The following terms are used throughout this book.access control list (ACL)
A list associated with a file that contains information about which users or groups have permission to access or modify the file.Active Directory (AD)
A Windows naming service that runs on a domain controller to protect network objects from unauthorized access. This service also replicates objects across a network so that data is not lost if one domain controller fails.autohome share
A transient share of a user's home directory that is created when the user logs in and is removed when the user logs out.CIFS client
Software that enables a system to access CIFS shares from a CIFS server.CIFS server
Software that enables a system to make CIFS shares available to CIFS clients.Common Internet File System (CIFS)
A protocol that follows the client-server model to share files and services over the network, and which is based on the Server Message Block (SMB) protocol.diagonal mapping
A rule that maps between a Windows group and a Solaris user and between a Solaris group and a Windows user. These mappings are needed when Windows uses a group identity as a file owner, or a user identity as a file group.directory-based mappings
A way to use name mapping information that is stored in user or group objects in the Active Directory (AD), in the native LDAP directory service, or both to map users and groups.Domain Name System (DNS)
A service that provides the naming policy and mechanisms for mapping domain and machine names to addresses outside of the enterprise, such as those on the Internet. DNS is the network information service used by the Internet.Dynamic DNS (DDNS)
A service that is provided with AD that enables a client to dynamically update its entries in the DNS database.ephemeral ID
A dynamic UID or GID mapping for an SID that is not already mapped by name.forest
A forest can have one or more trees that do not form a contiguous namespace.forest-and-tree model
Each tree in this model has a unique name, while a forest does not need to be named. The trees in a forest form a hierarchy for the purposes of the trust relationships. In this model, a single tree can constitute a forest. Each tree within a forest can be independent of the others.
You might use this model to run multiple environments under separate DNS namespaces.group identifier (GID)
An unsigned 32-bit identifier that is associated with a Solaris group.identity mapping
A process that enables Windows clients to transparently access CIFS shares and remote services from the Solaris CIFS server.Lightweight Data Access Protocol (LDAP)
A standard, extensible directory access protocol that enables clients and servers that use LDAP naming services to communicate with each other.mount point
A directory to which you mount a file system or a share that exists on a remote system.name-based mappings
A way to associate Windows users and groups with equivalent Solaris users and groups by name rather than by identifier. A name-based mapping can consist of directory-based mappings and rule-based mappings.NetBIOS name
The name of a host or workgroup used by NetBIOS.NetBIOS scope
A valid domain name as defined by DNS. You use a NetBIOS scope identifier to identify logical NetBIOS networks that are on the same physical network. When you specify a NetBIOS scope identifier, the server will only be able to communicate with other systems that have the same scope defined. The value is a text string that represents a domain name and is limited to 16 characters. By default, no value is set.
You might specify a NetBIOS scope if you want to divide a large Windows workgroup into smaller groups. If you use a scope, the scope ID must follow NetBIOS name conventions or domain name conventions. The ID is limited to 16 characters.
Most environments do not require the use of the NetBIOS scope feature. If you must use this feature, ensure that you track the scope identifier assigned to each node.Network Information Service (NIS) database
A distributed database that contains key information about the systems and the users on the network. The NIS database is stored on the master server and all the replica or slave servers.Network Time Protocol (NTP)
A protocol that enables a client to automatically synchronize its system clock with a time server. The clock is synchronized each time the client is booted and any time it contacts the time server.persistent password
A stored password that enables a Solaris CIFS client to mount CIFS shares without having to authenticate each mount action. This password remains in storage until removed by the smbutil logout or smbutil logoutall command.relative identifier (RID)rule-based mappings
A way to use rules to associate Windows users and groups with equivalent Solaris users and groups by name rather than by identifier.Samba
An open source service that enables UNIX servers to provide CIFS/SMB file-sharing and printing services to CIFS clients.Security Accounts Manager (SAM) database
A database in which Windows users and groups are defined. The SAM database is managed on a Windows domain controller.security identifier (SID)
A variable length structure that uniquely identifies a user or group both within the local domain and across all possible Windows domains.Server Message Block (SMB)
A protocol that enables clients to access files and to request services of a server on the network.share
A local resource on a server that is accessible to clients on the network. On a Solaris CIFS server, a share is typically a directory. Each share is identified by a name on the network. To clients on the network, the share does not expose the local directory path directly above the root of the share.
Most shares have a type of disk because the shares are directories. A share of type pipe represents a device, such as an IPC share or a printer.tree
A named collection of domains that share the same network configuration, schema, and global catalog.user identifier (UID)
An unsigned 32-bit identifier that is associated with a Solaris user.Windows domain
A centrally administered group of computers and accounts that share a common security and administration policy and database. Computer, user, and group accounts are centrally managed by using servers known as domain controllers. In order to participate in a Windows domain, a computer must join the domain and become a domain member.Windows domain controller
A Windows system that is used to provide authentication services for its Windows domain.Windows Internet Naming Service (WINS)
A service that resolves NetBIOS names to IP addresses.Windows workgroup
A group of standalone computers that are independently administered. Each computer has independent, local user and group accounts, and security and policy database. In a Windows workgroup, computers cooperate through the use of a common workgroup name but this is a peer-to-peer model with no formal membership mechanism.