diff options
Diffstat (limited to 'docs/Samba-Guide/preface.xml')
| -rw-r--r-- | docs/Samba-Guide/preface.xml | 437 |
1 files changed, 437 insertions, 0 deletions
diff --git a/docs/Samba-Guide/preface.xml b/docs/Samba-Guide/preface.xml new file mode 100644 index 0000000000..4e847b309a --- /dev/null +++ b/docs/Samba-Guide/preface.xml @@ -0,0 +1,437 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ + + <!-- Stuff for xincludes --> + <!ENTITY % xinclude SYSTEM "../entities/xinclude.dtd"> + %xinclude; + + <!-- entities files to use --> + <!ENTITY % global_entities SYSTEM '../entities/global.entities'> + %global_entities; + +]> +<preface id="preface"> + <title>Preface</title> + + <para> + Network administrators live busy lives. We face distractions and pressures + that drive us to seek proven, working case scenarios that can be easily + implemented. Often this approach lands us in trouble. There is a + saying that, geometrically speaking, the shortest distance between two + points is a straight line, but practically we find that the quickest + route to a stable network solution is the long way around. + </para> + + <para> + This book is your means to the straight path. It provides step-by-step, + proven, working examples of Samba deployments. If you want to deploy + Samba-3 with the least effort, or if you want to become an expert at deploying + Samba-3 without having to search through lots of documentation, this + book is the ticket to your destination. + </para> + + <para> + Samba is software that can be run on a platform other than Microsoft Windows, + for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. + Samba uses the TCP/IP protocol that is installed on the host server. When + correctly configured, it allows that host to interact with a Microsoft Windows + client or server as if it is a Windows file and print server. This book + will help you to implement Windows-compatible file and print services. + </para> + + <para> + The examples presented in this book are typical of various businesses and + reflect the problems and challenges they face. Care has been taken to preserve + attitudes, perceptions, practices, and demands from real network case studies. + The maximum benefit may be obtained from this book by working carefully through + each exercise. You may be in a hurry to satisfy a specific need, so feel + free to locate the example that most closely matches your need, copy it, and + innovate as much as you like. Above all, enjoy the process of learning the + secrets of MS Windows networking that is truly liberated by Samba. + </para> + + <para> + The focus of attention in this book is Samba-3. Specific notes are made in + respect of how Samba may be made secure. This book does not attempt to provide + detailed information regarding secure operation and configuration of peripheral + services and applications such as OpenLDAP, DNS and DHCP, the need for which + can be met from other resources that are dedicated to the subject. + </para> + + <sect1> + <title>Why Is This Book Necessary?</title> + + <para> + This book is the result of observations and feedback. The feedback from + the Samba-HOWTO-Collection has been positive and complimentary. There + have been requests for far more worked examples, a + <quote>Samba Cookbook,</quote> and for training materials to + help kick-start the process of mastering Samba. + </para> + + <para> + The Samba mailing list's users have asked for sample configuration files + that work. It is natural to question one's own ability to correctly + configure a complex tool such as Samba until a minimum necessary + knowledge level has been attained. + </para> + + <para> + The Samba-HOWTO-Collection, as do <emphasis>The Official Samba-3 HOWTO and + Reference Guide</emphasis>, document Samba features and functionality in + a topical context. This book takes a completely different approach. It + walks through Samba network configurations that are working within particular + environmental contexts, providing documented step-by-step implementations. + All example case configuration files, scripts, and other tools are provided + on the CD-ROM. This book is descriptive, provides detailed diagrams, and + makes deployment of Samba-3 a breeze. + </para> + + </sect1> + + <sect1> + <title>Prerequisites</title> + + <para> + This book is not a tutorial on UNIX or Linux administration. UNIX and Linux + training is best obtained from books dedicated to the subject. This book + assumes that you have at least the basic skill necessary to use these operating + systems, and that you can use a basic system editor to edit and configure files. + It has been written with the assumption that you have experience with Samba, + have read <emphasis>The Official Samba-3 HOWTO and Reference Guide</emphasis> and + the Samba-HOWTO-Collection, or that you have familiarity with Microsoft Windows. + </para> + + <para> + If you do not have this experience, you can follow the examples in this book but may + find yourself at times intimidated by assumptions made. In this situation, you + may need to refer to administrative guides or manuals for your operating system + platform to find what is the best method to achieve what the text of this book describes. + </para> + + </sect1> + + <sect1> + <title>Approach</title> + + <para> + The first chapter deals with some rather thorny network analysis issues. Do not be + put off by this. The information you glean, even without a detailed understanding + of network protocol analysis, can help you understand how Windows networking functions. + </para> + + <para> + Each following chapter of this book opens with the description of a networking solution + sought by a hypothetical site. Bob Jordan is a hypothetical decision maker + for an imaginary company, <constant>Abmas Biz NL</constant>. We will use the + non-existent domain name <constant>abmas.biz</constant>. All <emphasis>facts</emphasis> + presented regarding this company are fictitious and have been drawn from a variety of real + business scenarios over many years. Not one of these reveal the identify of the + real-world company from which the scenario originated. + </para> + + <para> + In any case, Mr. Jordan likes to give all his staff nasty little assignments. + Stanley Saroka is one of his proteges; Christine Roberson is the network administrator + Bob trusts. Jordan is inclined to treat other departments well because they finance + Abmas IT operations. + </para> + + <para> + Each chapter presents a summary of the network solution we have chosen to + demonstrate together with a rationale to help you to understand the + thought process that drove that solution. The chapter then documents in precise + detail all configuration files and steps that must be taken to implement the + example solution. Anyone wishing to gain serious value from this book will + do well to take note of the implications of points made, so watch out for the + <emphasis>this means that</emphasis> notations. + </para> + + <para> + Each chapter has a set of questions and answers to help you to + to understand and digest key attributes of the solutions presented. + </para> + + </sect1> + + <sect1> + <title>Summary of Topics</title> + + <para> + Our first assignment is to understand how Microsoft Windows products + function in the network environment. That is where we start. Let's take + just a few moments to get a bird's eye view of this book. Remember that + this is a book about file and print technology deployment; there are + great examples of printing solutions. Here we go. + </para> + + <variablelist> + <varlistentry> + <term>Chapter 1 &smbmdash; Windows Networking Primer</term><listitem> + <para> + Here we cover practical exercises to help us to understand how MS Windows + network protocols function. A network protocol analyzer helps you to + appreciate the fact that Windows networking is highly dependent on broadcast + messaging. Additionally, you can look into network packets that a Windows + client sends to a network server to set up a network connection. On completion, + you should have a basic understanding of how network browsing functions and + have seen some of the information a Windows client sends to + a file and print server to create a connection over which file and print + operations may take place. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 2 &smbmdash; No Frills Samba Servers</term><listitem> + <para> + Here you design a solution for three different business scenarios, each for a + company called Abmas. There are two simple networking problems and one slightly + more complex networking challenge. In the first two cases, Abmas has a small + simple office, and they want to replace a Windows 9x peer-to-peer network. The + third example business uses Windows 2000 Professional. This must be simple, + so let's see how far we can get. If successful, Abmas grows quickly and + soon needs to replace all servers and workstations. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demands: + <itemizedlist> + <listitem><para>Case 1: The simplest &smb.conf; file that may + reasonably be used. Works with Samba-2.x also. This + configuration uses Share Mode security. Encrypted + passwords are not used, so there is no + <filename>smbpasswd</filename> file. + </para></listitem> + + <listitem><para>Case 2: Another simple &smb.conf; file that adds + WINS support and printing support. This case deals with + a special requirement that demonstrates how to deal with + purpose-built software that has a particular requirement + for certain share names and printing demands. This + configuration uses Share Mode security and also works with + Samba-2.x. Encrypted passwords are not used, so there is no + <filename>smbpasswd</filename> file. + </para></listitem> + + <listitem><para>Case 3: This &smb.conf; configuration uses User Mode + security. The file share configuration demonstrates + the ability to provide master access to an administrator + while restricting all staff to their own work areas. + Encrypted passwords are used, so there is an implicit + <filename>smbpasswd</filename> file. + </para></listitem> + </itemizedlist> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 3 &smbmdash; Small Office Networking</term><listitem> + <para> + Abmas is a successful company now. They have 50 network users + and want a little more varoom from the network. This is a typical + small office and they want better systems to help them to grow. This is + your chance to really give advanced users a bit more functionality and usefulness. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file + makes use of encrypted passwords, so there is an <filename>smbpasswd</filename> + file. It also demonstrates use of the <parameter>valid users</parameter> and + <parameter>valid groups</parameter> to restrict share access. The Windows + clients access the server as Domain members. Mobile users log onto + the Domain while in the office, but use a local machine account while on the + road. The result is an environment that answers mobile computing user needs. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 4 &smbmdash; Secure Office Networking</term><listitem> + <para> + Abmas is growing rapidly now. Money is a little tight, but with 130 + network users, security has become a concern. They have many new machines + to install and the old equipment will be retired. This time they want the + new network to scale and grow for at least two years. Start with a sufficient + system and allow room for growth. You are now implementing an Internet + connection and have a few reservations about user expectations. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file + makes use of encrypted passwords, and you can use a <filename>tdbsam</filename> + password backend. Domain logons are introduced. Applications are served from the central + server. Roaming profiles are mandated. Access to the server is tightened up + so that only domain members can access server resources. Mobile computing + needs still are catered to. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 5 &smbmdash; The 500 User Office</term><listitem> + <para> + The two-year projections were met. Congratulations, you are a star. + Now Abmas needs to replace the network. Into the existing user base, they + need to merge a 280-user company they just acquired. It is time to build a serious + network. There are now three buildings on one campus and your assignment is + to keep everyone working while a new network is rolled out. Oh, isn't it nice + to roll out brand new clients and servers! Money is no longer tight, you get + to buy and install what you ask for. You will install routers and a firewall. + This is exciting! + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file + makes use of encrypted passwords, and a <filename>tdbsam</filename> + password backend is used. You are not ready to launch into LDAP yet, so you + accept the limitation of having one central Domain Controller with a Domain + Member server in two buildings on your campus. A number of clever techniques + are used to demonstrate some of the smart options built into Samba. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 6 &smbmdash; Making Users Happy</term><listitem> + <para> + Congratulations again. Abmas is happy with your services and you have been given another raise. + Your users are becoming much more capable and are complaining about little + things that need to be fixed. Are you up to the task? Mary says it takes her 20 minutes + to log onto the network and it is killing her productivity. Email is a bit <emphasis> + unreliable</emphasis> &smbmdash; have you been sleeping on the job? We do not discuss the + technology of email but when the use of mail clients breaks because of networking + problems, you had better get on top of it. It's time for a change. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file + makes use of encrypted passwords; a distributed <filename>ldapsam</filename> + password backend is used. Roaming profiles are enabled. Desktop profile controls + are introduced. Check out the techniques that can improve the user experience + of network performance. As a special bonus, this chapter documents how to configure + smart downloading of printer drivers for drag-and-drop printing support. And, yes, + the secret of configuring CUPS is clearly documented. Go for it; this one will + tease you, too. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 7 &smbmdash; A Distributed 2000-User Network</term><listitem> + <para> + Only eight months have passed, and Abmas has acquired another company. You now need to expand + the network further. You have to deal with a network that spans several countries. + There are three new networks in addition to the original three buildings at the head-office + campus. The head office is in New York and you have branch offices in Washington, Los Angeles, and + London. Your desktop standard is Windows XP Professional. In many ways, everything has changed + and yet it must remain the same. Your team is primed for another roll-out. You know there are + further challenges ahead. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; Slave LDAP servers are introduced. Samba is + configured to use multiple LDAP backends. This is a brief chapter; it assumes that the + technology has been mastered and gets right down to concepts and how to deploy them. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 8 &smbmdash; Migrating NT4 Domain to Samba-3</term><listitem> + <para> + Another six months have <?latex \linebreak ?> + passed. Abmas has acquired yet another company. You will find a + way to migrate all users off the old network onto the existing network without loss + of passwords and will effect the change-over during one weekend. May the force (and caffeine) be with + you, may you keep your back to the wind and may the sun shine on your face. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demonstrates the use of + the <command>net rpc migrate</command> facility using an LDAP ldapsam backend, and also + using a tdbsam passdb backend. Both are much-asked-for examples of NT4 Domain migration. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 9 &smbmdash; Adding UNIX/Linux Servers and Clients</term><listitem> + <para> + Well done, Bob, your team has achieved much. Now help Abmas integrate the entire network. + You want central control and central support and you need to cut costs. How can you reduce administrative + overheads and yet get better control of the network? + </para> + + <para> + This chapter has been contributed by Mark Taylor <email>mark.taylor@siriusit.co.uk</email> + and is based on a live site. For further information regarding this example case, + please contact Mark directly. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; It is time to consider how to add Samba servers + and UNIX and Linux network clients. Users who convert to Linux want to be able to log on + using Windows network accounts. You explore nss_ldap, pam_ldap, winbind, and a few neat + techniques for taking control. Are you ready for this? + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 10 &smbmdash; Active Directory, Kerberos and Security</term><listitem> + <para> + Abmas has acquired another company that has just migrated to running Windows Server 2003 and + Active Directory. One of your staff makes offhand comments that land you in hot water. + A network security auditor is hired by the head of the new business and files a damning + report, and you must address the <emphasis>defects</emphasis> reported. You have hired new + network engineers who want to replace Microsoft Active Directory with a pure Kerberos + solution. How will you handle this? + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; This chapter is your answer. Learn about + share access controls, proper use of UNIX/Linux file system access controls, and Windows + 200x Access Control Lists. Follow these steps to beat the critics. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 11 &smbmdash; Integrating Additional Services</term><listitem> + <para> + The battle is almost over, Samba-3 has won the day. Your team are delighted and now you + find yourself at yet another cross-roads. Abmas have acquired a snack food business, you + made promises you must keep. IT costs must be reduced, you have new resistance, but you + will win again. This time you choose to install the Squid proxy server to validate the + fact that Samba is far more than just a file and print server. SPNEGO authentication + support means that your Microsoft Windows clients gain transparent proxy access. + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; Samba provides the <command>ntlm_auth</command> + module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web + and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated + access control based using the Active Directory Domain user security credentials. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Chapter 12 &smbmdash; Performance, Reliability and Availability</term><listitem> + <para> + Bob, are you sure the new Samba server is up to the load? Your network is serving many + users who risk becoming unproductive. What can you do to keep ahead of demand? Can you + keep the cost under control also? What can go wrong? + </para> + + <para><emphasis>TechInfo</emphasis> &smbmdash; Hot tips that put chili into your + network. Avoid name resolution problems, identify potential causes of network collisions, + avoid Samba configuration options that will weigh the server down. MS distributed file + services to make your network fly and much more. This chapter contains a good deal of + <quote>Did I tell you about this...?</quote> type of hints to help keep your name on the top + performers list. + </para> + </listitem> + </varlistentry> + </variablelist> + + </sect1> + + <!-- the conventions used in this book --> + <xi:include href="conventions.xml" xmlns:xi="http://www.w3.org/2003/XInclude" /> + +</preface> + |