You are previewing Samba-3 by Example: Practical Exercises to Successful Deployment, Second Edition.
O'Reilly logo
Samba-3 by Example: Practical Exercises to Successful Deployment, Second Edition

Book Description

Samba-3 by Example provides useful, thoroughly documented explanations for all aspects of a Samba deployment. They’re the same kind of patient answers I got when my dad taught me how to ride a bike without training wheels. Now, if only dad knew active Directory....”

—Will Enestvedt, UNIX System Administrator, Johnson & Wales University

“When my colleague and I were first reading John Terpstra’s Samba-3 by Example, we were impressed by how easy it was to find the chapter we wanted to implement, and the ease of following his step-by-step approach. We always felt Terpstra was there with us, for every configuration line. It was like having our own personal tutor. I always take his book to every client that uses Samba. Additionally, Terpstra does something most authors don’t, he keeps his documentation up to date. When we were doing our first implementation, he just released the update that morning; we downloaded it, printed it, and implemented it. Now, to me, that is cutting-edge technology at its best.”

—Steven C. Henry

“A cook learns to follow a recipe until he has mastered the art. This is your cookbook to successful Windows networks. I followed this recipe to migrate our NT4 domain to Samba-3, and the recipe just worked great. I could not have completed this project without the Samba-3 by Example book—it brings dry, lifeless man-pages down to the reality IT support people face.”

—Geoff Scott, IT Systems Administrator, Guests Furniture Hire Pty Ltd

“I used the book Samba-3 by Example to get started at 8:30 last night. I finished my complete PDC and it was up and running in six hours with Windows 2000 and XP Pro clients ready for work in the morning. That’s from someone who is brand new to Linux. This book is awesome!”

—Jesse Knudsen, Windows Systems Administrator

The Practical, Tested, Step-by-Step Samba-3 Guidebook Has Now Been Fully Updated!

The definitive Samba-3 guidebook has been completely updated to reflect the latest Samba releases and migration techniques. This book’s complete configuration files, step-by-step implementation instructions, network diagrams, and automated scripts make deployment a breeze—even if you've never worked with Samba before. From small office networks to enterprise environments, here are proven configurations, backed by guidance from one of the world’s most respected Samba experts, Samba Team contibutor John H. Terpstra.

This edition has added comprehensive diagnostic techniques and validation steps, as well as solutions to common implementation mistakes: everything you need to assure reliability and performance regardless of your network environment. In response to reader requests, the author has also added detailed coverage of updating existing Samba networks, as well as a practical primer on how Samba stores essential network information. Samba-3 by Example, Second Edition, covers all these scenarios, and more.

  • Deploying “no frills” servers for small, convenient networks

  • Implementing small- to-mid-sized networks using basic security

  • Implementing full-fledged enterprise network environments, with tips for enhancing availability and performance

  • Building secure, scalable networks with domain logons and roaming profiles

  • Deploying Samba in environments that utilize routers and firewalls

  • Examples that minimize desktop management requirements, using policy controls and folder redirection

  • Integrating Samba-3 with Windows Server 2003 and Microsoft Active Directory domains

  • Migrating seamlessly from Windows NT 4 to Samba-3

  • Adding Samba servers as Windows domain members

  • Configuring DHCP, DNS, and OpenLDAP servers to get the most out of your Samba network

  • An example of Squid, using Windows authentication through Samba

  • Estimating server hardware, using the practical guidelines included here

  • If you’re a Windows network administrator responsible for deploying or managing Samba, Samba-3 by Example, Second Edition, is your indispensable resource.

    CD-ROM Included

    The CD-ROM contains all example configuration files, scripts, and tools covered in the book.



    Table of Contents

    1. Copyright
    2. Praise for Samba-3 by Example
    3. Bruce Perens’ Open Source Series
    4. About the Cover Artwork
    5. Acknowledgments
    6. List of Examples
    7. List of Figures
    8. List of Tables
    9. Foreword
      1. By John M. Weathersby, Executive Director, OSSI
    10. Preface
      1. Why Is This Book Necessary?
      2. Samba 3.0.20 Update Edition
      3. Prerequisites
      4. Approach
      5. Summary of Topics
        1. Chapter 1 — No Frills Samba Servers
        2. Chapter 2 — Small Office Networking
        3. Chapter 3 — Secure Office Networking
        4. Chapter 4 — The 500 User Office
        5. Chapter 5 — Making Happy Users
        6. Chapter 6 — A Distributed 2000 User Network
        7. Chapter 7 — Adding UNIX/Linux Servers and Clients
        8. Chapter 8 — Updating Samba-3
        9. Chapter 9 — Migrating NT4 Domain to Samba-3
        10. Chapter 10 — Migrating NetWare 4.11 Server to Samba
        11. Chapter 11 — Active Directory, Kerberos and Security
        12. Chapter 12 — Integrating Additional Services
        13. Chapter 13 — Performance, Reliability and Availability
        14. Chapter 14 — Samba Support
        15. Chapter 15 — A Collection of Useful Tid-bits
        16. Chapter 16 — Windows Networking Primer
      6. Conventions Used
    11. I. Example Network Configurations
      1. 1. No-Frills Samba Servers
        1. 1.1. Introduction
        2. 1.2. Assignment Tasks
          1. 1.2.1. Drafting Office
            1. 1.2.1.1. Dissection and Discussion
            2. 1.2.1.2. Implementation
            3. 1.2.1.3. Validation
          2. 1.2.2. Charity Administration Office
            1. 1.2.2.1. Dissection and Discussion
            2. 1.2.2.2. Implementation
            3. 1.2.2.3. Validation
          3. 1.2.3. Accounting Office
            1. 1.2.3.1. Dissection and Discussion
            2. 1.2.3.2. Implementation
        3. 1.3. Questions and Answers
      2. 2. Small Office Networking
        1. 2.1. Introduction
          1. 2.1.1. Assignment Tasks
        2. 2.2. Dissection and Discussion
          1. 2.2.1. Technical Issues
          2. 2.2.2. Political Issues
        3. 2.3. Implementation
          1. 2.3.1. Validation
          2. 2.3.2. Notebook Computers: A Special Case
          3. 2.3.3. Key Points Learned
        4. 2.4. Questions and Answers
      3. 3. Secure Office Networking
        1. 3.1. Introduction
          1. 3.1.1. Assignment Tasks
        2. 3.2. Dissection and Discussion
          1. 3.2.1. Technical Issues
            1. 3.2.1.1. Hardware Requirements
          2. 3.2.2. Political Issues
        3. 3.3. Implementation
          1. 3.3.1. Basic System Configuration
          2. 3.3.2. Samba Configuration
          3. 3.3.3. Configuration of DHCP and DNS Servers
          4. 3.3.4. Printer Configuration
          5. 3.3.5. Process Startup Configuration
          6. 3.3.6. Validation
          7. 3.3.7. Application Share Configuration
            1. 3.3.7.1. Comments Regarding Software Terms of Use
          8. 3.3.8. Windows Client Configuration
          9. 3.3.9. Key Points Learned
        4. 3.4. Questions and Answers
      4. 4. The 500-User Office
        1. 4.1. Introduction
          1. 4.1.1. Assignment Tasks
        2. 4.2. Dissection and Discussion
          1. 4.2.1. Technical Issues
          2. 4.2.2. Political Issues
        3. 4.3. Implementation
          1. 4.3.1. Installation of DHCP, DNS, and Samba Control Files
          2. 4.3.2. Server Preparation: All Servers
          3. 4.3.3. Server-Specific Preparation
            1. 4.3.3.1. Configuration for Server: MASSIVE
            2. 4.3.3.2. Configuration Specific to Domain Member Servers: BLDG1, BLDG2
          4. 4.3.4. Process Startup Configuration
          5. 4.3.5. Windows Client Configuration
          6. 4.3.6. Key Points Learned
        4. 4.4. Questions and Answers
      5. 5. Making Happy Users
        1. 5.1. Regarding LDAP Directories and Windows Computer Accounts
        2. 5.2. Introduction
          1. 5.2.1. Assignment Tasks
        3. 5.3. Dissection and Discussion
          1. 5.3.1. Technical Issues
            1. 5.3.1.1. Addition of Machines to the Domain
            2. 5.3.1.2. Roaming Profile Background
            3. 5.3.1.3. The Local Group Policy
            4. 5.3.1.4. Profile Changes
            5. 5.3.1.5. Using a Network Default User Profile
            6. 5.3.1.6. Installation of Printer Driver Auto-Download
            7. 5.3.1.7. Avoiding Failures: Solving Problems Before They Happen
          2. 5.3.2. Political Issues
          3. 5.3.3. Installation Checklist
        4. 5.4. Samba Server Implementation
          1. 5.4.1. OpenLDAP Server Configuration
          2. 5.4.2. PAM and NSS Client Configuration
          3. 5.4.3. Samba-3 PDC Configuration
          4. 5.4.4. Install and Configure Idealx smbldap-tools Scripts
            1. 5.4.4.1. Installation of smbldap-tools from the Tarball
            2. 5.4.4.2. Installing smbldap-tools from the RPM Package
            3. 5.4.4.3. Configuration of smbldap-tools
          5. 5.4.5. LDAP Initialization and Creation of User and Group Accounts
          6. 5.4.6. Printer Configuration
        5. 5.5. Samba-3 BDC Configuration
        6. 5.6. Miscellaneous Server Preparation Tasks
          1. 5.6.1. Configuring Directory Share Point Roots
          2. 5.6.2. Configuring Profile Directories
          3. 5.6.3. Preparation of Logon Scripts
          4. 5.6.4. Assigning User Rights and Privileges
        7. 5.7. Windows Client Configuration
          1. 5.7.1. Configuration of Default Profile with Folder Redirection
          2. 5.7.2. Configuration of MS Outlook to Relocate PST File
          3. 5.7.3. Configure Delete Cached Profiles on Logout
          4. 5.7.4. Uploading Printer Drivers to Samba Servers
          5. 5.7.5. Software Installation
          6. 5.7.6. Roll-out Image Creation
        8. 5.8. Key Points Learned
        9. 5.9. Questions and Answers
      6. 6. A Distributed 2000-User Network
        1. 6.1. Introduction
          1. 6.1.1. Assignment Tasks
        2. 6.2. Dissection and Discussion
          1. 6.2.1. Technical Issues
            1. 6.2.1.1. User Needs
            2. 6.2.1.2. The Nature of Windows Networking Protocols
            3. 6.2.1.3. Identity Management Needs
          2. 6.2.2. Political Issues
        3. 6.3. Implementation
          1. 6.3.1. Key Points Learned
        4. 6.4. Questions and Answers
    12. II. Domain Members, Updating Samba and Migration
      1. 7. Adding Domain Member Servers and Clients
        1. 7.1. Introduction
          1. 7.1.1. Assignment Tasks
        2. 7.2. Dissection and Discussion
          1. 7.2.1. Technical Issues
          2. 7.2.2. Political Issues
        3. 7.3. Implementation
          1. 7.3.1. Samba Domain with Samba Domain Member Server — Using NSS LDAP
          2. 7.3.2. NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind
          3. 7.3.3. NT4/Samba Domain with Samba Domain Member Server without NSS Support
          4. 7.3.4. Active Directory Domain with Samba Domain Member Server
            1. 7.3.4.1. IDMAP_RID with Winbind
            2. 7.3.4.2. IDMAP Storage in LDAP using Winbind
            3. 7.3.4.3. IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension
          5. 7.3.5. UNIX/Linux Client Domain Member
            1. 7.3.5.1. NT4 Domain Member
            2. 7.3.5.2. ADS Domain Member
          6. 7.3.6. Key Points Learned
        4. 7.4. Questions and Answers
      2. 8. Updating Samba-3
        1. 8.1. Introduction
          1. 8.1.1. Cautions and Notes
            1. 8.1.1.1. Security Identifiers (SIDs)
            2. 8.1.1.2. Change of hostname
            3. 8.1.1.3. Change of Workgroup (Domain) Name
            4. 8.1.1.4. Location of config files
            5. 8.1.1.5. International Language Support
            6. 8.1.1.6. Updates and Changes in Idealx smbldap-tools
        2. 8.2. Upgrading from Samba 1.x and 2.x to Samba-3
          1. 8.2.1. Samba 1.9.x and 2.x Versions Without LDAP
          2. 8.2.2. Applicable to All Samba 2.x to Samba-3 Upgrades
          3. 8.2.3. Samba-2.x with LDAP Support
        3. 8.3. Updating a Samba-3 Installation
          1. 8.3.1. Samba-3 to Samba-3 Updates on the Same Server
            1. 8.3.1.1. Updating from Samba Versions Earlier than 3.0.5
            2. 8.3.1.2. Updating from Samba Versions between 3.0.6 and 3.0.10
            3. 8.3.1.3. Updating from Samba Versions after 3.0.6 to a Current Release
          2. 8.3.2. Migrating Samba-3 to a New Server
            1. 8.3.2.1. Replacing a Domain Member Server
            2. 8.3.2.2. Replacing a Domain Controller
          3. 8.3.3. Migration of Samba Accounts to Active Directory
      3. 9. Migrating NT4 Domain To Samba-3
        1. 9.1. Introduction
          1. 9.1.1. Assignment Tasks
        2. 9.2. Dissection and Discussion
          1. 9.2.1. Technical Issues
          2. 9.2.2. Political Issues
        3. 9.3. Implementation
          1. 9.3.1. NT4 Migration Using LDAP Backend
            1. 9.3.1.1. Migration Log Validation
          2. 9.3.2. NT4 Migration Using tdbsam Backend
          3. 9.3.3. Key Points Learned
        4. 9.4. Questions and Answers
      4. 10. Migrating Netware Server to Samba-3
        1. 10.1. Introduction
          1. 10.1.1. Assignment Tasks
        2. 10.2. Dissection and Discussion
          1. 10.2.1. Technical Issues
        3. 10.3. Implementation
          1. 10.3.1. NetWare Migration Using LDAP Backend
            1. 10.3.1.1. LDAP Server Configuration
    13. III. Reference Section
      1. 11. Active Directory, Kerberos, and Security
        1. 11.1. Introduction
          1. 11.1.1. Assignment Tasks
        2. 11.2. Dissection and Discussion
          1. 11.2.1. Technical Issues
            1. 11.2.1.1. Kerberos Exposed
        3. 11.3. Implementation
          1. 11.3.1. Share Access Controls
          2. 11.3.2. Share Definition Controls
            1. 11.3.2.1. Checkpoint Controls
            2. 11.3.2.2. Override Controls
          3. 11.3.3. Share Point Directory and File Permissions
          4. 11.3.4. Managing Windows 200x ACLs
            1. 11.3.4.1. Using the MMC Computer Management Interface
            2. 11.3.4.2. Using MS Windows Explorer (File Manager)
            3. 11.3.4.3. Setting Posix ACLs in UNIX/Linux
          5. 11.3.5. Key Points Learned
        4. 11.4. Questions and Answers
      2. 12. Integrating Additional Services
        1. 12.1. Introduction
          1. 12.1.1. Assignment Tasks
        2. 12.2. Dissection and Discussion
          1. 12.2.1. Technical Issues
          2. 12.2.2. Political Issues
        3. 12.3. Implementation
          1. 12.3.1. Removal of Pre-Existing Conflicting RPMs
          2. 12.3.2. Kerberos Configuration
            1. 12.3.2.1. Samba Configuration
            2. 12.3.2.2. NSS Configuration
            3. 12.3.2.3. Squid Configuration
          3. 12.3.3. Configuration
          4. 12.3.4. Key Points Learned
        4. 12.4. Questions and Answers
      3. 13. Performance, Reliability, and Availability
        1. 13.1. Introduction
        2. 13.2. Dissection and Discussion
        3. 13.3. Guidelines for Reliable Samba Operation
          1. 13.3.1. Name Resolution
            1. 13.3.1.1. Bad Hostnames
            2. 13.3.1.2. Routed Networks
            3. 13.3.1.3. Network Collisions
          2. 13.3.2. Samba Configuration
          3. 13.3.3. Use and Location of BDCs
          4. 13.3.4. Use One Consistent Version of MS Windows Client
          5. 13.3.5. For Scalability, Use SAN-Based Storage on Samba Servers
          6. 13.3.6. Distribute Network Load with MSDFS
          7. 13.3.7. Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth
          8. 13.3.8. Hardware Problems
          9. 13.3.9. Large Directories
        4. 13.4. Key Points Learned
      4. 14. Samba Support
        1. 14.1. Free Support
        2. 14.2. Commercial Support
      5. 15. A Collection of Useful Tidbits
        1. 15.1. Joining a Domain: Windows 200x/XP Professional
        2. 15.2. Samba System File Location
        3. 15.3. Starting Samba
        4. 15.4. DNS Configuration Files
          1. 15.4.1. The Forward Zone File for the Loopback Adaptor
          2. 15.4.2. The Reverse Zone File for the Loopback Adaptor
          3. 15.4.3. DNS Root Server Hint File
        5. 15.5. Alternative LDAP Database Initialization
          1. 15.5.1. Initialization of the LDAP Database
        6. 15.6. The LDAP Account Manager
        7. 15.7. IDEALX Management Console
        8. 15.8. Effect of Setting File and Directory SUID/SGID Permissions Explained
        9. 15.9. Shared Data Integrity
          1. 15.9.1. Microsoft Access
          2. 15.9.2. Act! Database Sharing
          3. 15.9.3. Opportunistic Locking Controls
      6. 16. Networking Primer
        1. 16.1. Requirements and Notes
        2. 16.2. Introduction
          1. 16.2.1. Assignment Tasks
        3. 16.3. Exercises
          1. 16.3.1. Single-Machine Broadcast Activity
            1. 16.3.1.1. Findings
          2. 16.3.2. Second Machine Startup Broadcast Interaction
            1. 16.3.2.1. Findings
          3. 16.3.3. Simple Windows Client Connection Characteristics
            1. 16.3.3.1. Findings and Comments
          4. 16.3.4. Windows 200x/XP Client Interaction with Samba-3
            1. 16.3.4.1. Discussion
          5. 16.3.5. Conclusions to Exercises
        4. 16.4. Dissection and Discussion
          1. 16.4.1. Technical Issues
        5. 16.5. Questions and Answers
    14. A. GNU General Public License
      1. A.1. Preamble
      2. A.2. Terms and Conditions for Copying, Distribution and Modification
        1. A.2.1. Section 0
        2. A.2.2. Section 1
        3. A.2.3. Section 2
        4. A.2.4. Section 3
        5. A.2.5. Section 4
        6. A.2.6. Section 5
        7. A.2.7. Section 6
        8. A.2.8. Section 7
        9. A.2.9. Section 8
        10. A.2.10. Section 9
        11. A.2.11. Section 10
        12. A.2.12. NO WARRANTY Section 11
        13. A.2.13. Section 12
      3. A.3. How to Apply These Terms to Your New Programs
    15. Glossary
    16. CD-ROM Warranty