[Samba] Suggestions please about what I need.

Steve Campbell campbell at cnpapers.com
Mon May 12 09:29:30 MDT 2014


On 5/12/2014 11:03 AM, Jack Downes wrote:
>
> On 05/12/14 08:10, Steve Campbell wrote:
>>
>> On 5/12/2014 9:16 AM, Jack Downes wrote:
>>> One thing you could do is download the turnkeylinux version of samba 
>>> - http://www.turnkeylinux.org/fileserver, and if you like it, 
>>> duplicated it in Centos. They use Webmin for their user/group mgmt, 
>>> and that's fine for smaller outfits, but if you are in a larger 
>>> place, you likely have ADS there already, or might want to look at 
>>> openldap, opends, whatever for convenient user management. Anyway, 
>>> that little turnkey appliance is slick as can be, might just help 
>>> you out - at least see how someone else did it, and you can have one 
>>> right there next to you to compare contrast with how your setup is 
>>> working/not.
>>>
>>> Jack
>>>
>>> On 05/12/14 06:33, Steve Campbell wrote:
>>>> I hate to use that "noob" word, but in this case I think it might 
>>>> be proper.
>>>>
>>>> Our company is getting ready to get rid of Netware and start using 
>>>> Samba. It will require that users log in and by doing so, have a 
>>>> login script map drives to particular drive letters base on either 
>>>> their user or group.
>>>>
>>>> I've been administering Centos servers for quite a while. I have no 
>>>> problem with managing the Linux servers, but Samba appears to be a 
>>>> completely unique subject on its own, much like Sendmail, etc. I've 
>>>> read "Using Samba", and about anything else I can get my hands on, 
>>>> including as much of the "Howto" matter on the Samba site. I still 
>>>> have no idea how complex of a setup I need (AD or not, things like 
>>>> that). I don't think we'll be doing things like installing licensed 
>>>> software from the server, mostly just as I stated above.
>>>>
>>>> For now, I'm fairly certain I'll use the Sernet installation. I'll 
>>>> be retiring soon, and I want to make things as easy as possible for 
>>>> whomever takes over. It'd be great if whatever I end up with has 
>>>> some form of GUI for managing users, groups, and shares, but not 
>>>> necessary. The person managing our Netware will be the one assuming 
>>>> this Samba responsibilty. No Linux experience, so the Gui would 
>>>> make it nice as they learn the ropes of LInux.
>>>>
>>>> I'm looking for suggestions here for what level of installation I 
>>>> need. I'm sure once I get something installed, I can determine if 
>>>> it's the right way or not. Starting over is not off the table, but 
>>>> it'd be nice to get a clue before starting. Seems the more I read, 
>>>> the more confused I get. So much to Samba and the way it can be set 
>>>> up. I'm not much of a Windows server admin, which is perhaps the 
>>>> biggest problem.
>>>>
>>>> Thanks for any pointers.
>>>>
>>>> steve campbell
>>>>
>>>>
>>>
>> Thanks Jack.
>>
>> I use webmin for my server management for some tasks, so I understand 
>> user/group management using webmin. Question now is - what is a small 
>> outfit? I'm guessing we have about 200 users that would need to mount 
>> from this server. The servers we'll be using are pretty hefty, 
>> multiple CPUs/cores, tons or RAM, NICs all over the place. It seems 
>> some flavors of configuration will handle both Samba users and Linux 
>> users, while other flavors require individual user management for 
>> each side.
>>
>> I meant to mention in the OP, redundancy is a must and possible 
>> failover would be great. My take on this is that AD is like the 
>> Cadillac of Samba, and anything less is like Chevy. We'll have two 
>> servers for this, each a mirror of the other (meaning redundancy). 
>> I'm not sure whether I need or must have LDAP, or will one of the 
>> other password schemes suffice for this amount of users? I haven't 
>> figured out whether I can do all of this with one server (AD/DC) or 
>> whether I need two (AD->DC).
>>
>> There's not a lot of Samba4 reference books out there. Sorry.
>>
>> steve
>>
>>
>
> Steve,
> From my point of view, you are mixing things.  Samba is the file 
> sharing service, ldap is the user control mechanism. However, that's 
> why I asked about size.  200 people isn't that many, but then it's a 
> lot to manage if you don't have tools in place for it.
>
> Do you have a central location for users/passwords to be 
> authenticated?  If so, you should try to integrate your Samba install 
> against that method of authentication.
>
> So, two subjects:  1) How do you authenticate your users - do they all 
> have local accounts on their personal machines, or do they have 
> "Domain Logins" with something ?  2) How are you handling file share 
> authentication?  If you are using local users, are you going to 
> replicate the users to your various Samba servers for each and every 
> user that comes/goes?
>
> As for authentication - in a place of you size, I'd say you are ready 
> to look at using something other than local accounts.  You should 
> focus in on getting your authentication system in place or ready to 
> roll out with your Samba install.  Keep an eye towards compatability 
> with Samba if you choose this route.  There are a few LDAP servers out 
> there - being you are using red hat compatible software, you might 
> look at the Fedora Directory Server - 389 or something it's called.  
> The Apache project hosts the Apache Directory Studio which can really 
> help administer LDAP servers - not just ApacheDS servers, but 
> OpenLDAP, OpenDS, etc.
>
> Look, I'd like to be pretty clear on this point - LDAP is NOT required 
> for Samba, however, once you get used to using it, you'll feel that it 
> is a necessity.
>
>
> Getting to the point of either load balancing or failover - you've got 
> several technologies to look at - a favorite of linux folks is DRBD - 
> I've used it, it's pretty cool, but... I'm more a freebsd guy, so I've 
> not used it for at least 3 years now.  There are several methods in 
> FreeBSD, but i'm not going to worry about that, you'll have a lot to 
> get through as it is.
>
> Also, with regard to Samba, will you be centrally handling printing, 
> or does everyone have a printer hanging off their machine, or are you 
> using those big rigs that provide their own printserver per each printer?
>
> Order of things to determine
> Auth
> File/Printer sharing
> Load Balancing / Failover.
>
>
> You have a pretty large job ahead of you man!  have a good time.
>
> Now... I've only setup Samba4 installs for kicks, not really done much 
> with it.  Most of what I've done has been with Samba3 - why I 
> recommended turnkeylinux - it's Samba3 on that page.  Now, someone 
> with good Samba4 experience can probably tell you more/better stuff to 
> worry about.  I know for a fact Samba3 works fine with Win7, Vista, 
> WinXP, Win2k3, Win2k, I think it worked fine for Win8 as well, but I 
> don't really recall now.
>
> Anyway, I hope I've not wasted your time.
>
> Jack
>
Jack,

Authentication? I was under the assumption that Samba gave me an 
authentication method based on how it was installed/configured. For now, 
with the Netware system, each user has their own login. Reading the 
literature out there gave me the impression I could use passwd, tdb, or 
ldap, and that samba used whatever I configured. Of course, I would have 
to have the "method" installed like openldap, etc. Somehow, 
authentication became part of authorization. I thought I read where the 
samba install even provided a schema for ldap if I chose to use it.

Now I'm confused as to where the name of the login script to use comes from.

Big job ahead of me is an understatement.

The person taking over administering this tells me print sharing is not 
a situation we will use. File sharing is the main purpose of this, and 
having login scripts for groups is his main worry.

I've used DRBD before. Didn't like it (without real fencing). Probably 
better when you have it. Heartbeat sounds OK, with a shared virtual IP. 
But I'm wondering how much replication is built into Samba4. I was 
hoping there was something like MySQL master/slave for that. Again, 
reading indicates it's available for all but SysVol, so I'm guessing 
that means file shares.

Anyway, I appreciate you taking the time to respond. This might be a 
try-it-and-see project and something I learn by mistake.

steve



More information about the samba mailing list