3.2 Preparing for CIFS Installation

3.2.1 Prerequisites

To properly install and configure CIFS, ensure that the following prerequisites are met:

CIFS users that exist in eDirectory must have universal password enabled. For more information, see Deploying Universal Password in the Novell Password Management Administration Guide.

The Universal Password includes the ability to create password policies. It also removes the need to maintain two separate passwords for CIFS users.
Samba and Novell CIFS can not run on the same system. Stop all of the running Samba daemons before installing CIFS. Use the following commands:
- /etc/init.d/smb stop
- /etc/init.d/nmb stop
Move the master or read/write replicas of CIFS users that exist in eDirectory from the NetWare server to an OES Linux server (OES 2 SP3, OES 11, OES 11 SP1, OES 11 SP2) before you join an OES server to the tree. For more information, see Section 11.1.8, CIFS Users Unable to Authenticate to OES 2015 SP1 Server if the Tree has Netware server as the eDirectory Replica Holding Server.
If you plan to set the dialect as SMB2, apply the hotfix as mentioned in Section 11.1.9, Windows Clients Do Not Reflect The Latest File/Folder Operations.

For more information about toggling between SMB versions, see Toggling between SMB Versions.
Enable “Kerberos Forest Search Order (KFSO)” for SMB client connection in the Windows client where the user login. For more information, see Section 11.3.1, Configuring AD Server to Support Kerberos Authentication for External Forest Users Using CIFS Client.
Provide the complete DNS name of the OES CIFS server.

3.2.2 Required eDirectory Rights and Permissions

Rights Needed for CIFS Install Time Administrator

The install administrator must have the following rights to add the Common Proxy user as a trustee of CIFS user contexts and NCP server object of the system where CIFS is being configured.

Target Object	Required Rights
User Contexts selected at install time.	Compare, Read, Write on ACL Attribute.
Local NCP Server object.	Compare, Read, Write on ACL Attribute.

Rights Needed for CIFS Proxy User

The CIFS Proxy user must have the following rights for the CIFS server to read and update CIFS server configuration in eDirectory.

Target Object	Required Rights
User Contexts (/etc/opt/novell/cifs/cifsctxs.conf file).	Inheritable Read and Compare on CN attribute.
Local NCP Server Object.	Read and Compare rights on [All Attribute Rights]. Supervisor rights on CIFS specific attributes listed below: nfapCIFSServerName nfapCIFSComment nfapCIFSWorkGroup nfapCIFSPDCName nfapCIFSAuthent nfapCIFSDialect nfapCIFSDebug nfapCIFSUnicode nfapCIFSOpLocks nfapCIFSAsync nfapCIFSWalk nfapCIFSPDCAddr nfapCIFSWINSAddr nfapCIFSAttach nfapCIFSNDSUserContext nfapCIFSUserContext nfapCIFSShares nfapCIFSDFS nfapCIFSLoginScripts nfapCIFSShareVolsByDefault nfapCIFSDomainDN nfapCIFSBeginRID nfapCIFSEndRID nfapCIFSPDCEnable nfapCIFSSignatures nfapLoginScript nfapCIFSRID nfapCIFSComment nfapCIFSNextRID nfapCIFSDomainSID nfapCIFSPDC nfapCIFSDCList nfapCIFSDCGroup nfapCIFSDomainEpoch

Target Object

Required Rights

User Contexts (/etc/opt/novell/cifs/cifsctxs.conf file).

Inheritable Read and Compare on CN attribute.

Local NCP Server Object.

Read and Compare rights on [All Attribute Rights].

Supervisor rights on CIFS specific attributes listed below:

nfapCIFSServerName
nfapCIFSComment
nfapCIFSWorkGroup
nfapCIFSPDCName
nfapCIFSAuthent
nfapCIFSDialect
nfapCIFSDebug
nfapCIFSUnicode
nfapCIFSOpLocks
nfapCIFSAsync
nfapCIFSWalk
nfapCIFSPDCAddr
nfapCIFSWINSAddr
nfapCIFSAttach
nfapCIFSNDSUserContext
nfapCIFSUserContext
nfapCIFSShares
nfapCIFSDFS
nfapCIFSLoginScripts
nfapCIFSShareVolsByDefault
nfapCIFSDomainDN
nfapCIFSBeginRID
nfapCIFSEndRID
nfapCIFSPDCEnable
nfapCIFSSignatures
nfapLoginScript
nfapCIFSRID
nfapCIFSComment
nfapCIFSNextRID
nfapCIFSDomainSID
nfapCIFSPDC
nfapCIFSDCList
nfapCIFSDCGroup
nfapCIFSDomainEpoch

Rights Needed for CIFS Administrator

The CIFS administrator requires the following rights to manage the CIFS server.

Target Object	Required Rights
User Contexts being added for authentication.	Compare, Read, Write on ACL Attribute.