Chapter 8. Stand-Alone Servers

Stand-Alone servers are independent of Domain Controllers on the network. They are NOT domain members and function more like workgroup servers. In many cases a stand-alone server is configured with a minimum of security control with the intent that all data served will be readily accessible to all users. -

Features and Benefits

Stand-Alone servers can be as secure or as insecure as needs dictate. They can have simple or complex configurations. Above all, despite the hoopla about Domain security they remain a very common installation. @@ -20,7 +20,7 @@ that are queued off a single central server. Everyone needs to be able to print to the printers, there is no need to affect any access controls and no files will be served from the print server. Again a share mode stand-alone server makes a great solution. -

Background

The term stand-alone server means that the server will provide local authentication and access control for all resources that are available from it. In general this means that there will be a @@ -42,50 +42,37 @@ local or on a remote server, even if from the Samba protocol perspective the Samba server is NOT a member of a domain security context.

Through the use of PAM (Pluggable Authentication Modules) and nsswitch -(the name service switcher) the source of authentication may reside on +(the name service switcher, which maintains the unix user database) the source of authentication may reside on another server. We would be inclined to call this the authentication server. -This means that the Samba server may use the local Unix/Linux system password database +This means that the Samba server may use the local UNIX/Linux system password database (/etc/passwd or /etc/shadow), may use a local smbpasswd file, or may use an LDAP back end, or even via PAM and Winbind another CIFS/SMB server for authentication. -

Example Configuration

The following examples are designed to inspire simplicity. It is too easy to attempt a high level of creativity and to introduce too much complexity in server and network design. -

Reference Documentation Server

Configuration of a read-only data server that EVERYONE can access is very simple. Here is the smb.conf file that will do this. Assume that all the reference documents are stored in the directory /export, that the documents are owned by a user other than nobody. No home directories are shared, that are no users in the /etc/passwd -Unix system database. This is a very simple system to administer. -

-	# Global parameters
-	[global]
-		workgroup = MYGROUP
-		netbios name = REFDOCS
-		security = SHARE
-		passdb backend = guest
-		wins server = 192.168.1.1
-
-	[data]
-		comment = Data
-		path = /export
-		guest only = Yes
-

+UNIX system database. This is a very simple system to administer. +

Example 8.1. smb.conf for Reference Documentation Server

# Global parameters

[global]

workgroup = MIDEARTH

netbios name = GANDALF

security = SHARE

passdb backend = guest

wins server = 192.168.1.1

[data]

comment = Data

path = /export

guest only = Yes

In the above example the machine name is set to REFDOCS, the workgroup is set to the name of the local workgroup so that the machine will appear in with systems users are familiar with. The only password backend required is the "guest" backend so as to allow default unprivileged account names to be used. Given that there is a WINS server on this network we do use it. -

Central Print Serving

Configuration of a simple print server is very simple if you have all the right tools on your system.

Assumptions:

The print server must require no administration
The print spooling and processing system on our print server will be CUPS. - (Please refer to the CUPS Printing chapter for more information). + (Please refer to the chapter about CUPS for more information).
All printers that the print server will service will be network printers. They will be correctly configured, by the administrator, @@ -99,45 +86,27 @@ In this example our print server will spool all incoming print jobs to Samba to the CUPS print processor. Since all incoming connections will be as the anonymous (guest) user, two things will be required:
Enabling Anonymous Printing
- - The Unix/Linux system must have a guest account. + The UNIX/Linux system must have a guest account. The default for this is usually the account nobody. To find the correct name to use for your version of Samba do the following: -
```
+
 $ testparm -s -v | grep "guest account"
-	

+
```
  Then make sure that this account exists in your system password database (/etc/passwd).
- The directory into which Samba will spool the file must have write access for the guest account. The following commands will ensure that this directory is available for use: -
```
+
 root# mkdir /var/spool/samba
 root# chown nobody.nobody /var/spool/samba
 root# chmod a+rwt /var/spool/samba
-	

-	
```
-
```
-	# Global parameters
-	[global]
-		workgroup = MYGROUP
-		netbios name = PTRSVR1
-		security = SHARE
-		passdb backend = guest
-		wins server = 192.168.1.1
-
-	[printers]
-		comment = All Printers
-		path = /var/spool/samba
-		printer admin = root
-		guest ok = Yes
-		printable = Yes
-		printing = cups
-		use client driver = Yes
-		browseable = No
 
```
-

Common Errors

Example 8.2. smb.conf for anonymous printing

# Global parameters

[global]

workgroup = MIDEARTH

netbios name = GANDALF

security = SHARE

passdb backend = guest

wins server = noldor

printing = cups

printcap name = cups

[printers]

comment = All Printers

path = /var/spool/samba

printer admin = root

guest ok = Yes

printable = Yes

use client driver = Yes

browseable = No

Common Errors

The greatest mistake so often made is to make a network configuration too complex. It pays to use the simplest solution that will meet the needs of the moment. -

Prev	Up	Next
Chapter 7. Domain Membership	Home	Chapter 9. MS Windows Network Configuration Guide