Novell Doc: OES 2 SP3: Novell CIFS for Linux Administration Guide

4.1 Preparing for CIFS Installation

4.1.1 Product Interdependencies

CIFS has product interdependencies that must be considered:

NMAS (Novell Modular Authentication Services).
NICI (Novell International Cryptographic Infrastructure).

CIFS depends on NMAS for authentication of CIFS users. NMAS is dependent on NICI for encryption and decryption services. A problem with any of these products causes CIFS users to be denied access to an OES 2 Linux server.

4.1.2 Prerequisites

To properly install and configure CIFS, ensure that the following prerequisites are met:

You are running an OES 2 SP3 server. For more information on installing OES 2 Linux, see the OES 2 SP3: Installation Guide.
CIFS users must be universal password enabled. Read Deploying Universal Password in the Novell Password Management Administration Guide.

The Universal Password includes the ability to create password policies. It also removes the need to maintain two separate passwords for CIFS users.
NMAS is installed on or added to an OES 2 Linux server that has a read/write eDirectory replica of the eDirectory partition where the User objects reside.

NMAS is automatically installed with eDirectory. For more information on NMAS, see the NMAS 3.2 Administration Guide.
Novell iManager 2.7.4 is installed, configured, and running. For more information on iManager installation and administration, see the .
NCP must be installed and running for CIFS to work correctly.
Stop all the running Samba daemons before installing CIFS. Use the following commands:
- /etc/init.d/smb stop
- /etc/init.d/nmb stop

4.1.3 Required Rights and Permissions for a CIFS User/Administrator

Example for CIFS Cluster Rights

The cifs proxy user a, cifs proxy user b, and cifs proxy user c have the rights to read the eDirectory CIFS attributes under ou=provo (Virtual server a and Virtual server b). Hence if these virtual servers are hosted in any of these three nodes, the configuration is read by the CIFS service in the corresponding node.

The cifs proxy user 1, cifs proxy user 2, and cifs proxy user 3 have rights to read the eDirectory CIFS attributes under ou=blr (Virtual server 1 and Virtual server 2). Hence if these virtual servers are hosted in any of these three nodes, the configuration is read by the CIFS service in the corresponding node.

If the virtual server requires to be migrated across the branches, then the cifs proxy users have to be given explicit rights on those branches such that the CIFS attribute information can be read.

The attributes for which the cifs proxy user requires rights are, nfapCIFSServername, nfapCIFSComment, nfapCIFSShares, and nfapCIFSAttach. These attributes must have read, write, and compare rights. If the rights are defined on the branch (preferable), then the inherit rights also have to be provided.

In this example, if Virtual server 2 is to be hosted on node server c, then cifs proxy user c must be provided access to read the attributes of Virtual server 2. The rights for the above mentioned attributes can be provided at ou=blr for cifs proxy user c. Hence the same rights holds good for hosting Virtual server 1 too.