[Samba] Suggestions please about what I need.

Jack Downes jax at nwmt.us
Mon May 12 09:03:13 MDT 2014 

On 05/12/14 08:10, Steve Campbell wrote:
>
> On 5/12/2014 9:16 AM, Jack Downes wrote:
>> One thing you could do is download the turnkeylinux version of samba 
>> - http://www.turnkeylinux.org/fileserver, and if you like it, 
>> duplicated it in Centos. They use Webmin for their user/group mgmt, 
>> and that's fine for smaller outfits, but if you are in a larger 
>> place, you likely have ADS there already, or might want to look at 
>> openldap, opends, whatever for convenient user management. Anyway, 
>> that little turnkey appliance is slick as can be, might just help you 
>> out - at least see how someone else did it, and you can have one 
>> right there next to you to compare contrast with how your setup is 
>> working/not.
>>
>> Jack
>>
>> On 05/12/14 06:33, Steve Campbell wrote:
>>> I hate to use that "noob" word, but in this case I think it might be 
>>> proper.
>>>
>>> Our company is getting ready to get rid of Netware and start using 
>>> Samba. It will require that users log in and by doing so, have a 
>>> login script map drives to particular drive letters base on either 
>>> their user or group.
>>>
>>> I've been administering Centos servers for quite a while. I have no 
>>> problem with managing the Linux servers, but Samba appears to be a 
>>> completely unique subject on its own, much like Sendmail, etc. I've 
>>> read "Using Samba", and about anything else I can get my hands on, 
>>> including as much of the "Howto" matter on the Samba site. I still 
>>> have no idea how complex of a setup I need (AD or not, things like 
>>> that). I don't think we'll be doing things like installing licensed 
>>> software from the server, mostly just as I stated above.
>>>
>>> For now, I'm fairly certain I'll use the Sernet installation. I'll 
>>> be retiring soon, and I want to make things as easy as possible for 
>>> whomever takes over. It'd be great if whatever I end up with has 
>>> some form of GUI for managing users, groups, and shares, but not 
>>> necessary. The person managing our Netware will be the one assuming 
>>> this Samba responsibilty. No Linux experience, so the Gui would make 
>>> it nice as they learn the ropes of LInux.
>>>
>>> I'm looking for suggestions here for what level of installation I 
>>> need. I'm sure once I get something installed, I can determine if 
>>> it's the right way or not. Starting over is not off the table, but 
>>> it'd be nice to get a clue before starting. Seems the more I read, 
>>> the more confused I get. So much to Samba and the way it can be set 
>>> up. I'm not much of a Windows server admin, which is perhaps the 
>>> biggest problem.
>>>
>>> Thanks for any pointers.
>>>
>>> steve campbell
>>>
>>>
>>
> Thanks Jack.
>
> I use webmin for my server management for some tasks, so I understand 
> user/group management using webmin. Question now is - what is a small 
> outfit? I'm guessing we have about 200 users that would need to mount 
> from this server. The servers we'll be using are pretty hefty, 
> multiple CPUs/cores, tons or RAM, NICs all over the place. It seems 
> some flavors of configuration will handle both Samba users and Linux 
> users, while other flavors require individual user management for each 
> side.
>
> I meant to mention in the OP, redundancy is a must and possible 
> failover would be great. My take on this is that AD is like the 
> Cadillac of Samba, and anything less is like Chevy. We'll have two 
> servers for this, each a mirror of the other (meaning redundancy). I'm 
> not sure whether I need or must have LDAP, or will one of the other 
> password schemes suffice for this amount of users? I haven't figured 
> out whether I can do all of this with one server (AD/DC) or whether I 
> need two (AD->DC).
>
> There's not a lot of Samba4 reference books out there. Sorry.
>
> steve
>
>

Steve,
 From my point of view, you are mixing things.  Samba is the file 
sharing service, ldap is the user control mechanism. However, that's why 
I asked about size.  200 people isn't that many, but then it's a lot to 
manage if you don't have tools in place for it.

Do you have a central location for users/passwords to be authenticated?  
If so, you should try to integrate your Samba install against that 
method of authentication.

So, two subjects:  1) How do you authenticate your users - do they all 
have local accounts on their personal machines, or do they have "Domain 
Logins" with something ?  2) How are you handling file share 
authentication?  If you are using local users, are you going to 
replicate the users to your various Samba servers for each and every 
user that comes/goes?

As for authentication - in a place of you size, I'd say you are ready to 
look at using something other than local accounts.  You should focus in 
on getting your authentication system in place or ready to roll out with 
your Samba install.  Keep an eye towards compatability with Samba if you 
choose this route.  There are a few LDAP servers out there - being you 
are using red hat compatible software, you might look at the Fedora 
Directory Server - 389 or something it's called.  The Apache project 
hosts the Apache Directory Studio which can really help administer LDAP 
servers - not just ApacheDS servers, but OpenLDAP, OpenDS, etc.

Look, I'd like to be pretty clear on this point - LDAP is NOT required 
for Samba, however, once you get used to using it, you'll feel that it 
is a necessity.


Getting to the point of either load balancing or failover - you've got 
several technologies to look at - a favorite of linux folks is DRBD - 
I've used it, it's pretty cool, but... I'm more a freebsd guy, so I've 
not used it for at least 3 years now.  There are several methods in 
FreeBSD, but i'm not going to worry about that, you'll have a lot to get 
through as it is.

Also, with regard to Samba, will you be centrally handling printing, or 
does everyone have a printer hanging off their machine, or are you using 
those big rigs that provide their own printserver per each printer?

Order of things to determine
Auth
File/Printer sharing
Load Balancing / Failover.


You have a pretty large job ahead of you man!  have a good time.

Now... I've only setup Samba4 installs for kicks, not really done much 
with it.  Most of what I've done has been with Samba3 - why I 
recommended turnkeylinux - it's Samba3 on that page.  Now, someone with 
good Samba4 experience can probably tell you more/better stuff to worry 
about.  I know for a fact Samba3 works fine with Win7, Vista, WinXP, 
Win2k3, Win2k, I think it worked fine for Win8 as well, but I don't 
really recall now.

Anyway, I hope I've not wasted your time.

Jack

More information about the samba mailing list