From 603a3b924236bf52911a3291cfe12a107eb38fda Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sat, 14 Jun 2003 22:25:31 +0000 Subject: Adding missing docs to tree. These docs are needed for SWAT Support. Also, not everyone can build the docs so we do need to include them. (This used to be commit a1b6e7007b6257bc001e661c20fd20d4643b1eca) --- docs/htmldocs/StandAloneServer.html | 144 ++++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 docs/htmldocs/StandAloneServer.html (limited to 'docs/htmldocs/StandAloneServer.html') diff --git a/docs/htmldocs/StandAloneServer.html b/docs/htmldocs/StandAloneServer.html new file mode 100644 index 0000000000..02e112ac94 --- /dev/null +++ b/docs/htmldocs/StandAloneServer.html @@ -0,0 +1,144 @@ + +Chapter 8. Stand-Alone Servers
Chapter 8. Stand-Alone Servers
Prev Part II. Server Configuration Basics Next

Chapter 8. Stand-Alone Servers

John H. Terpstra

Samba Team

Table of Contents

Features and Benefits
Background
Example Configuration
Reference Documentation Server
Central Print Serving
Common Errors

+Stand-Alone servers are independant of Domain Controllers on the network. +They are NOT domain members and function more like workgroup servers. In many +cases a stand-alone server is configured with a minimum of security control +with the intent that all data served will be readilly accessible to all users. +

Features and Benefits

+Stand-Alone servers can be as secure or as insecure as needs dictate. They can +have simple or complex configurations. Above all, despite the hoopla about +Domain security they remain a very common installation. +

+If all that is needed is a server for read-only files, or for +printers alone, it may not make sense to affect a complex installation. +For example: A drafting office needs to store old drawings and reference +standards. No-one can write files to the server as it is legislatively +important that all documents remain unaltered. A share mode read-only stand-alone +server is an ideal solution. +

+Another situation that warrants simplicity is an office that has many printers +that are queued off a single central server. Everyone needs to be able to print +to the printers, there is no need to affect any access controls and no files will +be served from the print server. Again a share mode stand-alone server makes +a great solution. +

Background

+The term stand-alone server means that the server +will provide local authentication and access control for all resources +that are available from it. In general this means that there will be a +local user database. In more technical terms, it means that resources +on the machine will be made available in either SHARE mode or in +USER mode. +

+No special action is needed other than to create user accounts. Stand-alone +servers do NOT provide network logon services. This means that machines that +use this server do NOT perform a domain log onto it. Whatever logon facility +the workstations are subject to is independant of this machine. It is however +necessary to accomodate any network user so that the logon name they use will +be translated (mapped) locally on the stand-alone server to a locally known +user name. There are several ways this cane be done. +

+Samba tends to blur the distinction a little in respect of what is +a stand-alone server. This is because the authentication database may be +local or on a remote server, even if from the samba protocol perspective +the samba server is NOT a member of a domain security context. +

+Through the use of PAM (Pluggable Authentication Modules) and nsswitch +(the name service switcher) the source of authentication may reside on +another server. We would be inclined to call this the authentication server. +This means that the samba server may use the local Unix/Linux system password database +(/etc/passwd or /etc/shadow), may use a +local smbpasswd file, or may use +an LDAP back end, or even via PAM and Winbind another CIFS/SMB server +for authentication. +

Example Configuration

+The following examples are designed to inspire simplicity. It is too easy to +attempt a high level of creativity and to introduce too much complexity in +server and network design. +

Reference Documentation Server

+Configuration of a read-only data server that EVERYONE can access is very simple. +Here is the smb.conf file that will do this. Assume that all the reference documents +are stored in the directory /export, that the documents are owned by a user other than +nobody. No home directories are shared, that are no users in the /etc/passwd +Unix system database. This is a very simple system to administer. +

+	# Global parameters
+	[global]
+		workgroup = MYGROUP
+		netbios name = REFDOCS
+		security = SHARE
+		passdb backend = guest
+		wins server = 192.168.1.1
+
+	[data]
+		comment = Data
+		path = /export
+		guest only = Yes
+

+In the above example the machine name is set to REFDOCS, the workgroup is set to the name +of the local workgroup so that the machine will appear in with systems users are familiar +with. The only password backend required is the "guest" backend so as to allow default +unprivilidged account names to be used. Given that there is a WINS server on this network +we do use it. +

Central Print Serving

+Configuration of a simple print server is very simple if you have all the right tools +on your system. +

Assumptions:

  1. + The print server must require no administration +

  2. + The print spooling and processing system on our print server will be CUPS. + (Please refer to the chapter on printing for more information). +

  3. + All printers will that the print server will service will be network + printers. They will be correctly configured, by the administrator, + in the CUPS environment. +

  4. + All workstations will be installed using postscript drivers. The printer + of choice is the Apple Color LaserWriter. +

+In this example our print server will spool all incoming print jobs to +/var/spool/samba until the job is ready to be submitted by +samba to the CUPS print processor. Since all incoming connections will be as +the anonymous (guest) user two things will be required: +

Enablement for Anonymous Printing

  • + The Unix/Linux system must have a guest account. + The default for this is usually the account nobody. + To find the correct name to use for your version of Samba do the + following: + 
    +$ testparm -s -v | grep "guest account"
+
    + Then make sure that this account exists in your system password + database (/etc/passwd). +
  • + The directory into which Samba will spool the file must have write + access for the guest account. The following commands will ensure that + this directory is available for use: + 
    +root# mkdir /var/spool/samba
+root# chown nobody.nobody /var/spool/samba
+root# chmod a+rwt /var/spool/samba
+
    +
+
+	# Global parameters
+	[global]
+		workgroup = MYGROUP
+		netbios name = PTRSVR1
+		security = SHARE
+		passdb backend = guest
+		wins server = 192.168.1.1
+
+	[printers]
+		comment = All Printers
+		path = /var/spool/samba
+		printer admin = root
+		guest ok = Yes
+		printable = Yes
+		printing = cups
+		use client driver = Yes
+		browseable = No
+
+

Common Errors

+The greatest mistake so often made is to make a network configuration too complex. +It pays to use the simplest solution that will meet the needs of the moment. +

Prev Up Next
Chapter 7. Domain Membership Home Chapter 9. MS Windows Network Configuration Guide
-- cgit