Progress report

Dan Kaminsky effugas at best.com
Fri Feb 26 22:54:35 GMT 1999


----- Original Message -----
From: Benjamin Kuit <bj at mcs.uts.edu.au>
To: Multiple recipients of list <samba-technical at samba.org>
Sent: Friday, February 26, 1999 9:53 AM
Subject: Progress report


>Hi guys, thanks for all the hard work on samba, its coming together
>with our settup here.

Thanks for your writeup.  A very interesting case study.  For those of us
looking at expanding the role Samba plays in our environments, you're a
precious glimpse of the future.

>I thought it would benifit myself and others if I gave a progress
>report on what we're doing here.

Yup.

>On yeah, that does mean that password changing works for us, thanks
>guys !!! ( referring to past posts of mine where we had problems due to
>byte-ordering differences ).

How is stability/reliability compared to the pre-existing NT solution?

>Using the Samba server as a WINS server for the maths NT workstations
>because they're on a different subnet, and suprisingly enough neither
>of the NT groups ( ie either from maths or comp-sci. ) used or really
>understood WINS. The NT's here in comp-sci dont really need to use the
>wins server, but I'll tell our NT people to use it anyway, if for
>nothing else, the satisfaction of telling them what to do.

Don't feel bad about that.  Half the policies at our school are based on
this very theorem.

>To get around this, I've configured a 'default' logon path and logon
>script values, then afterwards have an 'include = <path>/%m', where
><path> is full of symlinks to a file with the alternative conf values
>of logon path and logon script.

I've found that the plain old substitution method breaks down when including
by machine, mainly because each new machine needs to have its own
smb.conf.%m file.  I decided just to avoid the entire scenario, because if
you have a separate file for each user on each computer, you're going to
have alot of files :-)

>Printers was refreshly simple. Both Schools have HP LaserJets as lab
>printers, both will be administrated with JetAdmin (downloaded from
>HP).  Printer Drivers were also downloaded from HP, thrown into a share
>and everything magically worked (our NT people were impressed).

DETAILS?  I have a HP Laserjet 5SiMX linked through scripts to
\\doxprint\local, but I can't tell people just to double click on that
printer, since the installation routine is insanely picky and demands to run
a funky installshield app that doesn't even seem to work completley right.

[Addendum:  Ooh!  Your config!  I'm installing it tonight!  O Joyous Day!]

I basically have users run \\doxprint\drivers\install.bat, which mounts
\\Doxprint\installer$ (I put a pre-exec logger onto the installer$ share :-)
and runs setup.exe off the drive.  This is due to the rather onerous demands
of the installer(no running off a UNC share, couple other annoyances).
Users then have to remember to type in \\doxprint\local.

(We're an understaffed campus.  My system is significantly safer to system
stability than the Novell system I interface into for Win clients...beyond
stability, logging into Novell or NT has the nasty habit of exposing one to
login scripts--very bad thing when the school doesn't own the hardware it's
creating the insecurity in :-)

>Another drawback is trying to convince the NT people that Samba is not
>a waste of time, mostly because they can't GUI tools like usrmgr like
>they used to, and nowdays if something doesn't work, its considered to
>be samba's fault, rather than a problem that already existed when
>everyone was using a NT PDC. In the end the decision towards Samba was
>decided by my boss, who made the decision mostly because he's a UNIX
>person and doesn't like NT much.

usrmgr and svrmgr will eventually work.

Technical superiority is, in the long term, a better method for getting
people to work with Samba.  Fiat works great in the short term, though :-)

>A major drawback is speed. The merger has created an smbpasswd file
>4000+ lines long, and with 124 unix groups it makes
>authentication/logon procedures happen at a bit slow side.

Problematic.

>I've been trying to implement a mysql database for passdb, but been
>running into problems. Samba suffers a SEGV when a mysql_connect call
>is made within check_oem_password, which happens to be the stuff that
>deals with changing passwords. It works fine in all other places that
>I've noticed.

This was worth you writing just to see Luke's drool spew onto his keyboard
when you wrote this :-)  Please submit the code.

>Anyway, that's my input. Again, thanks heaps =)
>
>Bj
>
>Here's my smb.conf
>
>[Global]
> debug level = 0
> log file = /opt/Samba/var/log.%m
>
> admin users = lab#admin!
>
> Comment = MCS Student NT Domain Controller
>
> workgroup = MCSLAB
>
> security = user
> encrypt passwords = yes
>
> domain logons = yes
> domain master = yes
> preferred master = yes
>
> logon script = scripts/%U.bat
> logon drive = X:
> logon home = \\marbles\%U
> logon path = \\marbles\Profile\socs
>
> # Different school points to \\marbles\Profile\maths
> # Changed in the included file
> include = /opt/Samba/lib/labs/%m
>
> domain group map = /opt/Samba/lib/domaingroup.map
> local group map = /opt/Samba/lib/localgroup.map
>
> # Experimental MySQL code, Blah
> # mysql host = lucy
> # mysql user = samba
> # mysql database = samba
> # mysql table = smbpasswd
> # mysql pass file = /opt/Samba/private/mysqlpass
>
> create mask = 0600
> directory mask = 0700
>
> # Alterative create and directory masks for a couple of people
> include = /opt/Samba/lib/%U.conf
>
> browseable = no
>  guest account = nobody
> public = no
>
> deadtime = 15
>
> socket options = TCP_NODELAY
>
> client code page = 437
>
> wins support = yes
>
> name resolve order = wins host lmhosts bcast
>
>[Homes]
> comment = Home Directories
> writeable = yes
> browseable = yes
>
>[Netlogon]
> comment = Netlogon
> path = /opt/Samba/shares/netlogon
> browseable = yes
> locking = no
>
>[Profile]
> comment = Profile shares
> path = /opt/Samba/shares/profiles
> write list = lab#admin!
>
>[Scripts]
> comment = Script Files
> path = /opt/Samba/shares/scripts
> browseable = yes
>
>[HP5SiMX]
> comment = Drivers for HP LaserJet 5Si/5Si MX PS
> path = /opt/Samba/shares/drivers/HP5SiMX
>
>[Laser 4.447]
> comment = Lab Printer
> path = /opt/Samba/spool
> printable = yes
> browseable = yes
> printer = lucy:ulp
> printer driver = HP LaserJet 5Si/5Si MX PS
> printer driver location = \\marbles\HP5SiMX
>
>[Laser 1.1618]
> copy = Laser 4.447
> printer = ziggy:ulp
>
>
>+-------------------------------+--------------------------------------+
>|      Benjamin (Bj) Kuit       |  Faculty Of Mathematical             |
>|      Systems Programmer       |          and Computing Sciences.     |
>|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
>|      Mobile: 0412 182 972     |  bj at mcs.uts.edu.au                   |
>+-------------------------------+--------------------------------------+
>



More information about the samba-technical mailing list