From 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 10:09:40 -0500 Subject: Moving docs tree to docs-xml to make room for generated docs in the release tarball. (This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14) --- docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml | 392 +++++++++++++++++++++++++ 1 file changed, 392 insertions(+) create mode 100644 docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml (limited to 'docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml') diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml new file mode 100644 index 0000000000..f46cc8e181 --- /dev/null +++ b/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml @@ -0,0 +1,392 @@ + + + + + &author.jht; + June 30, 2005 + +Advanced Configuration Techniques + + +configuration techniques +include +Since the release of the first edition of this book there have been repeated requests to better document +configuration techniques that may help a network administrator to get more out of Samba. Some users have asked +for documentation regarding the use of the file-name parameter. + + + +multiple servers +multiple server personalities +Commencing around mid-2004 there has been increasing interest in the ability to host multiple Samba servers on +one machine. There has also been an interest in the hosting of multiple Samba server personalities on one +server. + + + +technical reviewers +reviewers +Feedback from technical reviewers made the inclusion of this chapter a necessity. So, here is an +answer the questions that have to date not been adequately addressed. Additional user input is welcome as +it will help this chapter to mature. What is presented here is just a small beginning. + + + +multiple servers +multiple hosting +domain controllers +There are a number of ways in which multiple servers can be hosted on a single Samba server. Multiple server +hosting makes it possible to host multiple domain controllers on one machine. Each such machine is +independent, and each can be stopped or started without affecting another. + + + +multiple servers +DMS +anonymous server +Sometimes it is desirable to host multiple servers, each with its own security mode. For example, a single +UNIX/Linux host may be a domain member server (DMS) as well as a generic anonymous print server. In this case, +only domain member machines and domain users can access the DMS, but even guest users can access the generic +print server. Another example of a situation where it may be beneficial to host a generic (anonymous) server +is to host a CDROM server. + + + +separate servers + +Some environments dictate the need to have separate servers, each with their own resources, each of which are +accessible only by certain users or groups. This is one of the simple, but highly effective, ways that Samba +can replace many physical Windows servers in one Samba installation. + + + +Implementation + + + + + +Multiple Server Hosting + + +multiple server hosting +separate instances +nmbd +smbd +winbindd +recompiling +TDB +The use of multiple server hosting involves running multiple separate instances of Samba, each with it's own +configuration file. This method is complicated by the fact that each instance of &nmbd;, &smbd; and &winbindd; +must have write access to entirely separate TDB files. The ability to keep separate the TDB files used by +&nmbd;, &smbd; and &winbindd; can be enabled either by recompiling Samba for each server hosted so each has its +own default TDB directories, or by configuring these in the &smb.conf; file, in which case each instance of +&nmbd;, &smbd; and &winbindd; must be told to start up with its own &smb.conf; configuration file. + + + +independent +listen own socket +socket +SID +Each instance should operate on its own IP address (that independent IP address can be an IP Alias). +Each instance of &nmbd;, &smbd; and &winbindd; should listen only on its own IP socket. This can be secured +using the parameter. Each instance of the Samba server will have its +own SID also, this means that the servers are discrete and independent of each other. + + + +multiple server hosting +private dir +pid directory +lock directory +interfaces +bind interfaces only +netbios name +workgroup +socket address +The user of multiple server hosting is non-trivial, and requires careful configuration of each aspect of +process management and start up. The &smb.conf; parameters that must be carefully configured includes: +, ,, , , , , . + + + +multiple servers +contribute +comprehensive documentation +Those who elect to create multiple Samba servers should have the ability to read and follow +the Samba source code, and to modify it as needed. This mode of deployment is considered beyond the scope of +this book. However, if someone will contribute more comprehensive documentation we will gladly review it, and +if it is suitable extend this section of this chapter. Until such documentation becomes available the hosting +of multiple samba servers on a single host is considered not supported for Samba-3 by the Samba Team. + + + + + +Multiple Virtual Server Personalities + + +multiple virtual servers +netbios alias +meta-services +Samba has the ability to host multiple virtual servers, each of which have their own personality. This is +achieved by configuring an &smb.conf; file that is common to all personalities hosted. Each server +personality is hosted using its own name, and each has its own distinct + section. Each server may have its own stanzas for services and meta-services. + + + +workgroup +security +netbios aliases +When hosting multiple virtual servers, each with their own personality, each can be in a different workgroup. +Only the primary server can be a domain member or a domain controller. The personality is defined by the +combination of the mode it is operating in, the it has, and the that is defined for it. + + + +NetBIOS name +NetBIOS-less SMB +smb ports +TCP port 139 +TCP port 445 +%L +This configuration style can be used either with NetBIOS names, or using NetBIOS-less SMB over TCP services. +If run using NetBIOS mode (the most common method) it is important that the parameter 139 should be specified in the primary &smb.conf; file. Failure to do this will result +in Samba operating over TCP port 445 and problematic operation at best, and at worst only being able to obtain +the functionality that is specified in the primary &smb.conf; file. The use of NetBIOS over TCP/IP using only +TCP port 139 means that the use of the %L macro is fully enabled. If the 139 is not specified (the default is 445 139, or if +the value of this parameter is set at 139 445 then the %L macro +is not serviceable. + + + +host multiple servers +multiple personality +NetBIOS-less +%i macro +It is possible to host multiple servers, each with their own personality, using port 445 (the NetBIOS-less SMB +port), in which case the %i macro can be used to provide separate server identities (by +IP Address). Each can have its own mode. It will be necessary to use the +, and IP aliases in addition to +the parameters to create the virtual servers. This method is considerably +more complex than that using NetBIOS names only using TCP port 139. + + + +anonymous file server +Consider an example environment that consists of a standalone, user-mode security Samba server and a read-only +Windows 95 file server that has to be replaced. Instead of replacing the Windows 95 machine with a new PC, it +is possible to add this server as a read-only anonymous file server that is hosted on the Samba server. Here +are some parameters: + + + +The Samba server is called ELASTIC, its workgroup name is ROBINSNEST. +The CDROM server is called CDSERVER and its workgroup is ARTSDEPT. A +possible implementation is shown here: + + + +/etc/samba +nmbd +smbd +smb.conf +The &smb.conf; file for the master server is shown in Elastic smb.conf File. +This file is placed in the /etc/samba directory. Only the &nmbd; and the &smbd; daemons +are needed. When started the server will appear in Windows Network Neighborhood as the machine +ELASTIC under the workgroup ROBINSNEST. It is helpful if the Windows +clients that must access this server are also in the workgroup ROBINSNEST as this will make +browsing much more reliable. + + + +Elastic smb.conf File + +Global parameters + +ROBINSNEST +ELASTIC +CDSERVER +139 +cups +Yes +No +cups +/etc/samba/smb-%L.conf + + +Home Directories +%S +No +No + + +Data +/data +No + + +All Printers +/var/spool/samba +0600 +Yes +Yes +Yes +No + + + + +smb-cdserver.conf +The configuration file for the CDROM server is listed in CDROM Server +smb-cdserver.conf file. This file is called smb-cdserver.conf and it should be +located in the /etc/samba directory. Machines that are in the workgroup +ARTSDEPT will be able to browse this server freely. + + + +CDROM Server smb-cdserver.conf file + +Global parameters + +ARTSDEPT +CDSERVER +Bad User +Yes + + +CDROM Share +/export/cddata +Yes +Yes + + + + +different resources +separate workgroups +read-only access +nobody account +The two servers have different resources and are in separate workgroups. The server ELASTIC +can only be accessed by uses who have an appropriate account on the host server. All users will be able to +access the CDROM data that is stored in the /export/cddata directory. File system +permissions should set so that the others user has read-only access to the directory and its +contents. The files can be owned by root (any user other than the nobody account). + + + + + +Multiple Virtual Server Hosting + + +primary domain controller +extra machine +same domain/workgroup +In this example, the requirement is for a primary domain controller for the domain called +MIDEARTH. The PDC will be called MERLIN. An extra machine called +SAURON is required. Each machine will have only its own shares. Both machines belong to the +same domain/workgroup. + + + +master smb.conf +/etc/samba + +The master &smb.conf; file is shown in the Master smb.conf File Global Section. +The two files that specify the share information for each server are shown in the +smb-merlin.conf File Share Section, and the smb-sauron.conf File Share +Section. All three files are locate in the /etc/samba directory. + + + +Master smb.conf File Global Section + +Global parameters + +MIDEARTH +MERLIN +SAURON +tdbsam +139 +0 +CUPS +No +/usr/sbin/useradd -m '%u' +/usr/sbin/userdel -r '%u' +/usr/sbin/groupadd '%g' +/usr/sbin/groupdel '%g' +/usr/sbin/usermod -G '%g' '%u' +/usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' +scripts\login.bat + +X: +Yes +Yes +Yes +CUPS +/etc/samba/smb-%L.conf + + + + +MERLIN smb-merlin.conf File Share Section + +Global parameters + +MIDEARTH +MERLIN + + +Home Directories +%S +No +No + + +Data +/data +No + + +NETLOGON +/var/lib/samba/netlogon +Yes +No + + +All Printers +/var/spool/samba +Yes +Yes +No + + + + +SAURON smb-sauron.conf File Share Section + +Global parameters + +MIDEARTH +SAURON + + +Web Pages +/srv/www/htdocs +No + + + + + + + + -- cgit