From 77ce052cb5ac82717070f4eed69cd1082f0e2819 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Wed, 13 Apr 2005 02:38:07 +0000 Subject: Another installment in the reorg. (This used to be commit c6987ebbedddbc2bb04840df8903e57514c68cfe) --- docs/Samba-Guide/SBE-acknowledgements.xml | 49 +++ docs/Samba-Guide/SBE-foreword.xml | 107 ++++++ docs/Samba-Guide/SBE-front-matter.xml | 11 + docs/Samba-Guide/SBE-glossary.xml | 258 ++++++++++++++ docs/Samba-Guide/SBE-inside-cover.xml | 35 ++ docs/Samba-Guide/SBE-preface.xml | 567 ++++++++++++++++++++++++++++++ docs/Samba-Guide/acknowledgements.xml | 49 --- docs/Samba-Guide/foreword.xml | 107 ------ docs/Samba-Guide/front-matter.xml | 11 - docs/Samba-Guide/glossary.xml | 258 -------------- docs/Samba-Guide/index.xml | 10 +- docs/Samba-Guide/inside-cover.xml | 35 -- docs/Samba-Guide/preface.xml | 567 ------------------------------ 13 files changed, 1032 insertions(+), 1032 deletions(-) create mode 100644 docs/Samba-Guide/SBE-acknowledgements.xml create mode 100644 docs/Samba-Guide/SBE-foreword.xml create mode 100644 docs/Samba-Guide/SBE-front-matter.xml create mode 100644 docs/Samba-Guide/SBE-glossary.xml create mode 100644 docs/Samba-Guide/SBE-inside-cover.xml create mode 100644 docs/Samba-Guide/SBE-preface.xml delete mode 100644 docs/Samba-Guide/acknowledgements.xml delete mode 100644 docs/Samba-Guide/foreword.xml delete mode 100644 docs/Samba-Guide/front-matter.xml delete mode 100644 docs/Samba-Guide/glossary.xml delete mode 100644 docs/Samba-Guide/inside-cover.xml delete mode 100644 docs/Samba-Guide/preface.xml (limited to 'docs/Samba-Guide') diff --git a/docs/Samba-Guide/SBE-acknowledgements.xml b/docs/Samba-Guide/SBE-acknowledgements.xml new file mode 100644 index 0000000000..2d02ed3795 --- /dev/null +++ b/docs/Samba-Guide/SBE-acknowledgements.xml @@ -0,0 +1,49 @@ + + + + +Acknowledgments + + + Samba-3 by Example would not have been written except + as a result of feedback provided by reviewers of the book The + Official Samba-3 HOWTO and Reference Guide. I hope this book + more than answers the challenge and fills the void that was brought to + my attention. + + + + I am deeply indebted to a large group of diligent people. Space prevents + me from listing all of them, but a few stand out as worthy of mention. + Jelmer Vernooij made the notable contribution of building the XML production + environment and thereby made possible the typesetting of this book. + + + + Samba would not have come into existence if Andrew Tridgell had not taken + the first steps. He continues to lead the project. Under the shadow of his + mantle are some great guys who never give up and are always ready to help. + Thank you to: Jeremy Allison, Jerry Carter, Andrew Bartlett, Jelmer Vernooij, + Alexander Bokovoy, Volker Lendecke, and other team members who answered my + continuous stream of questions &smbmdash; all of which resulted in improved content + in this book. + + + + My heartfelt thanks go out also to a small set of reviewers (alphabetically + listed) who gave substantial feedback and significant suggestions for improvement: + Roland Gruber, Luke Howard, Jon Johnston, Alan Munter, Tarjei Huse, Mike MacIsaac, + Scott Mann, Ed Riddle, Santos Soler, Mark Taylor, and Jérôme Tournier. + + + + My appreciation is extended to a team of over 30 additional reviewers who + helped me to find my way around dark corners. + + + + Particular mention is due to Lyndell, Amos and Melissa who gave me the + latitude necessary to spend nearly a entire year writing Samba documentation. + + + diff --git a/docs/Samba-Guide/SBE-foreword.xml b/docs/Samba-Guide/SBE-foreword.xml new file mode 100644 index 0000000000..38770d7e9b --- /dev/null +++ b/docs/Samba-Guide/SBE-foreword.xml @@ -0,0 +1,107 @@ + + + + +Foreword + +By Dan Kusnetzky, IDC +
+ +Dan Kusnetzky, Vice President System Software Research, International Data Corporation + + + +IDC's software research group has been conducting research on the market for software, +including operating environments, for over twenty years. In 1994, the system software +research team started to field questions from its subscribers on Linux. We had very +little empirical data to offer when these queries first were heard, so IDC added Linux +to its operating environment research agenda. The first demand and supply side research +containing IDC's findings on Linux started to appear in early 1995. + + + +IDC has watched as Linux marched from being software for computer hobbyists to being +a mainstream choice in many markets worldwide. This march is very similar to the adoption +cycle UNIX experienced in the 1970s and 1980s. Windows repeated this pattern of adoption +during the 1980s and 1990s. IDC has long projected that Linux would be a mainstream +choice in nearly all markets by the end of 2005. The software is well down that path +now and just might beat IDC's projections. + + + +As of the end of 2002, Linux was the number three desktop or client operating environment, +responsible for nearly 3% of the worldwide shipments of client operating environment +software. Linux was the number two server operating environment, responsible for nearly +25% of the worldwide shipments of server operating environment software. This is an amazing +level of growth from its rather humble beginnings of holding less than 1% share of either +client or server operating environment market when IDC first started publishing its findings +on Linux. + + + +IDC's demand-side studies have indicated that Linux is most often utilized as a platform +for basic infrastructure services, such as supporting access to shared files and printers +or supporting basic networking functions. IDC's most recent survey, conducted in late 2003, +indicated that supporting file and print services was the most common use of Linux. Samba +and NFS are the most commonly mentioned approaches to offering file and print services on +Linux. + + + +Nearly all of IDC's operating environment studies have shown that Linux is being added +into organizational networks that already include Windows, UNIX, and mainframe operating +environments. This, of course, means that interoperability with these operating environments +is a crucial success factor for Linux. + + + +All of this leads to the book in hand, Samba-3 By Example, by John H. Terpstra, It addresses +the most commonly heard questions about bringing Linux and Samba into a Windows or UNIX +focused environment. Namely, organizations voice concerns about staff having sufficient +levels of expertise to facilitate development, administration, operations and support activities +around the adoption of Linux and Samba. I expect Samba-3 by Example will be of enormous help +to Windows or UNIX administrators hoping to gain a level of comfort and familiarity with both +Linux and Samba. + + + +Samba is a mature open source software product that is well established as a leading Windows +file and print technology in use on large-scale UNIX systems. Its stability and scalability +appears to be well respected. This book demonstrates easy approaches to implementing Samba-3 +no matter whether your network is large or small. It is a book that would make a fine addition +to the network administrators' library! + +
+ +
+ + +By Andrew Tridgell, Samba Team + +
+Andrew Tridgell, President, Samba Team + + + +I've always been the sort of computer user that learns best by +example. Seeing a complete example matching a real-world use of a +piece of software gives me an understanding of that software far +better than reading detailed manuals. If, like me, you are the sort of +computer user that learns best by example then this book is for you. + + + +I was also delighted to see the use of ethereal to illustrate the +network protocols used by Samba. Ethereal has developed into a very +sophisticated network analysis tool, and familiarity with using +ethereal is a very useful skill for any system administrator. + + + +Enjoy this book, and make the most of Samba! + +
+ +
+ +
diff --git a/docs/Samba-Guide/SBE-front-matter.xml b/docs/Samba-Guide/SBE-front-matter.xml new file mode 100644 index 0000000000..1afd6cd14b --- /dev/null +++ b/docs/Samba-Guide/SBE-front-matter.xml @@ -0,0 +1,11 @@ + + + + +Front Matter + + + Just a place holder. + + + diff --git a/docs/Samba-Guide/SBE-glossary.xml b/docs/Samba-Guide/SBE-glossary.xml new file mode 100644 index 0000000000..3968e24c31 --- /dev/null +++ b/docs/Samba-Guide/SBE-glossary.xml @@ -0,0 +1,258 @@ + + + + Glossary + + + Access Control List + ACL + + A detailed list of permissions granted to users or groups with respect to file and network + resource access. + + + + + Active Directory Service + ADS + + A service unique to Microsoft Windows 200x servers that provides a centrally managed + directory for management of user identities and computer objects, as well as the + permissions each user or computer may be granted to access distributed network resources. + ADS uses Kerberos-based authentication and LDAP over Kerberos for directory access. + + + + + Common Internet File System + CIFS + + The new name for SMB. Microsoft renamed the SMB protocol to CIFS during + the Internet hype in the 1990s. At about the time that the SMB protocol was renamed + to CIFS, an additional dialect of the SMB protocol was in development. The need for the + deployment of the NetBIOS layer was also removed, thus paving the way for use of the SMB + protocol natively over TCP/IP (known as NetBIOS-less SMB or naked TCP + transport). + + + + + Common UNIX Printing System + CUPS + + A recent implementation of a high-capability printing system for UNIX developed by + Easy Software Inc. The design objective + of CUPS was to provide a rich print processing system that has built-in intelligence + that is capable of correctly rendering (processing) a file that is submitted for + printing even if it was formatted for an entirely different printer. + + + + + + Domain Master Browser + DMB + + The Domain Master Browser maintains a list of all the servers that + have announced their services within a given workgroup or NT domain. + + + + + Domain Name Service + DNS + + A protocol by which computer hostnames may be resolved to the matching IP address/es. + DNS is implemented by the Berkeley Internet Name Daemon. There exists a recent version + of DNS that allows dynamic name registration by network clients or by a DHCP server. + This recent protocol is known as Dynamic DNS (DDNS). + + + + + Dynamic Host Configuration Protocol + DHCP + + A protocol that was based on the BOOTP protocol that may be used to dynamically assign + an IP address, from a reserved pool of addresses, to a network client or device. + Additionally, DHCP may assign all network configuration settings and may be used to + register a computer name and its address with a Dynamic DNS server. + + + + + Ethereal + ethereal + + A network analyzer, also known as: a network sniffer or a protocol analyzer. Ethereal is + freely available for UNIX/Linux and Microsoft Windows systems from + the Ethereal Web site. + + + + + Group IDentifier + GID + + The UNIX system Group Identifier; on older systems, a 32-bit unsigned integer, and on + newer systems, an unsigned 64-bit integer. The GID is used in UNIX-like operating systems + for all group level access control. + + + + + Key Distribution Center + KDC + + The Kerberos authentication protocol makes use of security keys (also called a ticket) + by which access to network resources is controlled. The issuing of Kerberos tickets + is effected by a KDC. + + + + + Light Weight Directory Access Protocol + LDAP + + + The Light Weight Directory Access Protocol is a technology that + originated from the development of X.500 protocol specifications and + implementations. LDAP was designed as a means of rapidly searching + through X.500 information. Later LDAP was adapted as an engine that + could drive its own directory database. LDAP is not a database per + se; rather it is a technology that enables high volume search and + locate activity from clients that wish to obtain simply defined + information about a sub-set of records that are stored in a + database. LDAP does not have a particularly efficient mechanism for + storing records in the database, and it has no concept of transaction + processing nor of mechanisms for preserving data consistency. LDAP is + premised around the notion that the search and read activity far + outweigh any need to add, delete, or modify records. LDAP does + provide a means for replication of the database so as to keep slave + servers up to date with a master. It also has built-in capability to + handle external references and deferral. + + + + + Local Master Browser + LMB + + The Local Master Browser maintains a list of all servers that have announced themselves + within a given workgroup or NT domain on a particular broadcast isolated subnet. + + + + + Media Access Control + MAC + + The hard-coded address of the physical layer device that is attached to the network. + All network interface controllers must have a hard-coded and unique MAC address. The + MAC address is 48 bits long. + + + + + NetBIOS Extended User Interface + NetBEUI + + Very simple network protocol invented by IBM and Microsoft. It is used to do NetBIOS + over ethernet with low overhead. NetBEUI is a non-routable protocol. + + + + + Network Address Translation + NAT + + Network address translation is a form of IP address masquerading. It ensures that internal + private (RFC1918) network addresses from packets inside the network are rewritten so + that TCP/IP packets that leave the server over a public connection are seen to come only + from the external network address. + + + + + Network Basic Input/Output System + NetBIOS + + NetBIOS is a simple application programming interface (API) invented in the 1980s + that allows programs to send data to certain network names. NetBIOS is always run over + another network protocol such as IPX/SPX, TCP/IP, or Logical Link Control (LLC). + NetBIOS run over LLC is best known as NetBEUI (The NetBIOS Extended User Interface + &smbmdash; a complete misnomer!). + + + + + NetBT + NBT + + Protocol for transporting NetBIOS frames over TCP/IP. Uses ports 137, 138, and 139. + NetBT is a fully routable protocol. + + + + + NT/LanManager Security Support Provider + NTLMSSP + + The NTLM Security Support Provider (NTLMSSP) service in Windows NT4/200x/XP is responsible for + handling all NTLM authentication requests. It is the front end for protocols such as SPNEGO, + Schannel, and other technologies. The generic protocol family supported by NTLMSSP is known as + GSSAPI, the Generic Security Service Application Program Interface specified in RFC2078. + + + + + Server Message Block + SMB + + SMB was the original name of the protocol spoken by Samba. It was invented in the 1980s + by IBM and adopted and extended further by Microsoft. Microsoft renamed the protocol to + CIFS during the Internet hype in the 1990s. + + + + + The Simple and Protected GSS-API Negotiation + SPNEGO + + The purpose of SPNEGO is to allow a client and server to negotiate a security mechanism for + authentication. The protocol is specified in RFC2478 and uses tokens as built via ASN.1 DER. + DER refers to Distinguished Encoding Rules. These are a set of common rules for creating + binary encodings in a platform-independent manner. Samba has support for SPNEGO. + + + + + The Official Samba-3 HOWTO and Reference Guide + TOSHARG + + This book makes repeated reference to The Official Samba-3 HOWTO and Reference Guide + by John H. Terpstra (Author) and Jelmer R. Vernooij (Author). This publication is available from + Amazon.com. Publisher: Prentice Hall PTR (October 2003), + ISBN: 0131453556. + + + + + User IDentifier + UID + + The UNIX system User Identifier; on older systems, a 32-bit unsigned integer, and on newer systems, + an unsigned 64-bit integer. The UID is used in UNIX-like operating systems for all user level access + control. + + + + + Universal Naming Convention + UNC + A syntax for specifying the location of network resources (such as file shares). + The UNC syntax was developed in the early days of MS DOS 3.x and is used internally by the SMB protocol. + + + + diff --git a/docs/Samba-Guide/SBE-inside-cover.xml b/docs/Samba-Guide/SBE-inside-cover.xml new file mode 100644 index 0000000000..b55a333f9e --- /dev/null +++ b/docs/Samba-Guide/SBE-inside-cover.xml @@ -0,0 +1,35 @@ + + + +About the Cover Artwork + + + The cover artwork of this book continues a theme chosen for the book, + The Official Samba-3 HOWTO and Reference Guide, + the cover of which features a Confederate scene. Samba has had a major + impact on the network deployment of Microsoft Windows desktop systems. + The cover artwork of the two official Samba books tells of events that + likewise had a major impact on the future. + + + + Samba-3 by Example Cover Artwork: King Alfred the Great + (born 849, ruled 871-899) was one of the most amazing kings ever to + rule England. He defended Anglo-Saxon England from Viking raids, formulated + a code of laws, and fostered a rebirth of religious and scholarly activity. + His reign exhibits military skill and innovation, sound governance and the + ability to inspire men to plan for the future. Alfred liberated England + at a time when all resistence seemed futile. + + + + Samba is a network interoperability solution that provides real choice for network + administrators. It is an adjunct to Microsoft Windows networks that provides + interoperability of UNIX systems with Microsoft Windows desktop and server systems. + You may use Samba to realize the freedom it provides for your network environment + thanks to a dedicated team who work behind the scenes to give you a better choice. + The efforts of these few dedicated developers continues to shape the future of + the Windows interoperability landscape. Enjoy! + + + diff --git a/docs/Samba-Guide/SBE-preface.xml b/docs/Samba-Guide/SBE-preface.xml new file mode 100644 index 0000000000..5bde840dc8 --- /dev/null +++ b/docs/Samba-Guide/SBE-preface.xml @@ -0,0 +1,567 @@ + + + + Preface + + + Network administrators live busy lives. We face distractions and pressures + that drive us to seek proven, working case scenarios that can be easily + implemented. Often this approach lands us in trouble. There is a + saying that, geometrically speaking, the shortest distance between two + points is a straight line, but practically we find that the quickest + route to a stable network solution is the long way around. + + + + This book is your means to the straight path. It provides step-by-step, + proven, working examples of Samba deployments. If you want to deploy + Samba-3 with the least effort, or if you want to become an expert at deploying + Samba-3 without having to search through lots of documentation, this + book is the ticket to your destination. + + + + Samba is software that can be run on a platform other than Microsoft Windows, + for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. + Samba uses the TCP/IP protocol that is installed on the host server. When + correctly configured, it allows that host to interact with a Microsoft Windows + client or server as if it is a Windows file and print server. This book + will help you to implement Windows-compatible file and print services. + + + + The examples presented in this book are typical of various businesses and + reflect the problems and challenges they face. Care has been taken to preserve + attitudes, perceptions, practices, and demands from real network case studies. + The maximum benefit may be obtained from this book by working carefully through + each exercise. You may be in a hurry to satisfy a specific need, so feel + free to locate the example that most closely matches your need, copy it, and + innovate as much as you like. Above all, enjoy the process of learning the + secrets of MS Windows networking that is truly liberated by Samba. + + + + The focus of attention in this book is Samba-3. Specific notes are made in + respect of how Samba may be made secure. This book does not attempt to provide + detailed information regarding secure operation and configuration of peripheral + services and applications such as OpenLDAP, DNS and DHCP, the need for which + can be met from other resources that are dedicated to the subject. + + + + Why Is This Book Necessary? + + + This book is the result of observations and feedback. The feedback from + the Samba-HOWTO-Collection has been positive and complimentary. There + have been requests for far more worked examples, a + Samba Cookbook, and for training materials to + help kick-start the process of mastering Samba. + + + + The Samba mailing list's users have asked for sample configuration files + that work. It is natural to question one's own ability to correctly + configure a complex tool such as Samba until a minimum necessary + knowledge level has been attained. + + + + The Samba-HOWTO-Collection, as do The Official Samba-3 HOWTO and + Reference Guide, document Samba features and functionality in + a topical context. This book takes a completely different approach. It + walks through Samba network configurations that are working within particular + environmental contexts, providing documented step-by-step implementations. + All example case configuration files, scripts, and other tools are provided + on the CD-ROM. This book is descriptive, provides detailed diagrams, and + makes deployment of Samba-3 a breeze. + + + + Samba 3.0.15 Update Edition + + + The Samba 3.0.x series has been remarkably popular. At the time this book first + went to print samba-3.0.2 was being released. There have been significant modifications + and enhancements between samba-3.0.2 and samba-3.0.11 (the current release) that + necessitate this documentation update. This update has the specific intent to + refocus this book so that its guidance can be followed for samba-3.0.12 + and beyond. Further changes are expected as Samba-3 matures further and will + be reflected in future updates. + + + + The changes shown in are incorporated in this update: + + + + Samba Changes &smbmdash; 3.0.2 to 3.0.15 + + + + + + + + New Feature + + + + + Description + + + + + + + + + Winbind Case Handling + + + + + User and group names returned by winbindd are now converted to lower case + for better consistency. Samba implementations that depend on the case of information returned + by winbind (such as %u and %U) must now convert the dependency to expecting lower case values. + This affects mail spool files, home directories, valid user lines in the &smb.conf; file, etc. + + + + + + + Schema Changes + + + + + Addition of code to handle password aging, password uniqueness controls, bad + password instances at logon time, have made necessary extensions to the SambaSAM + schema. This change affects all sites that use LDAP and means that the directory + schema must be updated. + + + + + + + Username Map Handling + + + + + Samba-3.0.8 redefined the behavior: Local authentication results in a username map file + lookup before authenticating the connection. All authentication via an external domain + controller will result in the use of the fully qualified name (i.e.: DOMAIN\username) + after the user has been successfully authenticated. + + + + + + + UNIX extension handling + + + + + Symbolicly linked files and directories on the UNIX host to absolute paths will + now be followed. This can be turned off using wide links = No in + the share stanza in the &smb.conf; file. Turning off wide links + support will degrade server performance because each path must be checked. + + + + + + + Privileges Support + + + + + Versions of Samba prior to samba-3.0.11 required the use of the UNIX root + account from network Windows clients. The new enable privileges = Yes capability + means that functions such as adding machines to the domain, managing printers, etc. can now + be delegated to normal user accounts or to groups of users. + + + + + +
+
+ +
+ + + Prerequisites + + + This book is not a tutorial on UNIX or Linux administration. UNIX and Linux + training is best obtained from books dedicated to the subject. This book + assumes that you have at least the basic skill necessary to use these operating + systems, and that you can use a basic system editor to edit and configure files. + It has been written with the assumption that you have experience with Samba, + have read The Official Samba-3 HOWTO and Reference Guide and + the Samba-HOWTO-Collection, or that you have familiarity with Microsoft Windows. + + + + If you do not have this experience, you can follow the examples in this book but may + find yourself at times intimidated by assumptions made. In this situation, you + may need to refer to administrative guides or manuals for your operating system + platform to find what is the best method to achieve what the text of this book describes. + + + + + + Approach + + + The first chapter deals with some rather thorny network analysis issues. Do not be + put off by this. The information you glean, even without a detailed understanding + of network protocol analysis, can help you understand how Windows networking functions. + + + + Each following chapter of this book opens with the description of a networking solution + sought by a hypothetical site. Bob Jordan is a hypothetical decision maker + for an imaginary company, Abmas Biz NL. We will use the + non-existent domain name abmas.biz. All facts + presented regarding this company are fictitious and have been drawn from a variety of real + business scenarios over many years. Not one of these reveal the identify of the + real-world company from which the scenario originated. + + + + In any case, Mr. Jordan likes to give all his staff nasty little assignments. + Stanley Saroka is one of his proteges; Christine Roberson is the network administrator + Bob trusts. Jordan is inclined to treat other departments well because they finance + Abmas IT operations. + + + + Each chapter presents a summary of the network solution we have chosen to + demonstrate together with a rationale to help you to understand the + thought process that drove that solution. The chapter then documents in precise + detail all configuration files and steps that must be taken to implement the + example solution. Anyone wishing to gain serious value from this book will + do well to take note of the implications of points made, so watch out for the + this means that notations. + + + + Each chapter has a set of questions and answers to help you to + to understand and digest key attributes of the solutions presented. + + + + + + Summary of Topics + + + The contents of this second edition of Samba-3 by Example + have been rearranged based on feedback from purchasers of the first edition. + + + + Clearly the first edition contained most of what was needed and that was missing + from other books that cover this difficult subject. The new arrangement adds + additional material to meet consumer requests and includeis changes that originated + as suggestions for improvement. + + + + Chapter 1 now dives directly into the heart of the implementation of Windows + file and print server networks that use Samba at the heart. + + + + + Chapter 1 &smbmdash; No Frills Samba Servers + + Here you design a solution for three different business scenarios, each for a + company called Abmas. There are two simple networking problems and one slightly + more complex networking challenge. In the first two cases, Abmas has a small + simple office, and they want to replace a Windows 9x peer-to-peer network. The + third example business uses Windows 2000 Professional. This must be simple, + so let's see how far we can get. If successful, Abmas grows quickly and + soon needs to replace all servers and workstations. + + + TechInfo &smbmdash; This chapter demands: + + Case 1: The simplest &smb.conf; file that may + reasonably be used. Works with Samba-2.x also. This + configuration uses Share Mode security. Encrypted + passwords are not used, so there is no + smbpasswd file. + + + Case 2: Another simple &smb.conf; file that adds + WINS support and printing support. This case deals with + a special requirement that demonstrates how to deal with + purpose-built software that has a particular requirement + for certain share names and printing demands. This + configuration uses Share Mode security and also works with + Samba-2.x. Encrypted passwords are not used, so there is no + smbpasswd file. + + + Case 3: This &smb.conf; configuration uses User Mode + security. The file share configuration demonstrates + the ability to provide master access to an administrator + while restricting all staff to their own work areas. + Encrypted passwords are used, so there is an implicit + smbpasswd file. + + + + + + + + Chapter 2 &smbmdash; Small Office Networking + + Abmas is a successful company now. They have 50 network users + and want a little more varoom from the network. This is a typical + small office and they want better systems to help them to grow. This is + your chance to really give advanced users a bit more functionality and usefulness. + + + TechInfo &smbmdash; This &smb.conf; file + makes use of encrypted passwords, so there is an smbpasswd + file. It also demonstrates use of the valid users and + valid groups to restrict share access. The Windows + clients access the server as Domain members. Mobile users log onto + the Domain while in the office, but use a local machine account while on the + road. The result is an environment that answers mobile computing user needs. + + + + + + Chapter 3 &smbmdash; Secure Office Networking + + Abmas is growing rapidly now. Money is a little tight, but with 130 + network users, security has become a concern. They have many new machines + to install and the old equipment will be retired. This time they want the + new network to scale and grow for at least two years. Start with a sufficient + system and allow room for growth. You are now implementing an Internet + connection and have a few reservations about user expectations. + + + TechInfo &smbmdash; This &smb.conf; file + makes use of encrypted passwords, and you can use a tdbsam + password backend. Domain logons are introduced. Applications are served from the central + server. Roaming profiles are mandated. Access to the server is tightened up + so that only domain members can access server resources. Mobile computing + needs still are catered to. + + + + + + Chapter 4 &smbmdash; The 500 User Office + + The two-year projections were met. Congratulations, you are a star. + Now Abmas needs to replace the network. Into the existing user base, they + need to merge a 280-user company they just acquired. It is time to build a serious + network. There are now three buildings on one campus and your assignment is + to keep everyone working while a new network is rolled out. Oh, isn't it nice + to roll out brand new clients and servers! Money is no longer tight, you get + to buy and install what you ask for. You will install routers and a firewall. + This is exciting! + + + TechInfo &smbmdash; This &smb.conf; file + makes use of encrypted passwords, and a tdbsam + password backend is used. You are not ready to launch into LDAP yet, so you + accept the limitation of having one central Domain Controller with a Domain + Member server in two buildings on your campus. A number of clever techniques + are used to demonstrate some of the smart options built into Samba. + + + + + + Chapter 5 &smbmdash; Making Users Happy + + Congratulations again. Abmas is happy with your services and you have been given another raise. + Your users are becoming much more capable and are complaining about little + things that need to be fixed. Are you up to the task? Mary says it takes her 20 minutes + to log onto the network and it is killing her productivity. Email is a bit + unreliable &smbmdash; have you been sleeping on the job? We do not discuss the + technology of email but when the use of mail clients breaks because of networking + problems, you had better get on top of it. It's time for a change. + + + TechInfo &smbmdash; This &smb.conf; file + makes use of encrypted passwords; a distributed ldapsam + password backend is used. Roaming profiles are enabled. Desktop profile controls + are introduced. Check out the techniques that can improve the user experience + of network performance. As a special bonus, this chapter documents how to configure + smart downloading of printer drivers for drag-and-drop printing support. And, yes, + the secret of configuring CUPS is clearly documented. Go for it; this one will + tease you, too. + + + + + + Chapter 6 &smbmdash; A Distributed 2000-User Network + + Only eight months have passed, and Abmas has acquired another company. You now need to expand + the network further. You have to deal with a network that spans several countries. + There are three new networks in addition to the original three buildings at the head-office + campus. The head office is in New York and you have branch offices in Washington, Los Angeles, and + London. Your desktop standard is Windows XP Professional. In many ways, everything has changed + and yet it must remain the same. Your team is primed for another roll-out. You know there are + further challenges ahead. + + + TechInfo &smbmdash; Slave LDAP servers are introduced. Samba is + configured to use multiple LDAP backends. This is a brief chapter; it assumes that the + technology has been mastered and gets right down to concepts and how to deploy them. + + + + + + Chapter 7 &smbmdash; Migrating NT4 Domain to Samba-3 + + Another six months have + passed. Abmas has acquired yet another company. You will find a + way to migrate all users off the old network onto the existing network without loss + of passwords and will effect the change-over during one weekend. May the force (and caffeine) be with + you, may you keep your back to the wind and may the sun shine on your face. + + + TechInfo &smbmdash; This chapter demonstrates the use of + the net rpc migrate facility using an LDAP ldapsam backend, and also + using a tdbsam passdb backend. Both are much-asked-for examples of NT4 Domain migration. + + + + + + Chapter 8 &smbmdash; Migrating NetWare 4.11 Server to Samba + + Misty Stanley-Jones has contributed information that summarizes her experience at migration + from a NetWare server to Samba-3. + + + TechInfo &smbmdash; The documentation provided demonstrates + how one site miigrated from NetWare to Samba. Some alternatives tools are mentioned. These + could be used to provide another pathway to a successful migration. + + + + + + Chapter 9 &smbmdash; Adding UNIX/Linux Servers and Clients + + Well done, Bob, your team has achieved much. Now help Abmas integrate the entire network. + You want central control and central support and you need to cut costs. How can you reduce administrative + overheads and yet get better control of the network? + + + + This chapter has been contributed by Mark Taylor mark.taylor@siriusit.co.uk + and is based on a live site. For further information regarding this example case, + please contact Mark directly. + + + TechInfo &smbmdash; It is time to consider how to add Samba servers + and UNIX and Linux network clients. Users who convert to Linux want to be able to log on + using Windows network accounts. You explore nss_ldap, pam_ldap, winbind, and a few neat + techniques for taking control. Are you ready for this? + + + + + + Chapter 10 &smbmdash; Active Directory, Kerberos and Security + + Abmas has acquired another company that has just migrated to running Windows Server 2003 and + Active Directory. One of your staff makes offhand comments that land you in hot water. + A network security auditor is hired by the head of the new business and files a damning + report, and you must address the defects reported. You have hired new + network engineers who want to replace Microsoft Active Directory with a pure Kerberos + solution. How will you handle this? + + + TechInfo &smbmdash; This chapter is your answer. Learn about + share access controls, proper use of UNIX/Linux file system access controls, and Windows + 200x Access Control Lists. Follow these steps to beat the critics. + + + + + + Chapter 11 &smbmdash; Integrating Additional Services + + The battle is almost over, Samba-3 has won the day. Your team are delighted and now you + find yourself at yet another cross-roads. Abmas have acquired a snack food business, you + made promises you must keep. IT costs must be reduced, you have new resistance, but you + will win again. This time you choose to install the Squid proxy server to validate the + fact that Samba is far more than just a file and print server. SPNEGO authentication + support means that your Microsoft Windows clients gain transparent proxy access. + + + TechInfo &smbmdash; Samba provides the ntlm_auth + module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web + and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated + access control using the Active Directory Domain user security credentials. + + + + + + Chapter 12 &smbmdash; Performance, Reliability and Availability + + Bob, are you sure the new Samba server is up to the load? Your network is serving many + users who risk becoming unproductive. What can you do to keep ahead of demand? Can you + keep the cost under control also? What can go wrong? + + + TechInfo &smbmdash; Hot tips that put chili into your + network. Avoid name resolution problems, identify potential causes of network collisions, + avoid Samba configuration options that will weigh the server down. MS distributed file + services to make your network fly and much more. This chapter contains a good deal of + Did I tell you about this...? type of hints to help keep your name on the top + performers list. + + + + + + Chapter 13 &smbmdash; Windows Networking Primer + + Here we cover practical exercises to help us to understand how MS Windows + network protocols function. A network protocol analyzer helps you to + appreciate the fact that Windows networking is highly dependent on broadcast + messaging. Additionally, you can look into network packets that a Windows + client sends to a network server to set up a network connection. On completion, + you should have a basic understanding of how network browsing functions and + have seen some of the information a Windows client sends to + a file and print server to create a connection over which file and print + operations may take place. + + + + + + + + + + + +
+ diff --git a/docs/Samba-Guide/acknowledgements.xml b/docs/Samba-Guide/acknowledgements.xml deleted file mode 100644 index 2d02ed3795..0000000000 --- a/docs/Samba-Guide/acknowledgements.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - -Acknowledgments - - - Samba-3 by Example would not have been written except - as a result of feedback provided by reviewers of the book The - Official Samba-3 HOWTO and Reference Guide. I hope this book - more than answers the challenge and fills the void that was brought to - my attention. - - - - I am deeply indebted to a large group of diligent people. Space prevents - me from listing all of them, but a few stand out as worthy of mention. - Jelmer Vernooij made the notable contribution of building the XML production - environment and thereby made possible the typesetting of this book. - - - - Samba would not have come into existence if Andrew Tridgell had not taken - the first steps. He continues to lead the project. Under the shadow of his - mantle are some great guys who never give up and are always ready to help. - Thank you to: Jeremy Allison, Jerry Carter, Andrew Bartlett, Jelmer Vernooij, - Alexander Bokovoy, Volker Lendecke, and other team members who answered my - continuous stream of questions &smbmdash; all of which resulted in improved content - in this book. - - - - My heartfelt thanks go out also to a small set of reviewers (alphabetically - listed) who gave substantial feedback and significant suggestions for improvement: - Roland Gruber, Luke Howard, Jon Johnston, Alan Munter, Tarjei Huse, Mike MacIsaac, - Scott Mann, Ed Riddle, Santos Soler, Mark Taylor, and Jérôme Tournier. - - - - My appreciation is extended to a team of over 30 additional reviewers who - helped me to find my way around dark corners. - - - - Particular mention is due to Lyndell, Amos and Melissa who gave me the - latitude necessary to spend nearly a entire year writing Samba documentation. - - - diff --git a/docs/Samba-Guide/foreword.xml b/docs/Samba-Guide/foreword.xml deleted file mode 100644 index 38770d7e9b..0000000000 --- a/docs/Samba-Guide/foreword.xml +++ /dev/null @@ -1,107 +0,0 @@ - - - - -Foreword - -By Dan Kusnetzky, IDC -
- -Dan Kusnetzky, Vice President System Software Research, International Data Corporation - - - -IDC's software research group has been conducting research on the market for software, -including operating environments, for over twenty years. In 1994, the system software -research team started to field questions from its subscribers on Linux. We had very -little empirical data to offer when these queries first were heard, so IDC added Linux -to its operating environment research agenda. The first demand and supply side research -containing IDC's findings on Linux started to appear in early 1995. - - - -IDC has watched as Linux marched from being software for computer hobbyists to being -a mainstream choice in many markets worldwide. This march is very similar to the adoption -cycle UNIX experienced in the 1970s and 1980s. Windows repeated this pattern of adoption -during the 1980s and 1990s. IDC has long projected that Linux would be a mainstream -choice in nearly all markets by the end of 2005. The software is well down that path -now and just might beat IDC's projections. - - - -As of the end of 2002, Linux was the number three desktop or client operating environment, -responsible for nearly 3% of the worldwide shipments of client operating environment -software. Linux was the number two server operating environment, responsible for nearly -25% of the worldwide shipments of server operating environment software. This is an amazing -level of growth from its rather humble beginnings of holding less than 1% share of either -client or server operating environment market when IDC first started publishing its findings -on Linux. - - - -IDC's demand-side studies have indicated that Linux is most often utilized as a platform -for basic infrastructure services, such as supporting access to shared files and printers -or supporting basic networking functions. IDC's most recent survey, conducted in late 2003, -indicated that supporting file and print services was the most common use of Linux. Samba -and NFS are the most commonly mentioned approaches to offering file and print services on -Linux. - - - -Nearly all of IDC's operating environment studies have shown that Linux is being added -into organizational networks that already include Windows, UNIX, and mainframe operating -environments. This, of course, means that interoperability with these operating environments -is a crucial success factor for Linux. - - - -All of this leads to the book in hand, Samba-3 By Example, by John H. Terpstra, It addresses -the most commonly heard questions about bringing Linux and Samba into a Windows or UNIX -focused environment. Namely, organizations voice concerns about staff having sufficient -levels of expertise to facilitate development, administration, operations and support activities -around the adoption of Linux and Samba. I expect Samba-3 by Example will be of enormous help -to Windows or UNIX administrators hoping to gain a level of comfort and familiarity with both -Linux and Samba. - - - -Samba is a mature open source software product that is well established as a leading Windows -file and print technology in use on large-scale UNIX systems. Its stability and scalability -appears to be well respected. This book demonstrates easy approaches to implementing Samba-3 -no matter whether your network is large or small. It is a book that would make a fine addition -to the network administrators' library! - -
- -
- - -By Andrew Tridgell, Samba Team - -
-Andrew Tridgell, President, Samba Team - - - -I've always been the sort of computer user that learns best by -example. Seeing a complete example matching a real-world use of a -piece of software gives me an understanding of that software far -better than reading detailed manuals. If, like me, you are the sort of -computer user that learns best by example then this book is for you. - - - -I was also delighted to see the use of ethereal to illustrate the -network protocols used by Samba. Ethereal has developed into a very -sophisticated network analysis tool, and familiarity with using -ethereal is a very useful skill for any system administrator. - - - -Enjoy this book, and make the most of Samba! - -
- -
- -
diff --git a/docs/Samba-Guide/front-matter.xml b/docs/Samba-Guide/front-matter.xml deleted file mode 100644 index 1afd6cd14b..0000000000 --- a/docs/Samba-Guide/front-matter.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - -Front Matter - - - Just a place holder. - - - diff --git a/docs/Samba-Guide/glossary.xml b/docs/Samba-Guide/glossary.xml deleted file mode 100644 index 3968e24c31..0000000000 --- a/docs/Samba-Guide/glossary.xml +++ /dev/null @@ -1,258 +0,0 @@ - - - - Glossary - - - Access Control List - ACL - - A detailed list of permissions granted to users or groups with respect to file and network - resource access. - - - - - Active Directory Service - ADS - - A service unique to Microsoft Windows 200x servers that provides a centrally managed - directory for management of user identities and computer objects, as well as the - permissions each user or computer may be granted to access distributed network resources. - ADS uses Kerberos-based authentication and LDAP over Kerberos for directory access. - - - - - Common Internet File System - CIFS - - The new name for SMB. Microsoft renamed the SMB protocol to CIFS during - the Internet hype in the 1990s. At about the time that the SMB protocol was renamed - to CIFS, an additional dialect of the SMB protocol was in development. The need for the - deployment of the NetBIOS layer was also removed, thus paving the way for use of the SMB - protocol natively over TCP/IP (known as NetBIOS-less SMB or naked TCP - transport). - - - - - Common UNIX Printing System - CUPS - - A recent implementation of a high-capability printing system for UNIX developed by - Easy Software Inc. The design objective - of CUPS was to provide a rich print processing system that has built-in intelligence - that is capable of correctly rendering (processing) a file that is submitted for - printing even if it was formatted for an entirely different printer. - - - - - - Domain Master Browser - DMB - - The Domain Master Browser maintains a list of all the servers that - have announced their services within a given workgroup or NT domain. - - - - - Domain Name Service - DNS - - A protocol by which computer hostnames may be resolved to the matching IP address/es. - DNS is implemented by the Berkeley Internet Name Daemon. There exists a recent version - of DNS that allows dynamic name registration by network clients or by a DHCP server. - This recent protocol is known as Dynamic DNS (DDNS). - - - - - Dynamic Host Configuration Protocol - DHCP - - A protocol that was based on the BOOTP protocol that may be used to dynamically assign - an IP address, from a reserved pool of addresses, to a network client or device. - Additionally, DHCP may assign all network configuration settings and may be used to - register a computer name and its address with a Dynamic DNS server. - - - - - Ethereal - ethereal - - A network analyzer, also known as: a network sniffer or a protocol analyzer. Ethereal is - freely available for UNIX/Linux and Microsoft Windows systems from - the Ethereal Web site. - - - - - Group IDentifier - GID - - The UNIX system Group Identifier; on older systems, a 32-bit unsigned integer, and on - newer systems, an unsigned 64-bit integer. The GID is used in UNIX-like operating systems - for all group level access control. - - - - - Key Distribution Center - KDC - - The Kerberos authentication protocol makes use of security keys (also called a ticket) - by which access to network resources is controlled. The issuing of Kerberos tickets - is effected by a KDC. - - - - - Light Weight Directory Access Protocol - LDAP - - - The Light Weight Directory Access Protocol is a technology that - originated from the development of X.500 protocol specifications and - implementations. LDAP was designed as a means of rapidly searching - through X.500 information. Later LDAP was adapted as an engine that - could drive its own directory database. LDAP is not a database per - se; rather it is a technology that enables high volume search and - locate activity from clients that wish to obtain simply defined - information about a sub-set of records that are stored in a - database. LDAP does not have a particularly efficient mechanism for - storing records in the database, and it has no concept of transaction - processing nor of mechanisms for preserving data consistency. LDAP is - premised around the notion that the search and read activity far - outweigh any need to add, delete, or modify records. LDAP does - provide a means for replication of the database so as to keep slave - servers up to date with a master. It also has built-in capability to - handle external references and deferral. - - - - - Local Master Browser - LMB - - The Local Master Browser maintains a list of all servers that have announced themselves - within a given workgroup or NT domain on a particular broadcast isolated subnet. - - - - - Media Access Control - MAC - - The hard-coded address of the physical layer device that is attached to the network. - All network interface controllers must have a hard-coded and unique MAC address. The - MAC address is 48 bits long. - - - - - NetBIOS Extended User Interface - NetBEUI - - Very simple network protocol invented by IBM and Microsoft. It is used to do NetBIOS - over ethernet with low overhead. NetBEUI is a non-routable protocol. - - - - - Network Address Translation - NAT - - Network address translation is a form of IP address masquerading. It ensures that internal - private (RFC1918) network addresses from packets inside the network are rewritten so - that TCP/IP packets that leave the server over a public connection are seen to come only - from the external network address. - - - - - Network Basic Input/Output System - NetBIOS - - NetBIOS is a simple application programming interface (API) invented in the 1980s - that allows programs to send data to certain network names. NetBIOS is always run over - another network protocol such as IPX/SPX, TCP/IP, or Logical Link Control (LLC). - NetBIOS run over LLC is best known as NetBEUI (The NetBIOS Extended User Interface - &smbmdash; a complete misnomer!). - - - - - NetBT - NBT - - Protocol for transporting NetBIOS frames over TCP/IP. Uses ports 137, 138, and 139. - NetBT is a fully routable protocol. - - - - - NT/LanManager Security Support Provider - NTLMSSP - - The NTLM Security Support Provider (NTLMSSP) service in Windows NT4/200x/XP is responsible for - handling all NTLM authentication requests. It is the front end for protocols such as SPNEGO, - Schannel, and other technologies. The generic protocol family supported by NTLMSSP is known as - GSSAPI, the Generic Security Service Application Program Interface specified in RFC2078. - - - - - Server Message Block - SMB - - SMB was the original name of the protocol spoken by Samba. It was invented in the 1980s - by IBM and adopted and extended further by Microsoft. Microsoft renamed the protocol to - CIFS during the Internet hype in the 1990s. - - - - - The Simple and Protected GSS-API Negotiation - SPNEGO - - The purpose of SPNEGO is to allow a client and server to negotiate a security mechanism for - authentication. The protocol is specified in RFC2478 and uses tokens as built via ASN.1 DER. - DER refers to Distinguished Encoding Rules. These are a set of common rules for creating - binary encodings in a platform-independent manner. Samba has support for SPNEGO. - - - - - The Official Samba-3 HOWTO and Reference Guide - TOSHARG - - This book makes repeated reference to The Official Samba-3 HOWTO and Reference Guide - by John H. Terpstra (Author) and Jelmer R. Vernooij (Author). This publication is available from - Amazon.com. Publisher: Prentice Hall PTR (October 2003), - ISBN: 0131453556. - - - - - User IDentifier - UID - - The UNIX system User Identifier; on older systems, a 32-bit unsigned integer, and on newer systems, - an unsigned 64-bit integer. The UID is used in UNIX-like operating systems for all user level access - control. - - - - - Universal Naming Convention - UNC - A syntax for specifying the location of network resources (such as file shares). - The UNC syntax was developed in the early days of MS DOS 3.x and is used internally by the SMB protocol. - - - - diff --git a/docs/Samba-Guide/index.xml b/docs/Samba-Guide/index.xml index a0b0a41070..78d032fdb8 100644 --- a/docs/Samba-Guide/index.xml +++ b/docs/Samba-Guide/index.xml @@ -14,10 +14,10 @@ - - - - + + + + @@ -113,6 +113,6 @@ play in a Windows networking world. - + diff --git a/docs/Samba-Guide/inside-cover.xml b/docs/Samba-Guide/inside-cover.xml deleted file mode 100644 index b55a333f9e..0000000000 --- a/docs/Samba-Guide/inside-cover.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - -About the Cover Artwork - - - The cover artwork of this book continues a theme chosen for the book, - The Official Samba-3 HOWTO and Reference Guide, - the cover of which features a Confederate scene. Samba has had a major - impact on the network deployment of Microsoft Windows desktop systems. - The cover artwork of the two official Samba books tells of events that - likewise had a major impact on the future. - - - - Samba-3 by Example Cover Artwork: King Alfred the Great - (born 849, ruled 871-899) was one of the most amazing kings ever to - rule England. He defended Anglo-Saxon England from Viking raids, formulated - a code of laws, and fostered a rebirth of religious and scholarly activity. - His reign exhibits military skill and innovation, sound governance and the - ability to inspire men to plan for the future. Alfred liberated England - at a time when all resistence seemed futile. - - - - Samba is a network interoperability solution that provides real choice for network - administrators. It is an adjunct to Microsoft Windows networks that provides - interoperability of UNIX systems with Microsoft Windows desktop and server systems. - You may use Samba to realize the freedom it provides for your network environment - thanks to a dedicated team who work behind the scenes to give you a better choice. - The efforts of these few dedicated developers continues to shape the future of - the Windows interoperability landscape. Enjoy! - - - diff --git a/docs/Samba-Guide/preface.xml b/docs/Samba-Guide/preface.xml deleted file mode 100644 index 5bde840dc8..0000000000 --- a/docs/Samba-Guide/preface.xml +++ /dev/null @@ -1,567 +0,0 @@ - - - - Preface - - - Network administrators live busy lives. We face distractions and pressures - that drive us to seek proven, working case scenarios that can be easily - implemented. Often this approach lands us in trouble. There is a - saying that, geometrically speaking, the shortest distance between two - points is a straight line, but practically we find that the quickest - route to a stable network solution is the long way around. - - - - This book is your means to the straight path. It provides step-by-step, - proven, working examples of Samba deployments. If you want to deploy - Samba-3 with the least effort, or if you want to become an expert at deploying - Samba-3 without having to search through lots of documentation, this - book is the ticket to your destination. - - - - Samba is software that can be run on a platform other than Microsoft Windows, - for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. - Samba uses the TCP/IP protocol that is installed on the host server. When - correctly configured, it allows that host to interact with a Microsoft Windows - client or server as if it is a Windows file and print server. This book - will help you to implement Windows-compatible file and print services. - - - - The examples presented in this book are typical of various businesses and - reflect the problems and challenges they face. Care has been taken to preserve - attitudes, perceptions, practices, and demands from real network case studies. - The maximum benefit may be obtained from this book by working carefully through - each exercise. You may be in a hurry to satisfy a specific need, so feel - free to locate the example that most closely matches your need, copy it, and - innovate as much as you like. Above all, enjoy the process of learning the - secrets of MS Windows networking that is truly liberated by Samba. - - - - The focus of attention in this book is Samba-3. Specific notes are made in - respect of how Samba may be made secure. This book does not attempt to provide - detailed information regarding secure operation and configuration of peripheral - services and applications such as OpenLDAP, DNS and DHCP, the need for which - can be met from other resources that are dedicated to the subject. - - - - Why Is This Book Necessary? - - - This book is the result of observations and feedback. The feedback from - the Samba-HOWTO-Collection has been positive and complimentary. There - have been requests for far more worked examples, a - Samba Cookbook, and for training materials to - help kick-start the process of mastering Samba. - - - - The Samba mailing list's users have asked for sample configuration files - that work. It is natural to question one's own ability to correctly - configure a complex tool such as Samba until a minimum necessary - knowledge level has been attained. - - - - The Samba-HOWTO-Collection, as do The Official Samba-3 HOWTO and - Reference Guide, document Samba features and functionality in - a topical context. This book takes a completely different approach. It - walks through Samba network configurations that are working within particular - environmental contexts, providing documented step-by-step implementations. - All example case configuration files, scripts, and other tools are provided - on the CD-ROM. This book is descriptive, provides detailed diagrams, and - makes deployment of Samba-3 a breeze. - - - - Samba 3.0.15 Update Edition - - - The Samba 3.0.x series has been remarkably popular. At the time this book first - went to print samba-3.0.2 was being released. There have been significant modifications - and enhancements between samba-3.0.2 and samba-3.0.11 (the current release) that - necessitate this documentation update. This update has the specific intent to - refocus this book so that its guidance can be followed for samba-3.0.12 - and beyond. Further changes are expected as Samba-3 matures further and will - be reflected in future updates. - - - - The changes shown in are incorporated in this update: - - - - Samba Changes &smbmdash; 3.0.2 to 3.0.15 - - - - - - - - New Feature - - - - - Description - - - - - - - - - Winbind Case Handling - - - - - User and group names returned by winbindd are now converted to lower case - for better consistency. Samba implementations that depend on the case of information returned - by winbind (such as %u and %U) must now convert the dependency to expecting lower case values. - This affects mail spool files, home directories, valid user lines in the &smb.conf; file, etc. - - - - - - - Schema Changes - - - - - Addition of code to handle password aging, password uniqueness controls, bad - password instances at logon time, have made necessary extensions to the SambaSAM - schema. This change affects all sites that use LDAP and means that the directory - schema must be updated. - - - - - - - Username Map Handling - - - - - Samba-3.0.8 redefined the behavior: Local authentication results in a username map file - lookup before authenticating the connection. All authentication via an external domain - controller will result in the use of the fully qualified name (i.e.: DOMAIN\username) - after the user has been successfully authenticated. - - - - - - - UNIX extension handling - - - - - Symbolicly linked files and directories on the UNIX host to absolute paths will - now be followed. This can be turned off using wide links = No in - the share stanza in the &smb.conf; file. Turning off wide links - support will degrade server performance because each path must be checked. - - - - - - - Privileges Support - - - - - Versions of Samba prior to samba-3.0.11 required the use of the UNIX root - account from network Windows clients. The new enable privileges = Yes capability - means that functions such as adding machines to the domain, managing printers, etc. can now - be delegated to normal user accounts or to groups of users. - - - - - -
-
- -
- - - Prerequisites - - - This book is not a tutorial on UNIX or Linux administration. UNIX and Linux - training is best obtained from books dedicated to the subject. This book - assumes that you have at least the basic skill necessary to use these operating - systems, and that you can use a basic system editor to edit and configure files. - It has been written with the assumption that you have experience with Samba, - have read The Official Samba-3 HOWTO and Reference Guide and - the Samba-HOWTO-Collection, or that you have familiarity with Microsoft Windows. - - - - If you do not have this experience, you can follow the examples in this book but may - find yourself at times intimidated by assumptions made. In this situation, you - may need to refer to administrative guides or manuals for your operating system - platform to find what is the best method to achieve what the text of this book describes. - - - - - - Approach - - - The first chapter deals with some rather thorny network analysis issues. Do not be - put off by this. The information you glean, even without a detailed understanding - of network protocol analysis, can help you understand how Windows networking functions. - - - - Each following chapter of this book opens with the description of a networking solution - sought by a hypothetical site. Bob Jordan is a hypothetical decision maker - for an imaginary company, Abmas Biz NL. We will use the - non-existent domain name abmas.biz. All facts - presented regarding this company are fictitious and have been drawn from a variety of real - business scenarios over many years. Not one of these reveal the identify of the - real-world company from which the scenario originated. - - - - In any case, Mr. Jordan likes to give all his staff nasty little assignments. - Stanley Saroka is one of his proteges; Christine Roberson is the network administrator - Bob trusts. Jordan is inclined to treat other departments well because they finance - Abmas IT operations. - - - - Each chapter presents a summary of the network solution we have chosen to - demonstrate together with a rationale to help you to understand the - thought process that drove that solution. The chapter then documents in precise - detail all configuration files and steps that must be taken to implement the - example solution. Anyone wishing to gain serious value from this book will - do well to take note of the implications of points made, so watch out for the - this means that notations. - - - - Each chapter has a set of questions and answers to help you to - to understand and digest key attributes of the solutions presented. - - - - - - Summary of Topics - - - The contents of this second edition of Samba-3 by Example - have been rearranged based on feedback from purchasers of the first edition. - - - - Clearly the first edition contained most of what was needed and that was missing - from other books that cover this difficult subject. The new arrangement adds - additional material to meet consumer requests and includeis changes that originated - as suggestions for improvement. - - - - Chapter 1 now dives directly into the heart of the implementation of Windows - file and print server networks that use Samba at the heart. - - - - - Chapter 1 &smbmdash; No Frills Samba Servers - - Here you design a solution for three different business scenarios, each for a - company called Abmas. There are two simple networking problems and one slightly - more complex networking challenge. In the first two cases, Abmas has a small - simple office, and they want to replace a Windows 9x peer-to-peer network. The - third example business uses Windows 2000 Professional. This must be simple, - so let's see how far we can get. If successful, Abmas grows quickly and - soon needs to replace all servers and workstations. - - - TechInfo &smbmdash; This chapter demands: - - Case 1: The simplest &smb.conf; file that may - reasonably be used. Works with Samba-2.x also. This - configuration uses Share Mode security. Encrypted - passwords are not used, so there is no - smbpasswd file. - - - Case 2: Another simple &smb.conf; file that adds - WINS support and printing support. This case deals with - a special requirement that demonstrates how to deal with - purpose-built software that has a particular requirement - for certain share names and printing demands. This - configuration uses Share Mode security and also works with - Samba-2.x. Encrypted passwords are not used, so there is no - smbpasswd file. - - - Case 3: This &smb.conf; configuration uses User Mode - security. The file share configuration demonstrates - the ability to provide master access to an administrator - while restricting all staff to their own work areas. - Encrypted passwords are used, so there is an implicit - smbpasswd file. - - - - - - - - Chapter 2 &smbmdash; Small Office Networking - - Abmas is a successful company now. They have 50 network users - and want a little more varoom from the network. This is a typical - small office and they want better systems to help them to grow. This is - your chance to really give advanced users a bit more functionality and usefulness. - - - TechInfo &smbmdash; This &smb.conf; file - makes use of encrypted passwords, so there is an smbpasswd - file. It also demonstrates use of the valid users and - valid groups to restrict share access. The Windows - clients access the server as Domain members. Mobile users log onto - the Domain while in the office, but use a local machine account while on the - road. The result is an environment that answers mobile computing user needs. - - - - - - Chapter 3 &smbmdash; Secure Office Networking - - Abmas is growing rapidly now. Money is a little tight, but with 130 - network users, security has become a concern. They have many new machines - to install and the old equipment will be retired. This time they want the - new network to scale and grow for at least two years. Start with a sufficient - system and allow room for growth. You are now implementing an Internet - connection and have a few reservations about user expectations. - - - TechInfo &smbmdash; This &smb.conf; file - makes use of encrypted passwords, and you can use a tdbsam - password backend. Domain logons are introduced. Applications are served from the central - server. Roaming profiles are mandated. Access to the server is tightened up - so that only domain members can access server resources. Mobile computing - needs still are catered to. - - - - - - Chapter 4 &smbmdash; The 500 User Office - - The two-year projections were met. Congratulations, you are a star. - Now Abmas needs to replace the network. Into the existing user base, they - need to merge a 280-user company they just acquired. It is time to build a serious - network. There are now three buildings on one campus and your assignment is - to keep everyone working while a new network is rolled out. Oh, isn't it nice - to roll out brand new clients and servers! Money is no longer tight, you get - to buy and install what you ask for. You will install routers and a firewall. - This is exciting! - - - TechInfo &smbmdash; This &smb.conf; file - makes use of encrypted passwords, and a tdbsam - password backend is used. You are not ready to launch into LDAP yet, so you - accept the limitation of having one central Domain Controller with a Domain - Member server in two buildings on your campus. A number of clever techniques - are used to demonstrate some of the smart options built into Samba. - - - - - - Chapter 5 &smbmdash; Making Users Happy - - Congratulations again. Abmas is happy with your services and you have been given another raise. - Your users are becoming much more capable and are complaining about little - things that need to be fixed. Are you up to the task? Mary says it takes her 20 minutes - to log onto the network and it is killing her productivity. Email is a bit - unreliable &smbmdash; have you been sleeping on the job? We do not discuss the - technology of email but when the use of mail clients breaks because of networking - problems, you had better get on top of it. It's time for a change. - - - TechInfo &smbmdash; This &smb.conf; file - makes use of encrypted passwords; a distributed ldapsam - password backend is used. Roaming profiles are enabled. Desktop profile controls - are introduced. Check out the techniques that can improve the user experience - of network performance. As a special bonus, this chapter documents how to configure - smart downloading of printer drivers for drag-and-drop printing support. And, yes, - the secret of configuring CUPS is clearly documented. Go for it; this one will - tease you, too. - - - - - - Chapter 6 &smbmdash; A Distributed 2000-User Network - - Only eight months have passed, and Abmas has acquired another company. You now need to expand - the network further. You have to deal with a network that spans several countries. - There are three new networks in addition to the original three buildings at the head-office - campus. The head office is in New York and you have branch offices in Washington, Los Angeles, and - London. Your desktop standard is Windows XP Professional. In many ways, everything has changed - and yet it must remain the same. Your team is primed for another roll-out. You know there are - further challenges ahead. - - - TechInfo &smbmdash; Slave LDAP servers are introduced. Samba is - configured to use multiple LDAP backends. This is a brief chapter; it assumes that the - technology has been mastered and gets right down to concepts and how to deploy them. - - - - - - Chapter 7 &smbmdash; Migrating NT4 Domain to Samba-3 - - Another six months have - passed. Abmas has acquired yet another company. You will find a - way to migrate all users off the old network onto the existing network without loss - of passwords and will effect the change-over during one weekend. May the force (and caffeine) be with - you, may you keep your back to the wind and may the sun shine on your face. - - - TechInfo &smbmdash; This chapter demonstrates the use of - the net rpc migrate facility using an LDAP ldapsam backend, and also - using a tdbsam passdb backend. Both are much-asked-for examples of NT4 Domain migration. - - - - - - Chapter 8 &smbmdash; Migrating NetWare 4.11 Server to Samba - - Misty Stanley-Jones has contributed information that summarizes her experience at migration - from a NetWare server to Samba-3. - - - TechInfo &smbmdash; The documentation provided demonstrates - how one site miigrated from NetWare to Samba. Some alternatives tools are mentioned. These - could be used to provide another pathway to a successful migration. - - - - - - Chapter 9 &smbmdash; Adding UNIX/Linux Servers and Clients - - Well done, Bob, your team has achieved much. Now help Abmas integrate the entire network. - You want central control and central support and you need to cut costs. How can you reduce administrative - overheads and yet get better control of the network? - - - - This chapter has been contributed by Mark Taylor mark.taylor@siriusit.co.uk - and is based on a live site. For further information regarding this example case, - please contact Mark directly. - - - TechInfo &smbmdash; It is time to consider how to add Samba servers - and UNIX and Linux network clients. Users who convert to Linux want to be able to log on - using Windows network accounts. You explore nss_ldap, pam_ldap, winbind, and a few neat - techniques for taking control. Are you ready for this? - - - - - - Chapter 10 &smbmdash; Active Directory, Kerberos and Security - - Abmas has acquired another company that has just migrated to running Windows Server 2003 and - Active Directory. One of your staff makes offhand comments that land you in hot water. - A network security auditor is hired by the head of the new business and files a damning - report, and you must address the defects reported. You have hired new - network engineers who want to replace Microsoft Active Directory with a pure Kerberos - solution. How will you handle this? - - - TechInfo &smbmdash; This chapter is your answer. Learn about - share access controls, proper use of UNIX/Linux file system access controls, and Windows - 200x Access Control Lists. Follow these steps to beat the critics. - - - - - - Chapter 11 &smbmdash; Integrating Additional Services - - The battle is almost over, Samba-3 has won the day. Your team are delighted and now you - find yourself at yet another cross-roads. Abmas have acquired a snack food business, you - made promises you must keep. IT costs must be reduced, you have new resistance, but you - will win again. This time you choose to install the Squid proxy server to validate the - fact that Samba is far more than just a file and print server. SPNEGO authentication - support means that your Microsoft Windows clients gain transparent proxy access. - - - TechInfo &smbmdash; Samba provides the ntlm_auth - module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web - and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated - access control using the Active Directory Domain user security credentials. - - - - - - Chapter 12 &smbmdash; Performance, Reliability and Availability - - Bob, are you sure the new Samba server is up to the load? Your network is serving many - users who risk becoming unproductive. What can you do to keep ahead of demand? Can you - keep the cost under control also? What can go wrong? - - - TechInfo &smbmdash; Hot tips that put chili into your - network. Avoid name resolution problems, identify potential causes of network collisions, - avoid Samba configuration options that will weigh the server down. MS distributed file - services to make your network fly and much more. This chapter contains a good deal of - Did I tell you about this...? type of hints to help keep your name on the top - performers list. - - - - - - Chapter 13 &smbmdash; Windows Networking Primer - - Here we cover practical exercises to help us to understand how MS Windows - network protocols function. A network protocol analyzer helps you to - appreciate the fact that Windows networking is highly dependent on broadcast - messaging. Additionally, you can look into network packets that a Windows - client sends to a network server to set up a network connection. On completion, - you should have a basic understanding of how network browsing functions and - have seen some of the information a Windows client sends to - a file and print server to create a connection over which file and print - operations may take place. - - - - - - - - - - - -
- -- cgit