[Samba] Having Samba integrate/replace existing mixed Unix/Windows network

Fran Fabrizio fran at cis.uab.edu
Thu Nov 20 04:56:22 GMT 2003 

I've recently inherited a two-headed monster of a network and would like to 
see what Samba can do for me to help clean up the situation.  Due to 
bias/preference of the past administrator, who favored Unix, when it came 
time to introduce Windows machines to our department, he basically built a 
parallel network (physically and logically), and let a graduate student 
manage the Windows network.  As a result, we now have a network consisting 
of two subnets, Windows and Unix.  Each subnet provides it's own file 
server, print server, DNS, DHCP, directory (NIS vs. Active Directory) and 
user accounts.  Unfortunately for us, this is a rather arbitrary division, 
as we often have users that dual-boot between the two sides and students 
that need to do work on both and I would prefer that the two networks be 
more integrated.

I will be redesigning this network (both physically and logically) and I 
believe Samba can help me.  Some of the ways are clear, whereas some are 
much less clear.  Let me start with my design goals...

1.  Repartition the network based on functional needs, not OS choice.  Our 
context is a department at a university.  Instead of a Unix subnet and a 
Windows subnet, I would like a subnet for the undergraduate open labs, a 
subnet for research groups, a subnet for faculty workstations, 
etc....whatever services I provide need to play well in this multi-subnet 
environment.
2.  Consolidate file serving duties.  I would like for a user to see the 
same home directory whether booting into Linux, Solaris or Windows.  This 
will reduce the number of instances of users needing to move files between 
the two systems, as well as provide a single point as a target for backups.
3.  Consolidate user accounts.  I want one account for each user, 
period.  If I absolutely can't have this, I want to synchronize between the 
two so that it appears as one.  We eventually going to try to authenticate 
against the campus-wide LDAP service, and the fewer points of 
authentication I have within my department, the easier that will be.
4.  Consolidate DNS and DHCP.  Because we have two DHCPs, and because our 
firewall is set to pass all traffic between the two subnets, I actually 
have two network cables running to my laptop - I have to switch them when I 
switch OSes!  I am not 100% sure of the reason, the past admin simply said 
that's how it is, but I believe it's so I hit the "right" DHCP server 
first.  Obviously, that needs to go away.  Same with DNS - right now, 
adding a host means adding it to Active Directory, adding it to NIS, and 
adding it to 3 /etc/hosts files.  This needs to be much cleaner.
5.  Consolidate print servers.
6.  Preserve as much of the functionality that Active Directory is 
currently providing.  This includes login scripts, roaming profiles, all 
the permissions management and authentication, serving a dfs, etc....I 
understand that Samba cannot be an Active Directory server, but I also 
understand that it can do a lot of the same things AD does.

So, those are the highlights of my goals.  I see that it's very 
straightforward for Samba to do the file and print serving, but is this 
rock solid?  This will be the sole source of home dirs, I don't want the 
Windows clients flaking out on me.  I'm less sure about the 
authentication.  Right now, we use Active Directory on the Win side and NIS 
on the Unix side.  I believe one option is to keep the Active Directory for 
linux clients, and to use winbind to authenticate against that.  However, I 
would like to get rid of AD altogether if possible.  Is there a better 
model?  On the Unix side, NIS has to go.  Something like Kerberos or LDAP 
would be better but I want to make a choice that plays well with Samba and 
with the Windows clients as well.  I know that Kerberos is a good option 
for cross-platform single-point-of-authentication.  Perhaps LDAP.  Perhaps 
they work together?  What's the model I'm after and how does Samba fit 
in?  I'm not sure if Samba can help with the current DNS/DHCP woes or if 
that's simply a matter of setting up one on Linux and pointing everyone at 
it (not sure how good it is to have DHCP serving multiple subnets like I 
want, though...)  Thoughts?

For the "big picture" is it possible for me to get rid of Active Directory 
for this network I have of Sun, Linux, NT, 2000, and XP machines and still 
have hopes of a reliable network?  If I need to keep an AD around for one 
of more of these services, how best to set it up to play with Samba?  Those 
are the kinds of questions I'm after.  I have read through the beginning of 
the O'Reilly Samba book and it appears that Samba is definitely the right 
track, but I'm hoping for a bit more of the specifics of the model I'm seeking.

Thanks for your time and thoughts,
Fran

More information about the samba mailing list