Progress report

Benjamin Kuit bj at mcs.uts.edu.au
Fri Feb 26 17:51:25 GMT 1999 

Hi guys, thanks for all the hard work on samba, its coming together
with our settup here.

I thought it would benifit myself and others if I gave a progress
report on what we're doing here.

Here's a bit of background on what we have here. I'm a (unix) systems
programmer for a newly formed support group for a university faculty.
I say newly formed because it is the result of a recent merger of the
individual support groups of the School of Comp. Sci and School of
Maths.

Email and Student account information are based on unix servers, with
UNIX and NT workstations available for student use. Maths have 100+ NT
workstations while Comp Sci has 60 NT and 60+ unix (mostly Solaris)
Workstations.

We're currently implementing samba as our unified PDC for NT. This runs
on a dedicated unix box running solaris 2.6. This is different to our
(NIS) password server, so we're (going to be) syncing unix passwords by
samba calling ssh, ie 'ssh -x <server> chpass <username> <pass>'.
Passwords will also be syncronised with pam_smb_password modules,
slightly altered by the one written by John Lane:

http://www.cse.msu.edu/~lanejohn/en/hacks/pam_smb_passwd-0.1.tar.gz

I couldn't get the one written by Luke compiled under Solaris as quick
as the one by John, so it was my first choice on which one to port.

On yeah, that does mean that password changing works for us, thanks
guys !!! ( referring to past posts of mine where we had problems due to
byte-ordering differences ).

Using the Samba server as a WINS server for the maths NT workstations
because they're on a different subnet, and suprisingly enough neither
of the NT groups ( ie either from maths or comp-sci. ) used or really
understood WINS. The NT's here in comp-sci dont really need to use the
wins server, but I'll tell our NT people to use it anyway, if for
nothing else, the satisfaction of telling them what to do.

Policies haven't been that much of a problem, basically any
ntconfig.pol file thrown in the netlogon share that was built from
within the Samba domain worked first try (barring policy tuning).

Profiles and logon batch files were more of a problem, because until
all the workstations are installed the same they are two very different
machines. On the Comp-Sci side they're using a batch script that makes
calls to 'shortcut.exe', found in the Resource Kit, to generate the
desktop shortcuts on the fly, while on the Maths side, they (well, he)
prefers the idea of having a large desktop and using a 'ridlinks'
program (he wrote it) to cull shortcuts if they're not pointing
anywhere useful.

To get around this, I've configured a 'default' logon path and logon
script values, then afterwards have an 'include = <path>/%m', where
<path> is full of symlinks to a file with the alternative conf values
of logon path and logon script.

Printers was refreshly simple. Both Schools have HP LaserJets as lab
printers, both will be administrated with JetAdmin (downloaded from
HP).  Printer Drivers were also downloaded from HP, thrown into a share
and everything magically worked (our NT people were impressed).

Another drawback is trying to convince the NT people that Samba is not
a waste of time, mostly because they can't GUI tools like usrmgr like
they used to, and nowdays if something doesn't work, its considered to
be samba's fault, rather than a problem that already existed when
everyone was using a NT PDC. In the end the decision towards Samba was
decided by my boss, who made the decision mostly because he's a UNIX
person and doesn't like NT much.

A major drawback is speed. The merger has created an smbpasswd file
4000+ lines long, and with 124 unix groups it makes
authentication/logon procedures happen at a bit slow side.

I've been trying to implement a mysql database for passdb, but been
running into problems. Samba suffers a SEGV when a mysql_connect call
is made within check_oem_password, which happens to be the stuff that
deals with changing passwords. It works fine in all other places that
I've noticed.

Anyway, that's my input. Again, thanks heaps =)

Bj

Here's my smb.conf

[Global]
	debug level = 0
	log file = /opt/Samba/var/log.%m

	admin users = lab#admin!

	Comment = MCS Student NT Domain Controller

	workgroup = MCSLAB

	security = user
	encrypt passwords = yes

	domain logons = yes
	domain master = yes
	preferred master = yes

	logon script = scripts/%U.bat
	logon drive = X:
	logon home = \\marbles\%U
	logon path = \\marbles\Profile\socs

	# Different school points to \\marbles\Profile\maths
	# Changed in the included file
	include = /opt/Samba/lib/labs/%m

	domain group map = /opt/Samba/lib/domaingroup.map
	local group map = /opt/Samba/lib/localgroup.map

	# Experimental MySQL code, Blah
	# mysql host = lucy
	# mysql user = samba
	# mysql database = samba
	# mysql table = smbpasswd
	# mysql pass file = /opt/Samba/private/mysqlpass

	create mask = 0600
	directory mask = 0700

	# Alterative create and directory masks for a couple of people
	include = /opt/Samba/lib/%U.conf

	browseable = no
 	guest account = nobody
	public = no

	deadtime = 15

	socket options = TCP_NODELAY

	client code page = 437

	wins support = yes

	name resolve order = wins host lmhosts bcast

[Homes]
	comment = Home Directories
	writeable = yes
	browseable = yes

[Netlogon]
	comment = Netlogon
	path = /opt/Samba/shares/netlogon
	browseable = yes
	locking = no

[Profile]
	comment = Profile shares
	path = /opt/Samba/shares/profiles
	write list = lab#admin!

[Scripts]
	comment = Script Files
	path = /opt/Samba/shares/scripts
	browseable = yes

[HP5SiMX]
	comment = Drivers for HP LaserJet 5Si/5Si MX PS
	path = /opt/Samba/shares/drivers/HP5SiMX

[Laser 4.447]
	comment = Lab Printer
	path = /opt/Samba/spool
	printable = yes
	browseable = yes
	printer = lucy:ulp
	printer driver = HP LaserJet 5Si/5Si MX PS
	printer driver location = \\marbles\HP5SiMX

[Laser 1.1618]
	copy = Laser 4.447
	printer = ziggy:ulp


+-------------------------------+--------------------------------------+
|      Benjamin (Bj) Kuit       |  Faculty Of Mathematical             |
|      Systems Programmer       |          and Computing Sciences.     |
|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
|      Mobile: 0412 182 972     |  bj at mcs.uts.edu.au                   |
+-------------------------------+--------------------------------------+

More information about the samba-technical mailing list