructions...142

Edit the package configuration file samba.conf...144

Edit the samba.cntl control script ...145

Edit the samba.mon monitor script...147

Create the MC/ServiceGuard binary configuration file...147

Special notes for HA HP CIFS Server...148

12 HP-UX configuration for HP CIFS...154

HP CIFS process model...154

TDB memory-mapped access for HP CIFS Server...154

Fixed size memory map support on HP-UX 11i v2 PA and HP-UX 11i v3 PA systems...154

Configuration parameters...154

Mostly Private Address Space (MPAS) support on HP-UX 11i v2 IA and HP-UX 11i v3 IA systems...158

Unified file cache support on an HP-UX 11i v3 system...159

What to do if you encounter memory map error messages...159

Constraints...160

Overview of Kernel configuration parameters...160

Configuring Kernel parameters for HP CIFS...160

Swap space requirements...161

Memory requirements...161

13 Tool reference...162

HP CIFS management tools...162

Smbpasswd ...162 Syntax...163 Examples...164 Syncsmbpasswd...164 Options...164 Example...164 Pdbedit ...165 Syntax...165 Examples...167 net ...168 Net commands...168

Syntax for net user...169

Examples...170

wbinfo ...170

Syntax...170

Examples...172

LDAP directory management tools...172

ldapmodify...173 Syntax...173 ldapmodify options...173 Examples...173 ldapsearch...173 Syntax...174 ldapsearch options...174 Examples...174 ldapdelete...174 Syntax...175

(9)

ldapdelete options...175

Examples...175

Glossary...176

Index...178

(10)

About this document

This document describes how to install, configure, and administer the HP CIFS Server product. It is the official documentation supported for the HP CIFS Server product. This document provides HP-UX common variations, features, and recommendations tested and supported by HP. Other documentations such as The Samba How To Collection and Using Samba, 2nd Edition, supplied with the HP CIFS Server product are provided as a convenience to the user. This document and all the previous-release related documents are located atwww.hp.com/go/hpux-networking-docs.

Intended audience

This document is intended for system administrators, who want to install, configure, and administer the HP CIFS Server product. For additional information about the HP CIFS Server, see HP CIFS Server documentation online atwww.hp.com/go/hpux-networking-docs.

New and changed documentation in this edition

This edition documents the following changes for HP CIFS Server version A.03.02.00: • HP CIFS Server version A.03.02.00 is based on open source Samba 3.6.6.

• HP CIFS Server now supports Windows Server 2008, Windows Server 2008r2, Windows Vista and Windows 7 operating systems. Support for these operating systems is documented. NOTE: Starting from version A.03.01.xx, HP CIFS Server does not provide support for CFSM. HP provides support only for the contents described in the HP CIFS Server Administrator Guide.

Typographical conventions

Table 1 Documentation conventions

Examples Font

Type of Information

> user logged in. Monotype

Representations of what appears on a display, program/script code and command names or parameters

Users should verify that the power is turned off before removing the board.

Italics

Emphasis in text, actual document titles

Publishing history

Table 2 Publishing history details

Publication Date Supported Product

Versions Operating Systems

Supported Document Manufacturing Part

Number March 2013 A.03.02.00 HP-UX 11i v2 5900-3071 January 2013 A.03.02.00 HP-UX 11i v3 5900-2578 April 2012 A.03.01.04

HP-UX 11i v2 and HP-UX 11i v3

5900–2303

October 2011 A.03.01.03

HP-UX 11i v2 and HP-UX 11i v3 5900–2006 September 2011 A.03.01.02 HP-UX 11i v3 5900-1766 May 2011 A.03.01.01

(11)

Table 2 Publishing history details (continued) Publication Date Supported Product Versions Operating Systems Supported Document Manufacturing Part

Number

December 2010 A.03.01

5900-1282

March 2010 A.02.04

HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 5990-5097

May 2009 A.02.04

HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 B8725-90143

January 2008 A.02.03.03

HP-UX 11i v1, HP-UX 11i v2 and HP-UX 11i v3

B8725-90133

June 2007 A.02.03.01

B8725-90118

February 2007 A.02.03

HP-UX 11i v1, HP-UX 11i v2 and HP-UX 11i v3

B8725-90110

August 2006 A.02.03

HP-UX 11i v1, HP-UX 11i v2 B8725-90103

April 2006 A.02.02

HP-UX 11i v1, HP-UX 11i v2 B8725-90101

October 2005 A.02.02

HP-UX 11i v1, HP-UX 11i v2 B8725-90093

February 2005 A.02.01.01

HP-UX 11i v1, HP-UX 11i v2 B8725-90079

December 2004 A.02.01

HP-UX 11i v1, HP-UX 11i v2 B8725-90074

June 2004 A.01.11.01

11.0, HP-UX 11i v1, HP-UX 11i v2

B8725-90063

February 2004 A.01.11

11.0, HP-UX 11i v1, HP-UX 11i v2

B8725-90061

September 2003 A.01.10

11.0, HP-UX 11i v1, HP-UX 11i v2 B8725-90053 March 2002 A.01.08 11.0, HP-UX 11i v1 B8725-90021

Document organization

This manual describes how to install, configure, administer and use the HP CIFS Server product. The manual is organized as follows:

Chapter 1 Introduction to the HP CIFS Server Use this chapter to obtain a summary and an introduction of HP CIFS Server architecture, available documentation resources and product organization roadmap.

Chapter 2 Installing and Configuring the HP CIFS Server Use this chapter to learn how to install, configure the HP CIFS Server product.

Chapter 3 Managing HP-UX File Access Permissions from Windows NT/XP Use this chapter to understand how to use Windows NT and XP clients to view and change UNIX file permissions and POSIX Access Control List on an HP CIFS Server.

Chapter 4 NT Style Domains Use this chapter to learn how to set up and configure the HP CIFS Server as a PDC or BDC. This chapter also describes the process for joining an HP CIFS Server to an NT style domain, Samba domain, or a Windows 2003/2008 R2 ADS domain as a pre-Windows 2000 compatible computer. Chapter 5 Windows 2003 and Windows 2008 Domains Use this chapter to understand the

process for joining an HP CIFS Server to a Windows 200x Domain using Kerberos security.

(12)

Chapter 6 LDAP-UX Integration Support Use this chapter to learn how to install, configure and verify the HP Netscape Directory, HP LDAP-UX Integration product and HP CIFS Server software with LDAP feature support.

Chapter 7 Winbind Support Use this chapter to learn how to set up and configure the HP CIFS Server with the winbind support.

Chapter 8 Kerberos Support Use this chapter to understand configuration detail which can be used when HP CIFS Server co-exists with other HP-UX applications that make use of the Kerberos security protocol.

Chapter 9 HP CIFS Deployment Models This chapter describes three HP CIFS deployment models: Samba Domain, Windows Domain, and Unified Domain. Examples of configuration files for each deployment model are provided for reference. Chapter 10 Securing HP CIFS Server Use this chapter to understand the network security

methods that you can use to protect your HP CIFS Server.

Chapter 11 Configuring HA HP CIFS Use this chapter to understand the procedures required to configure the active-standby or active-active High Availability configuration. Chapter 12 HP-UX Configuration for HP CIFS This chapter provides guidance for configuring

and optimizing the HP-UX kernel and system for use with HP CIFS.

Chapter 13 Tool Reference This chapter describes tools for management of Samba user, group account database.

HP welcomes your comments

HP welcomes your comments and suggestions on this document. We are truly committed to provide documentation that meets your needs. You can send comments to:[email protected]

Please include the following information along with your comments:

• The complete title of the manual and the part number. The part number appears on the title page of printed and PDF versions of a manual.

• The section numbers and page numbers of the information on which you are commenting. • The version of HP-UX that you are using.

(13)

1 Introduction to the HP CIFS Server

This chapter provides a general introduction to this document, HP CIFS, information about Samba, the Open Source Software suite upon which the HP CIFS server is based, HP enhancements to the Samba source, along with the various documentation resources available for HP CIFS.

HP CIFS Server description and features

The HP CIFS Server product implements many Windows Servers features on HP-UX. The Microsoft Common Internet File System (CIFS) protocol, sometimes called Server Message Block (SMB), is a Windows network protocol for remote file and printer access. Because the HP CIFS Server product gives HP-UX access to the CIFS protocol, HP CIFS Server enables HP-UX to interoperate in network environments exposed to Windows clients and servers by means of a Windows native protocol. The HP CIFS Server source is based on Samba, an Open Source Software (OSS) project first developed in 1991 by Andrew Tridgell. Samba has been made available to HP and others under the terms of the GNU Public License (GPL). The goal of GPL software is to encourage the cooperative development of new software. To learn about the GNU Public License, refer to the web site at http://www.fsf.org. A Samba team continues to update the Samba source. To learn about the Samba team, visit their web site athttp://www.samba.org.

Features

HP CIFS Server merges the HP-UX and Windows environments by integrating HP-UX and Windows features as follows:

• Authentication Mechanisms and Secure Communication Methods including: Netscape Directory Server/Red Hat Directory Service (NDS/RHDS) via LDAP

◦

Windows Active Directory Services (ADS)

◦

Kerberos, NTLMv2, and SMB Signing Support

◦

HP CIFS internal mechanisms to facilitate HP-UX and Windows compatibility such as username mapping, winbind, and idmap_rid.

• File System Access Support • Network Printer Access Support

• Domain Features and Network Neighborhood Browsing

HP CIFS Server A.03.02.00 release supports the following new features: • Full support for SMB2

SMB2 within Samba is implemented with a brand new asynchronous server architecture, allowing Samba to display the performance enhancements SMB2 brings to Microsoft networking technology.

• Improved Printing Support

Print subsystem has been rewritten to use automatically generated RPCs and provides greater compatibility with the Windows SPOOLSS print subsystem architecture, including export of printer data via registry interfaces.

(14)

• Simplified Identity Mapping

For this release, ID mapping has been rewritten yet again with the goal of making the

configuration simpler and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects.

• Caching of user credentials by winbind

Winbind allows to logon using cached credentials.

Integrated authentication mechanisms means that administrators can centrally manage both UNIX and Windows users, groups, and user attributes on their choice of Windows ADS, NT, NDS/RHDS, or HP CIFS Server’s tdbsam or smbpasswd account databases. The CIFS clients can have their users authenticated through a single Windows interface enabling HP-UX and Windows server resource access by means of secure communication channels.

Integrated file system access means that users can use Windows clients and interfaces including Windows GUIs and applications such as Microsoft Office to read, write, copy, or execute files on HP-UX and Windows clients and servers. Users and administrators can use Windows to set access control rights on files stored on HP-UX.

Integrated printer access means that users can publish and find network printers, download drivers from HP-UX systems, and print to printers with Windows interfaces.

Integrated domain features and network neighborhood means that HP-UX Servers and their file systems can participate in Windows NT or Windows 2003/2008 R2 ADS domain and can be found through Windows interfaces along Windows resources. HP CIFS Servers can also present their own domain.

Samba open source software and HP CIFS Server

Since the HP CIFS Server source is based on Samba open source software, it gains the advantages of the evolutionary growth and improvement efforts of Samba developers around the world. In addition, HP CIFS Server also provides the following support:

• Includes Samba defect fixes and features only when they meet expectations for enterprise reliability.

• Provides HP developed defect fixes and enhancement requests for HP customers.

• Source is compiled and tuned specifically for the HP-UX platform and integrated with the latest HP-UX environments.

• Adds customized scripts and Serviceguard templates for HP-UX environments. • Provides documentation specifically for HP-UX users.

Flexibility

In order to accommodate a great variety of environments, HP CIFS Server provides many features with hundreds of configuration options. Various management tools are available to establish and control CIFS attributes. Chapter 13, “Tool Reference”, explains the management tools. Chapter 2, “Installing and Configuring the HP CIFS Server”, discusses the installation and configuration process. You must first understand the deployment environment and choose the appropriate features for your server. The concept of Samba Domain, Windows Domain, and Unified Domain models was developed to assist in deploying HP CIFS Server based on the particulars of various popular network environments. Hence, Chapter 9, “HP CIFS Deployment Models”, describes each model and the relevant configuration parameters required to establish servers in each deployment model. Windows domain concepts are applied within the deployment models. HP CIFS Servers can participate in either older NT style or newer Windows 2003/Windows 2008 style domains. Chapter 4, “NT Style Domains”, describes how an HP CIFS Server can participate in an NT style

(15)

domain. Chapter 5, “Windows 2003 and Windows 2008 Domains”, describes how an HP CIFS Server joins a Windows 2003 or a Windows 2008 domain as an ADS domain member server. HP CIFS Server manages a given configuration using a configuration file, /etc/opt/samba/ smb.conf(by default) which contains configuration parameters set appropriately for the specific installation. HP CIFS Server must also maintain internal data (including Trivial Data Base (TDB)) files and log files in the /var/opt/samba directory (by default). See Table 1-2,Table 4 (page 17), for the full HP CIFS Server product layout.

HP CIFS Server documentation: Printed and Online

The set of documentation that comprises the information you need to explore the full features and capabilities of the HP CIFS product consists of non-HP books available at most technical bookstores, and this printed and online manual HP CIFS Server Administrator's Guide available on the following web site:

http://www.docs.hp.com

A list of current recommended non-HP Samba documentation is:

• The Official Samba-3 HOWTO and Reference Guide by John H. Terpstra and Jelmer R. Vernooij, Editors, ISBN: 0-13-145355-6.

• Samba-3 By Example Practical exercises to Successful Deployment by John H. Terpstra, ISBN: 0-13-147221-6.

• Using Samba, 2nd Edition Robert Eckstein, David Collier-Brown, Peter Kelly and Jay Ts. (O'Reilly, 2000), ISBN: 0-596-00256-4.

• Samba, Integrating UNIX and Windows by John D Blair (Specialized Systems Consultants, Inc., 1998), ISBN: 1-57831-006-7.

• Samba Web sitehttp://www.samba.org/samba/docs.

When using the HP CIFS product, HP recommends that you refer to The Samba HOWTO Collection and Samba-3 by Example, shipped with the product in the /opt/samba/docs directory. The book, Using Samba, 2nd Edition, can also be found in /opt/samba/swat/using_samba. All three books are also available through Samba Web Administration Tool (SWAT).

IMPORTANT: The book Using Samba, 2nd Edition describes a previous version of Samba (V.2.0.4). However, much of the information in Using Samba, 2nd Edition is applicable to this version of the CIFS Server. Readers should always use the HP-provided Samba man pages or the SWAT help facility for the most definitive information on the HP CIFS server.

NOTE: Please note that non-HP Samba documentation sometimes includes descriptions of features and functionality planned for future releases of Samba, or that are only offered on certain operating system platforms. The authors of these books do not always provide information indicating which features are in existing releases and which features will be available in future Samba releases, or are specific to a particular operating system.

HP CIFS documentation roadmap

Use the following road map to locate the Samba and HP CIFS documentation that provides details of the features and operations of the HP CIFS Server.

Table 3 Documentation roadmap

Document Title: Chapter: Section HP CIFS Product

HP CIFS Server Administrator's Guide: “Chapter 1, Introduction to the HP

CIFS Server” Server Description

Samba Meta FAQ No. 2, “General Information about Samba” Samba FAQ No. 1, “General Information”

(16)

Table 3 Documentation roadmap (continued)

Samba Server FAQ: No. 1, “What is Samba” Using Samba: Chapter 1, “Learning the Samba” Samba Man Page: samba(7)

HP CIFS Client Administrator's Guide: Chapter 1, “Introduction to the HP

CIFS Client”

CIFS Client” Client Description

HP CIFS Server Administrator's Guide: Chapter 1 “Introduction to the HP

CIFS Server”, Section: “HP CIFS Enhancements to the Samba Server Source”, and Chapter 3, “Access Control Lists (ACLs)”

HP Add-on Features

CIFS Client”, Sections: “HP CIFS Extensions” and “ACL Mappings”

HP CIFS Server Administrator's Guide: Chapter 2. “Installing and

Configuring the HP CIFS Server” Server Installation

Samba FAQ: No 2, “Compiling and Installing Samba on a UNIX Host” HP CIFS Client Administrator's Guide: Chapter 2. “Installing and Configuring

the HP CIFS Client” Client Installation

Samba HOWTO and Reference Guide: Chapter 30, “SWAT - The Samba

Web Administration Tool” or Using Samba: Chapter 2, “Installing Samba on a Unix System”

Samba GUI Administration Tools

HP CIFS Server Administrator's Guide: Chapter 2, “Installing and

Configuring the HP CIFS Server” Server Configuration

HP CIFS Client Administrator's Guide: Chapter 2, “Installing and Configuring

the HP CIFS Client” Client Configuration

HP CIFS Server supports three deployment models: Samba Domain Model,

Windows Domain Model and Unified Domain Model. See HP CIFS Server

Administrator's Guide: Chapter 9, “HP CIFS Deployment Models”

Server deployment models

HP CIFS Client Administrator's Guide: Chapter 8, “PAM NTLM”

Configuration: PAM

HP-UX Man page: pam(3) HP-UX Man page: pam.conf

HP CIFS Server Administrator's Guide: Chapter 2

Server: Starting & Stopping

HP CIFS Client Administrator's Guide: Chapter 2.

Client: Starting & Stopping

Using Samba: Appendix D, “Summary of Samba Daemons and Commands”

for detailed information about the command-line parameters for Samba programs such as smbd, nmbd,smbstatus and smbclient. Server: Samba Scripts

HP CIFS Client Administrator's Guide: Chapter 9, “HP CIFS Deployment

Domain Models” SMB & CIFS File Protocols

Using Samba: Chapter 1, “Learning the Samba”

SMB & CIFS Network Design

Samba Meta FAQ No. 4: “Designing an SMB and CIFS Network”

Refer to man pages in SWAT Samba Man Pages

Samba HOW TO and Reference Guide

Server Utilities

Client Utilities _{HP CIFS Client Administrator's Guide: Chapter 5, “Command-line Utilities”}

Samba HOWTO and Reference Guide: Chapter17, “Classic Printing

Support” Server Printing

(17)

Table 3 Documentation roadmap (continued)

Refer to Chapter 9, “Network Browsing” in Samba HOW TO and Reference

Guide for a description of browsing functionality and all browsing options.

Server Browsing

HP CIFS Client Administrator's Guide: Chapter 11, “Securing CIFS Server”.

Server Security

Part V, Troubleshooting, Samba HOW TO and Reference Guide Server Troubleshooting

Using Samba, Chapter 9, “Troubleshooting Samba”

Samba FAQs No. 4, “Specific Client Application Problems” and No 5, “Miscellaneous” DIAGNOSIS.txt in the /opt/samba/docs directory Samba Man page: debug2html(1), smbd(8), nmbd(8), smb.conf(5)

HP CIFS Client Administrator's Guide: Chapter 6, “Troubleshooting and

Error Messages” Client Troubleshooting

HP CIFS now works with NIS and NIS+. For detailed information on special options, refer to Samba HOW TO and Reference Guide.

NIS and HP CIFS

HP CIFS Server file and directory roadmap

The default base installation directory of HP CIFS Server product is /opt/samba. The HP CIFS configuration files are located in the directory /etc/opt/samba. The HP CIFS log files and any temporary files are created in /var/opt/samba.

Table 1-2 briefly describes the important directories and files that comprise the CIFS Server. Table 4 Files and directory description

Description File/Directory

This is the base directory for most of the HP CIFS Server product files.

/opt/samba

This is the directory that contains the source code for the HP CIFS Server (if the source bundle was installed). /opt/samba_src

This is the directory that contains the binaries for HP CIFS Server, including the daemons and utilities.

/opt/samba/bin

This directory contains the man pages for HP CIFS Server. /opt/samba/man

This directory contains various scripts which are utilities for the HP CIFS Server.

/opt/samba/script

This directory contains html and image files which the Samba Web Administration Tool (SWAT) needs. /opt/samba/swat

This directory contains example High Availability scripts, configuration files, and README files.

/opt/samba/HA

This directory contains the HP CIFS Server log files as well as other dynamic files that the HP CIFS Server uses, such as lock files.

/var/opt/samba

This directory contains configuration files which the HP CIFS Server uses, primarily the smb.conf file. /etc/opt/samba

This is the main configuration file for the HP CIFS Server, which is discussed in great detail elsewhere.

/etc/opt/samba/smb.conf

This is the defaultsmb.conf file that ships with the HP CIFS server. This can be modified to fit your needs. /etc/opt/samba/smb.conf.default

This directory contains files which HP CIFS Server uses for LDAP integration support.

/opt/samba/LDAP3

(18)

Table 4 Files and directory description (continued)

Description File/Directory

These are copies of the GNU Public License which applies to the HP CIFS Server.

/opt/samba/COPYING, /opt/samba_src/COPYING, /opt/samba_src/samba/COPYING

This is the script that starts HP CIFS Server at boot time and stops it at shutdown (if it is configured to do so). /sbin/init.d/samba

This text file configures whether the HP CIFS server starts automatically at boot time or not.

/etc/rc.config.d/samba

These are links to /sbin/init.d/samba, which are actually executed at boot time and shutdown time to start and stop the HP CIFS Server, (if it is configured to do so). /sbin/rc2.d/S900samba, /sbin/rc1.d/K100samba

(19)

2 Installing and configuring the HP CIFS Server

This chapter describes the procedures to install and configure the HP CIFS Server software. It contains the following sections:

• HP CIFS Server Requirements and Limitations • Step 1: Installing HP CIFS Server Software • Step 2: Running the Configuration Script • Step 3: Modify the Configuration • Step 4: Starting the HP CIFS Server

HP CIFS Server requirements and limitations

Prior to installing the HP CIFS product, check that your system can accommodate the following product requirements and limitations.

HP CIFS Server installation requirements

The HP CIFS Server requires approximately 210 MB of disk space for installation on an HP-UX 11i v2 system and 215 MB of disk space for installation on an HP-UX 11i v3 system. The HP CIFS Server source code files requires approximately 36 MB of disk space.

NOTE: The CIFS Server source code files are not required for execution of HP CIFS Server. You can choose not to install them or you can remove them after installation at the following location: /opt/samba_src

HP CIFS Server memory requirements

An smbd process is usually created for each new connection. Each smbd requires about 4 MB of system memory on HP-UX 11i v2 and HP-UX 11i v3.

The smbd process may now also allocate memory for specialized caching requirements as needed. The size and timing of these memory allocations vary widely depending on the client type and the resources being accessed. However, most client access patterns will not trigger such specialized caching. System administrators should routinely monitor memory utilization in order to evaluate this dynamic memory behavior. You may need to adjust HP-UX server memory configurations to accommodate these changes while upgrading from previous versions.

For details, see Chapter 12, “HP-UX Configuration for HP CIFS” in this manual.

Software requirements

The following describes software requirements:

• HP CIFS Server A.02.04.02 or later requires LDAP-UX Integration product, J4269AA, to be installed.

• Kerberos v5 Client E.1.6.2.10 or later is required to support HP CIFS Server integration with a Windows 2003 or Windows 2008 ADS Domain Controller (DC) on HP-UX 11i v3. • Kerberos v5 Client D.1.6.2 or later is required to support HP CIFS Server integration with a

Windows 2003 or Windows 2008 ADS Domain Controller (DC) on HP-UX 11i v2.

Swap space requirements

Due to the one-process-per-client model of HP CIFS, perhaps the most stringent requirement imposed on the system is that of swap space. HP-UX reserves a certain amount of swap space for each process that is launched, to prevent it from being aborted in case it needs to swap out some pages

(20)

during times of memory pressure. Other operating systems, only reserve swap space when it is needed. This results in the process not finding the swap space that it needs, in which case it has to be terminated by the OS.

Each smbd process will reserve about 2 MB of swap space and depending on the type of client activity, process size may grow up to 4 MB of swap space. For a maximum of 2048 clients, 4 * 2048 or about 8 GB of swap space would be required. Therefore, HP recommends configuring enough swap space to accommodate the maximum number of simultaneous clients connected to the HP CIFS server.

Memory requirements

Each smbd process requires approximately 4 MB of memory on HP-UX 11i v2 and HP-UX 11i v3. For 2048 clients, therefore, the system must have at least 8 GB of physical memory. This is over and above the requirements of other applications that will be running concurrent with HP CIFS.

Step 1: Installing HP CIFS Server software

If the HP CIFS Server software has been pre-installed on your system, you may skip Step 1 and go directly to “Step 2: Running the Configuration Script.”

HP CIFS Server Upgrades:

If you are upgrading an existing HP CIFS Server configuration, HP recommends that you create a backup copy of your current environment. The SD install procedure may alter or replace your current configuration files. All files under /var/opt/samba, /etc/opt/samba, and /opt/ sambamust be saved in order to ensure that you will be able to return to your current configuration, if necessary. For example:

$ stopsmb

or if winbind is in use, then do: $ stopsmb -w

$ mkdir /tmp/cifs_save

$ tar -cvf /tmp/cifs_save/var_backup.tar /var/opt/samba $ tar -cvf /tmp/cifs_save/etc_backup.tar /etc/opt/samba $ tar -cvf /tmp/cifs_save/optsamba_backup.tar /opt/samba

Do not use the -o option with the tar command. This will ensure proper file ownership. If a problem with the upgrade does occur, use SD to remove the entire HP CIFS Server product and restore your previous backup version. Once this is done, you may restore the saved configuration files and the HP CIFS Server. For example:

$ tar -xvf /tmp/cifs_save/var_backup.tar $ tar -xvf /tmp/cifs_save/etc_backup.tar $ tar -xvf /tmp/cifs_save/optsamba_backup.tar

This procedure is not intended to replace a comprehensive backup strategy that includes user data files.

If you are in security = domain, or security = ads mode, it will probably be necessary to re-join an HP CIFS Server to the domain once you restore your previous backup version. See “Windows style domains” (page 57)and“Windows 2003 and Windows 2008 domains” (page 71)for details on how to re-join an HP CIFS Server to a Windows domain.

Overview:

Installation of the HP CIFS Server software includes loading the HP CIFS Server filesets using the swinstall(1M)utility, completing the HP CIFS configuration procedures, and starting Samba using the startsmb script.

(21)

Installing From a Software Depot File:

To install the HP CIFS Server software from a depot file, such as those downloadable fromhttp:// www.hp.com/go/softwaredepot, enter the following at the command line:

swinstall options -s /path/filename ProductNumber

Where theProductNumber is CIFS-SERVER for HP-UX 11i v2 or HP-UX 11i v3. optionsis -x autoreboot=true

pathmust be an absolute path, it must start with /, for example,/tmp.

filenameis the name of the downloaded depot file, usually a long name of the form: CIFS-SERVER_A.03.02.00_HP-UX_B.11.31_IA_PA.depot

An example

For example, to install HP CIFS Server A.03.02.00 on an HP-UX 11i v3 system from a downloaded depot file, enter the following command:

swinstall -x autoreboot=true \

-s /tmp/CIFS-SERVER_A.03.02.00_HP-UX_B.11.31_IA_PA.depot CIFS-SERVER

Step 2: Running the configuration script

The samba_setup configuration script is intended for new installations only. Prior to running the samba_setupconfiguration script, you must obtain some basic configuration information and might need to install additional software based on the HP CIFS deployment domain model you use. You need to supply the following before you run the samba_setup script:

• Decide whether an HP CIFS to be a WINS server or not.

• Obtain the WINS IP address if the HP CIFS accesses an existing WINS server.

• Provide the following global LDAP parameters information if you choose to use an LDAP backend:

◦

the fully qualified distiguished name for the LDAP directory server

◦

ldap SSL

◦

ldap suffix

◦

ldap user suffix

◦

ldap group suffix

◦

ldap admin dn

For detailed information on how to configure LDAP parameters, see“LDAP integration support” (page 81).

• Obtain the name of your HP CIFS Server.

• Provide the following information if you choose to use the Windows NT4 domain: the name of your domain

◦

the name of your Primary Domain Controller (PDC)

◦

the names of Backup Domain Controllers (BDCs)

◦

administrator user name and password

See“Windows style domains” (page 57) for detailed information.

(22)

• Provide the following information if you choose to use the Windows Active Directory Server (ADS) realm:

◦

the name of your realm

◦

the name of your Domain Controller

◦

administrator user name and password

◦

LDAP-UX Integration product is installed

◦

ensure that the most recent Kerberos client product is installed

For detailed information on how to join an HP CIFS Server to a Windows 2000/2003 Domain using Kerberos security, see“Windows 2003 and Windows 2008 domains” (page 71). • Select the following authentication security type if you attempt to use the workgroup

environment:

◦

Server-level security: When this security type is specified, password authentication is handled by another SMB password server. When a client attempts to access a specific share, Samba checks that the user is authorized to access the share. Samba then validates the password via the SMB password server.

NOTE: HP does not recommend you use the server-level security type, this security type will be unavailable in the future.

◦

User-level security: When this security type is specified, each share is assigned specific users. When a request is made for access, Samba checks the user's user name and password against a local list of authorized users and only gives access if a match is made.

◦

Share-level security: When this security type is specified, each share (directory) has at least one password associated with it. Anyone with a password will be able to access the share. There are no other access restrictions.

• Run the Samba configuration script using the command below: /opt/samba/bin/samba_setup

The script will modify thesmb.conf file according to the information that you have entered.

Step 3: Modify the configuration

Configuration modification

HP CIFS Server requires configuration modifications for the following functionality: • Case Sensitivity for the Client and Server for UNIX Extensions

• DOS Attribute Mapping

• Print Services for version A.03.02.00 • Distributed File System (DFS) Support

• Configure MC/ServiceGuard High Availability (HA)

Configure case sensitivity

By default, the HP CIFS Server is configured to be case insensitive, like Windows.

NOTE: HP recommends that when using CIFS Extensions for UNIX, both the CIFS Client and Server be configured to be case sensitive.

(23)

For the CIFS Server, edit the server configuration file: /etc/opt/samba/smb.conf as follows: case sensitive = yes

For the CIFS Client configuration, in the /etc/opt/cifsclient/cifsclient.cfg file, ensure the following default is set:

caseSensitive = yes

map system, map hidden and map archive Attributes

There are three parameters, map system, map hidden, and map archive, that can be configured in Samba to map DOS file attributes to owner, group, and other execute bits in the UNIX file system.

When using the CIFS Client, you may want to have all three of these parameters turned off. If the map archiveparameter is on, any time a user writes to a file, the owner execute permission will be set. This is usually not desired behavior for HP CIFS clients or UNIX clients in general.

By default,map system andmap hidden are off, andmap archive is on. To turnmap archive off, modify/etc/opt/samba/smb.conf as follows: map archive = no

map readonly attribute

The smb.conf parameter, map readonly, controls how the DOS read only attribute should be mapped from a UNIX files system.

Three valid settings for this parameter are:

yes The read only DOS attribute is mapped to the inverse of the user (owner) write bit in the UNIX permission mode set. If the owner write bit is not set, the read only attribute is reported as being set on the file.

permissions The read only DOS attribute is mapped to the effective permissions of the connecting user, as evaluated by reading the UNIX permissions and POSIX ACL (if present). If the connecting user does not have permission to modify the file, the read only attribute is reported as being set on the file.

no The read only DOS attribute is unaffected by permissions.

By default, the map readonly attribute is set to “yes”. Samba uses user (owner) access permission to determine whether a file is read only. The file access permission is determined by the POSIX write access permission for user (owner). If the write permission on a file is not set for the user (owner), then Samba treats that file as read-only. Once Samba identifies a file as read-only, any write access attempting to that file would immediately result in access denied error. Group members are unable to write to a file with UNIX write access permission disabled for the user (such as 070 or 060).

If you set this parameter to permissions, the file access permissions for group members will be evaluated by validating UNIX group permissions. Group members can write to files with UNIX write permission enabled for the group (such as 060 or 070). The smb.conf parameter, store dos attributes, must be set to No (default), otherwise, the map readonly parameter setting will be ignored.

(24)

Configure for SMB2 Features

Table 5 List of SMB2 parameters

Default Description

Parameter Name

This parameter enables SMB2 protocol. We can test SMB2 feature max protocol = SMB2

only with Windows 7 or windows vista client.

smb2 max read = 65536 This option specifies the protocol

value that smbd(8) will return to a smb2 max read

client, informing the client of the largest size that may be returned by a single SMB2 read call.

NOTE: Currently this parameter is hardcoded to 65536 and cannot be configured.

smb2 max write = 65536 This option specifies the protocol

value that smbd(8) will return to a smb2 max write

client, informing the client of the largest size that may be sent to the server by a single SMB2 write call.

NOTE: Currently this parameter is hardcoded to 65536 and cannott be configured.

smb2 max trans = 65536 This option specifies the protocol

value that smbd(8) will return to a smb2 max trans

client, informing the client of the largest size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls.

smb2 max credits = 8192 This option controls the maximum

number of outstanding simultaneous smb2 max credits

SMB2 operations that Samba tells the client it will allow. You should never need to set this parameter.

async smb echo handler = no This parameter specifies whether

Samba should fork the async smb async smb echo handler

echohandler. It can be beneficial if your file system can block syscalls for a very long time. In some

circumstances, it prolongs the timeout that Windows uses to determine whether a connection is dead.

Configuring print services for HP CIFS version A.03.02.00

This section provides information about configuring Print Services on systems running HP CIFS version A.03.02.00. The HP CIFS Server now provides the following NT printing functionality: • Support for Windows Access Control Lists (ACL) on printer objects

Information about setting up and configuring each of the Print Services (except ACLs) is shown in the following sections. Information about configuring ACL Support is discussed in a previous section.

Configuring a [printers] share

The following is a minimal printing setup. Use either one of the following two procedures to create a [printers] share:

(25)

1. SWAT (Samba Administration Tool)

-or-2. Create a [printers] share in the /etc/opt/samba/smb.conf file. Refer to the following example:

[hpdeskjet] path = /tmp printable = yes

Where "hpdeskjet" is the name of the printer to be added.

Creating a [printers] share

Configure a [printers] share in the /etc/opt/samba/smb.conf file. Refer to the following example:

[printers] path = /tmp printable = yes browseable = no

This share is required if you want the printer's list to be displayed in SWAT, which is not defined in the smb.conf file, but exists on the HP CIFS Server. If this share is not defined, the printer's list will display only those printer shares which are defined in the smb.conf file.

Setup Server for automatically uploading printer driver files

In order to add a new driver to your Samba host using version A.03.01.04 of the software, one of two conditions must hold true:

1. The account used to connect to the Samba host must have a uid of 0 (i.e. a root account), or 2. The account used to connect to the Samba host must be a member of the printer admin list.

This will require a [global] smb.conf parameter as follows: printer admin = netadmin

The connected account must still possess access to add files to the subdirectories beneath [print$]. Keep in mind that all files are set to 'read only' by default, and that theprinter admin parameter must also contain the names of all users or groups that are going to be allowed to upload drivers to the server, not just 'netadmin'.

The following is an example of the other parameters required:

1. Create a [print$] share in the smb.conf file that points to an empty directory named /etc/ opt/samba/printerson the HP CIFS Server. Refer to the following example:

[print$]

path = /etc/opt/samba/printers browseable = yes

guest ok = yes read only = yes

write list = netadmin

In this example, the parameter write list specifies that administrative lever user accounts will have write access for updating files, on the share.

2. Create the subdirectory tree, under the [print$] share, for each architecture that needs to be supported. Refer to the following example:

cd /etc/opt/samba/printers mkdir W32X86

(26)

mkdir Win40

There are two possible locations (subdirectories) for keeping driver files, depending upon what version of Windows the files are for:

For Windows NT, XP, Windows 2000, Vista, or Windows 7 driver files, the files will be stored in the/etc/opt/samba/printers/W32X86 subdirectory.

For Windows 9x driver files, the files will be stored in the /etc/opt/samba/printers/ Win40/0subdirectory.

Setup Client for automatically uploading of printer drivers

Printer driver files can be automatically uploaded from disk to the printers on a HP CIFS Server. Here are the steps:

1. Connect to CIFS Server by running the \\[server name] command or browse to CIFS Server through Network Neighborhood. Make sure you are connected as a member of the printer admin list.

2. From the CIFS Server, double click on the “Printers” or “Printers and Faxes”folder. A list of printers available from your CIFS Server will be shown in the folder. Viewing the printer properties will result in the error message:

The printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the driver now?

3. Click “no” in the error dialog and the printer properties window will be displayed. 4. Click on the “Advanced” tab, then the “New Driver...” button.

5. Select the printer driver e.g. hp LaserJet 5i. You will be asked for the driver files. Give the path where the driver files are located. The driver files will be uploaded from the disk, and stored into the subdirectories under the [print$] share.

Publishing printers in an MS Windows 2003/2008 R2 ADS domain

Publishing printers makes HP CIFS Server printers searchable in an Microsoft Windows 2003/2008 R2 ADS domain. If a Windows client is a domain member of the ADS domain, that client can search for the printer and install it.

Setting up HP CIFS Server for publishing printers support

Use the following procedures to set up an HP CIFS Server for publishing printers support: 1. Create the printer shares for each printer and a [printers] share in the smb.conf file.

The following is an example of a [printers] share: [printers]

path = /tmp printable = yes browseable = yes

See the following example for setting up a specific printer share, where lj1005 is the name of the printer:

[lj1005] path = /tmp printable = yes

2. Create a [print$] share in the smb.conf file and set the path parameter to a directory named /etc/opt/samba/printers. See the following example:

[print$]

(27)

use client driver = no browseable = yes

guest ok = yes read only = yes

write list = netadmin

In the above example, thewrite list parameter specifies that administrative level user account has write access for updating files on this share. Theuse client driver parameter must be set toNo.

3. Configure theprinter admin parameter to specify a list of domain users that are allowed to connect to an HP CIFS Server. See the following example:

[global]

printer admin = cifsuser1,cifsuser2

4. If the HP CIFS Server is not yet a member of the ADS domain, then run the net ads join -U Administrator%password command to join an HP CIFS Server to the ADS domain as a domain member server. See section “Join an HP CIFS Server to a Windows 2000/2003 Domain as an ADS Member Server” in“Windows 2003 and Windows 2008 domains” (page 71)for details.

Publishing printers from a windows client

Use the following procedures to publish printers from a windows client which is a domain member of the ADS domain:

1. Log in to your window client as a user who is a member of the printer admin list. For example, the user's name is cifsuser1.

2. Click on start. 3. Click on therun tab.

4. Type\\<HP CIFS Server name> in the open box to connect to an HP CIFS Server. For example, type \\hpserverA.hpserverA is the name of an HP CIFS Server.

5. Click on theprinters folder.

6. Double click on a printer and select printer, then theproperties tab. 7. Click onsharing tab in the properties windows screen.

8. Check the list in the directory check-box in the sharing windows screen. See the following screen snapshot for an example:

(28)

Figure 1 Publishing printer screen

Verifying that the printer is published

On an HP CIFS Server system, you can run thenet ads printer search command to verify that the printer is published. For example, verify that the printer hpdesklj2 is published, type: $ net ads printer search hpdesklj2

After you ran the above command, the output is shown as follows:

objectClass:top objectClass:leaf objectClass:connectionPoint objectClass:printQuene printerName:hpdesklj2 serverName:HPSERVERA

On a windows client, you can also use the following steps to verify that the printer is published: 1. Log in to your window client as a user who is a member of the printer admin list. For example,

the user's name is cifsuser1. 2. Click on start.

3. Click on the search tab.

4. Click on buttons to find network printers.

5. Select the name of the ADS domain in the In box. 6. Click on the find now tab.

(29)

Commands used for publishing printers

This section describes thenet ads printer command used for publishing printers support on an HP CIFS Server.

Searching printers

To search a printer across the entire Windows 2003/2008 R2 ADS domain, run the following command:

$ net ads printer search <printer_name>

Without specifying the printer name, the command searches all printers available on the ADS domain.

For example, the following command searches all printers available on the ADS domain: $ net ads printer search

After you ran the above command, the output is shown as follows:

objectClass:top objectClass:leaf objectClass:connectionPoint objectClass:printQuene printerName:hpdesklj2 serverName:HPSERVERA objectClass:top objectClass:leaf objectClass:connectionPoint objectClass:printQuene printerName:lj1005 serverName:HPSERVERA objectClass:top objectClass:leaf objectClass:connectionPoint objectClass:printQuene printerName:lj3200 serverName:HPSERVERB Removing a printer

To remove a printer from the ADS domain, run the following command: $ net ads printer remove <printer_name>

For example, the following command removes the printer lj1005 from the ADS domain: $ net ads printer remove lj1005

Re-Publishing a printer

To publish a printer for the first time, you must use the procedures described in section “Publishing Printers from a Windows Client”. If you remove a printer, you can use the following command to re-publish it:

$ net ads printer publish <printer_name>

For example, the following command re-publishes the printer lj1005 to the ADS domain: $ net ads printer publish lj1005

Setting up Distributed File System (DFS) support

This section will provide the procedures for: • Setting up a DFS Tree on a HP CIFS Server

• Setting up DFS Links in the DFS root directory on a HP CIFS Server

(30)

NOTE: HP does not recommend filesharing of the root directory. Only subdirectories under the root should be set up for filesharing.

Setting up a DFS Tree on a HP CIFS Server

After the DFS Tree is set up using this procedure, users on DFS clients can browse the DFS tree located on the HP CIFS Server at \\servername\DFS.

1. Select a HP CIFS Server to act as the Distributed File System (DFS) root directory.

2. Configure a HP CIFS server as a DFS server by modifying the smb.conf file to set the global parameter host msdfs to yes. Example:

[global]

host msdfs = yes

3. Create a directory to act as a DFS root on the HP CIFS Distributed File System (DFS) Server. 4. Create a share and define it with the parameter path = directory of DFS root in the

smb.conffile. Example: [DFS]

path = /export/dfsroot

5. Modify the smb.conf file and set the msdfs root parameter to yes. Example: [DFS]

path = /export/dfsroot msdfs root = yes

Setting up DFS links in the DFS root directory on a HP CIFS Server

A Distributed File System (DFS) root directory on a HP CIFS Server can host DFS links in the form of symbolic links which point to other servers.

Before setting up DFS links in the DFS root directory, you should set the permissions and ownership of the root directory so that only designated users can create, delete or modify the DFS links. Symbolic link names should be all lowercase. All clients accessing a DFS share should have the same user name and password.

An example for setting up DFS links follows:

1. Use theln command to set up the DFS links for “linka” and “linkb” on the/export/dfsroot directory. Both “linka” and “linkb” point to other servers on the network. Example commands: cd /export/dfsroot

chown root /export/dfsroot chmod 775 /export/dfsroot

ln -S msdfs:serverA\\shareA linka

ln -S msdfs:serverB\\shareB serverC\\shareC linkb

2. If you use the ls -l command on the /export/dfsroot directory, it should show an output similar to this one:

lrwxrwxrwx l root sys 24 Oct 30 10:20 linka -> msdfs:serverA\\shareA

lrwxrwxrwx l root sys 30 Oct 30 10:25

linkb -> msdfs:serverB\\shareB, serverC\\shareC

In this example, “serverC” is the alternate path for “linkb”. Because of this, if “serverB” goes down, “linkb” can still be accessed from “serverC”. “linka” and “linkb” are share names. Accessing either one will take users directly to the appropriate share on the network.

(31)

Refer to the following screen snapshot for an example: Figure 2 Link share names example

MC/ServiceGuard high availability support

Highly Available HP CIFS Server allows the HP CIFS Server product to run on an MC/ServiceGuard cluster of nodes. MC/ServiceGuard allows you to create high availability clusters of HP 9000 server computers.

Template files for version A.02.02 have been revised to allow any number of cluster nodes and other advantages over previous schemes.

NOTE: The templates are only starting points, and must be modified for the customer environment. Consulting can be purchased from HP to assist in configuring a HA CIFS Server environment.

Step 4: Starting the HP CIFS Server

Run the script below to start Samba if you do not use winbind support: /opt/samba/bin/startsmb

Run the script below to start Samba if you configure HP CIFS Server to use winbind support: /opt/samba/bin/startsmb -w

or /opt/samba/bin/startsmb --winbind

When the command successfully starts Samba, a message is displayed indicating the specific processes that have been started. When the script is successful, the exit value is 0. If the script fails, the exit value is 1.

Samba installation and configuration are complete.

Run the following script to stop Samba if you do not use winbind support: /opt/samba/bin/stopsmb

Run the following script to stop Samba if you use winbind support: /opt/samba/bin/stopsmb -w

or /opt/samba/bin/stopsmb --winbind

When the script is successful, the exit value is 0. If the script fails, the exit value is 1.

Winbind execution may be controlled without affecting the execution of smbd and nmbd with the following commands.

(32)

Run the following command to start winbind alone: /opt/samba/bin/startwinbind

Run the following command to stop winbind alone: /opt/samba/bin/stopwinbind

NOTE: HP does not support the inetd configuration to start the HP CIFS Server.

Starting and stopping daemons individually

Two new options-n (nmbd only) and-s (smbd only) have been added tostartsmb andstopsmb scripts to start and stop the daemons individually. The startsmb -s command starts the smbd daemon. The stopsmb -s command stops the smbd daemon. The-n option starts and stops thenmbd daemon in the same way.

Configuring automatic start at system boot

When the HP CIFS Server is first installed, it will not automatically start when the system boots. You can enable the HP CIFS Server and related daemons to do so by editing the/etc/ rc.config.d/sambafile. This configuration file contains two variables:

RUN_SAMBA=0 RUN_WINBIND=0

The RUN_SAMBA variable controls whether HP CIFS Server daemons, smbd and nmbd, will start at system startup. The RUN_WINBIND variable controls whether the winbind daemon, winbindd, will start at system startup. The two variables function independently.

To configure HP CIFS Server to start automatically, set RUN_SAMBA to a non-zero value. To configure Winbind to start automatically, set RUN_WINBIND to a non-zero value. For example, if you want HP CIFS Server and Winbind to start automatically at system startup, edit the variables in the /etc/rc.config.d/sambafile as follows:

RUN_SAMBA=1 RUN_WINBIND=1

Stopping and re-starting daemons to apply new settings

Thesmb.conf configuration file is automatically reloaded every minute if it changes. You can force a reload by sending a SIGHUP to the CIFS server. Reloading the configuration file does not affect connections to any service that is already established.

But, you must stop and re-start the CIFS server daemons to apply the new setting for the following parameters in smb.conf: • netbios aliases • interfaces • auth methods • passdb backend • invalid users • valid users • admin users • read list • write list • printer admin • hosts allow

(33)

• hosts deny • hosts equiv • preload modules • wins server • vfs objects • idmap backend

Other samba configuration issues

Translate open-mode locks into HP-UX advisory locks

The HP CIFS Server A.02.* and A.03.* versions can translate open mode locks into HP-UX advisory locks. This functionality prevents HP-UX processes from obtaining advisory locks on files with conflicting open mode locks from CIFS clients. This also means CIFS clients cannot open files that have conflicting advisory locks from HP-UX processes.

You must change the map share modes setting in smb.conf to yes to translate open mode locks to HP-UX advisory locks. The default setting of map share modes is no.

Performance tuning using change notify

This section describes performance tuning using theChange Notify feature and internationalization.

NOTE: Starting with the Samba 3.0.25 version, the Change Notify Timeout feature is deprecated. The Change Notify Timeout feature is replaced with the Change Notify feature. This new feature depends on Linux iNotify, which is not available in HP-UX operating systems.

The Samba Server supports a new feature called Change Notify. Change Notify provides the ability for a client to request notification from the server when changes occur to files or

subdirectories below a directory on a mapped file share. When a file or directory which is contained within the specified directory is modified, the server notifies the client. The purpose of this feature is to keep the client screen display up-to-date in Windows Explorer. The result: if a file you are looking at in Windows Explorer is changed while you are looking at it, you will see the changes on the screen almost immediately.

The only way to implement this feature in Samba is to periodically scan through every file and subdirectory below the directory in question and check for changes made since the last scan. This is a resource intensive operation which has the potential to affect the performance of Samba as well as other applications running on the system. Two major factors affect how resource intensive a scan is: the number of directories having a Change Notify request on them, and the size of those directories. If you have many clients running Windows Explorer (or other file browsers) or if you have directories on shares with a large number of files and/or subdirectories, each scan cycle might be very CPU intensive.

Special concerns when using HP CIFS Server on a Network File System (NFS) or a

Clustered File System (CFS)

Both NFS and CFS provide file system access to unique file storage from multiple systems. However, controlling access to files, particularly files open for write access, from multiple systems poses challenges. Applications are not necessarily network or cluster-aware. Applications may not be