CIFS has product interdependencies that must be considered:
NMAS (Novell Modular Authentication Services).
NICI (Novell International Cryptographic Infrastructure).
CIFS depends on NMAS for authentication of CIFS users. NMAS is dependent on NICI for encryption and decryption services. A problem with any of these products causes CIFS users to be denied access to an OES 2 Linux server.
To properly install and configure CIFS, ensure that the following prerequisites are met:
You are running an OES 2 SP3 server. For more information on installing OES 2 Linux, see the OES 2 SP3: Installation Guide.
CIFS users must be universal password enabled. Read Deploying Universal Password
in the Novell Password Management Administration Guide.
The Universal Password includes the ability to create password policies. It also removes the need to maintain two separate passwords for CIFS users.
NMAS is installed on or added to an OES 2 Linux server that has a read/write eDirectory replica of the eDirectory partition where the User objects reside.
NMAS is automatically installed with eDirectory. For more information on NMAS, see the NMAS 3.2 Administration Guide.
Novell iManager 2.7.4 is installed, configured, and running. For more information on iManager installation and administration, see the .
NCP must be installed and running for CIFS to work correctly.
Stop all the running Samba daemons before installing CIFS. Use the following commands:
/etc/init.d/smb stop
/etc/init.d/nmb stop
The , , and have the rights to read the eDirectory CIFS attributes under ( and ). Hence if these virtual servers are hosted in any of these three nodes, the configuration is read by the CIFS service in the corresponding node. |
The , , and have rights to read the eDirectory CIFS attributes under ( and ). Hence if these virtual servers are hosted in any of these three nodes, the configuration is read by the CIFS service in the corresponding node. |
If the virtual server requires to be migrated across the branches, then the cifs proxy users have to be given explicit rights on those branches such that the CIFS attribute information can be read.
The attributes for which the cifs proxy user requires rights are, nfapCIFSServername, nfapCIFSComment, nfapCIFSShares, and nfapCIFSAttach. These attributes must have read, write, and compare rights. If the rights are defined on the branch (preferable), then the inherit rights also have to be provided.
In this example, if
is to be hosted on node server c, then must be provided access to read the attributes of . The rights for the above mentioned attributes can be provided at for . Hence the same rights holds good for hosting too.