[Samba] Having Samba integrate/replace existing mixed Unix/Windows network

John H Terpstra jht at samba.org
Thu Nov 20 05:38:59 GMT 2003 

Fran,

Your thinking is spot-on! Please document this as you go. Make a case
study out of it that we can publish on Samba.Org. If you run into trouble
- contact me, I'll do my best to help.

Cheers,

John T.

On Wed, 19 Nov 2003, Fran Fabrizio wrote:

>
> I've recently inherited a two-headed monster of a network and would like to
> see what Samba can do for me to help clean up the situation.  Due to
> bias/preference of the past administrator, who favored Unix, when it came
> time to introduce Windows machines to our department, he basically built a
> parallel network (physically and logically), and let a graduate student
> manage the Windows network.  As a result, we now have a network consisting
> of two subnets, Windows and Unix.  Each subnet provides it's own file
> server, print server, DNS, DHCP, directory (NIS vs. Active Directory) and
> user accounts.  Unfortunately for us, this is a rather arbitrary division,
> as we often have users that dual-boot between the two sides and students
> that need to do work on both and I would prefer that the two networks be
> more integrated.
>
> I will be redesigning this network (both physically and logically) and I
> believe Samba can help me.  Some of the ways are clear, whereas some are
> much less clear.  Let me start with my design goals...
>
> 1.  Repartition the network based on functional needs, not OS choice.  Our
> context is a department at a university.  Instead of a Unix subnet and a
> Windows subnet, I would like a subnet for the undergraduate open labs, a
> subnet for research groups, a subnet for faculty workstations,
> etc....whatever services I provide need to play well in this multi-subnet
> environment.
> 2.  Consolidate file serving duties.  I would like for a user to see the
> same home directory whether booting into Linux, Solaris or Windows.  This
> will reduce the number of instances of users needing to move files between
> the two systems, as well as provide a single point as a target for backups.
> 3.  Consolidate user accounts.  I want one account for each user,
> period.  If I absolutely can't have this, I want to synchronize between the
> two so that it appears as one.  We eventually going to try to authenticate
> against the campus-wide LDAP service, and the fewer points of
> authentication I have within my department, the easier that will be.
> 4.  Consolidate DNS and DHCP.  Because we have two DHCPs, and because our
> firewall is set to pass all traffic between the two subnets, I actually
> have two network cables running to my laptop - I have to switch them when I
> switch OSes!  I am not 100% sure of the reason, the past admin simply said
> that's how it is, but I believe it's so I hit the "right" DHCP server
> first.  Obviously, that needs to go away.  Same with DNS - right now,
> adding a host means adding it to Active Directory, adding it to NIS, and
> adding it to 3 /etc/hosts files.  This needs to be much cleaner.
> 5.  Consolidate print servers.
> 6.  Preserve as much of the functionality that Active Directory is
> currently providing.  This includes login scripts, roaming profiles, all
> the permissions management and authentication, serving a dfs, etc....I
> understand that Samba cannot be an Active Directory server, but I also
> understand that it can do a lot of the same things AD does.
>
> So, those are the highlights of my goals.  I see that it's very
> straightforward for Samba to do the file and print serving, but is this
> rock solid?  This will be the sole source of home dirs, I don't want the
> Windows clients flaking out on me.  I'm less sure about the
> authentication.  Right now, we use Active Directory on the Win side and NIS
> on the Unix side.  I believe one option is to keep the Active Directory for
> linux clients, and to use winbind to authenticate against that.  However, I
> would like to get rid of AD altogether if possible.  Is there a better
> model?  On the Unix side, NIS has to go.  Something like Kerberos or LDAP
> would be better but I want to make a choice that plays well with Samba and
> with the Windows clients as well.  I know that Kerberos is a good option
> for cross-platform single-point-of-authentication.  Perhaps LDAP.  Perhaps
> they work together?  What's the model I'm after and how does Samba fit
> in?  I'm not sure if Samba can help with the current DNS/DHCP woes or if
> that's simply a matter of setting up one on Linux and pointing everyone at
> it (not sure how good it is to have DHCP serving multiple subnets like I
> want, though...)  Thoughts?
>
> For the "big picture" is it possible for me to get rid of Active Directory
> for this network I have of Sun, Linux, NT, 2000, and XP machines and still
> have hopes of a reliable network?  If I need to keep an AD around for one
> of more of these services, how best to set it up to play with Samba?  Those
> are the kinds of questions I'm after.  I have read through the beginning of
> the O'Reilly Samba book and it appears that Samba is definitely the right
> track, but I'm hoping for a bit more of the specifics of the model I'm seeking.
>
> Thanks for your time and thoughts,
> Fran
>

-- 
John H Terpstra
Email: jht at samba.org
-------------- next part --------------
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list