[Samba] Suggestions please about what I need.
Steve Campbell
campbell at cnpapers.com
Mon May 12 11:52:29 MDT 2014
Thanks all for the ideas.
steve
On 5/12/2014 1:30 PM, Jack Downes wrote:
>
> On 05/12/14 09:29, Steve Campbell wrote:
>>
>> On 5/12/2014 11:03 AM, Jack Downes wrote:
>>>
>>> On 05/12/14 08:10, Steve Campbell wrote:
>>>>
>>>> On 5/12/2014 9:16 AM, Jack Downes wrote:
>>>>> One thing you could do is download the turnkeylinux version of
>>>>> samba - http://www.turnkeylinux.org/fileserver, and if you like
>>>>> it, duplicated it in Centos. They use Webmin for their user/group
>>>>> mgmt, and that's fine for smaller outfits, but if you are in a
>>>>> larger place, you likely have ADS there already, or might want to
>>>>> look at openldap, opends, whatever for convenient user management.
>>>>> Anyway, that little turnkey appliance is slick as can be, might
>>>>> just help you out - at least see how someone else did it, and you
>>>>> can have one right there next to you to compare contrast with how
>>>>> your setup is working/not.
>>>>>
>>>>> Jack
>>>>>
>>>>> On 05/12/14 06:33, Steve Campbell wrote:
>>>>>> I hate to use that "noob" word, but in this case I think it might
>>>>>> be proper.
>>>>>>
>>>>>> Our company is getting ready to get rid of Netware and start
>>>>>> using Samba. It will require that users log in and by doing so,
>>>>>> have a login script map drives to particular drive letters base
>>>>>> on either their user or group.
>>>>>>
>>>>>> I've been administering Centos servers for quite a while. I have
>>>>>> no problem with managing the Linux servers, but Samba appears to
>>>>>> be a completely unique subject on its own, much like Sendmail,
>>>>>> etc. I've read "Using Samba", and about anything else I can get
>>>>>> my hands on, including as much of the "Howto" matter on the Samba
>>>>>> site. I still have no idea how complex of a setup I need (AD or
>>>>>> not, things like that). I don't think we'll be doing things like
>>>>>> installing licensed software from the server, mostly just as I
>>>>>> stated above.
>>>>>>
>>>>>> For now, I'm fairly certain I'll use the Sernet installation.
>>>>>> I'll be retiring soon, and I want to make things as easy as
>>>>>> possible for whomever takes over. It'd be great if whatever I end
>>>>>> up with has some form of GUI for managing users, groups, and
>>>>>> shares, but not necessary. The person managing our Netware will
>>>>>> be the one assuming this Samba responsibilty. No Linux
>>>>>> experience, so the Gui would make it nice as they learn the ropes
>>>>>> of LInux.
>>>>>>
>>>>>> I'm looking for suggestions here for what level of installation I
>>>>>> need. I'm sure once I get something installed, I can determine if
>>>>>> it's the right way or not. Starting over is not off the table,
>>>>>> but it'd be nice to get a clue before starting. Seems the more I
>>>>>> read, the more confused I get. So much to Samba and the way it
>>>>>> can be set up. I'm not much of a Windows server admin, which is
>>>>>> perhaps the biggest problem.
>>>>>>
>>>>>> Thanks for any pointers.
>>>>>>
>>>>>> steve campbell
>>>>>>
>>>>>>
>>>>>
>>>> Thanks Jack.
>>>>
>>>> I use webmin for my server management for some tasks, so I
>>>> understand user/group management using webmin. Question now is -
>>>> what is a small outfit? I'm guessing we have about 200 users that
>>>> would need to mount from this server. The servers we'll be using
>>>> are pretty hefty, multiple CPUs/cores, tons or RAM, NICs all over
>>>> the place. It seems some flavors of configuration will handle both
>>>> Samba users and Linux users, while other flavors require individual
>>>> user management for each side.
>>>>
>>>> I meant to mention in the OP, redundancy is a must and possible
>>>> failover would be great. My take on this is that AD is like the
>>>> Cadillac of Samba, and anything less is like Chevy. We'll have two
>>>> servers for this, each a mirror of the other (meaning redundancy).
>>>> I'm not sure whether I need or must have LDAP, or will one of the
>>>> other password schemes suffice for this amount of users? I haven't
>>>> figured out whether I can do all of this with one server (AD/DC) or
>>>> whether I need two (AD->DC).
>>>>
>>>> There's not a lot of Samba4 reference books out there. Sorry.
>>>>
>>>> steve
>>>>
>>>>
>>>
>>> Steve,
>>> From my point of view, you are mixing things. Samba is the file
>>> sharing service, ldap is the user control mechanism. However, that's
>>> why I asked about size. 200 people isn't that many, but then it's a
>>> lot to manage if you don't have tools in place for it.
>>>
>>> Do you have a central location for users/passwords to be
>>> authenticated? If so, you should try to integrate your Samba
>>> install against that method of authentication.
>>>
>>> So, two subjects: 1) How do you authenticate your users - do they
>>> all have local accounts on their personal machines, or do they have
>>> "Domain Logins" with something ? 2) How are you handling file share
>>> authentication? If you are using local users, are you going to
>>> replicate the users to your various Samba servers for each and every
>>> user that comes/goes?
>>>
>>> As for authentication - in a place of you size, I'd say you are
>>> ready to look at using something other than local accounts. You
>>> should focus in on getting your authentication system in place or
>>> ready to roll out with your Samba install. Keep an eye towards
>>> compatability with Samba if you choose this route. There are a few
>>> LDAP servers out there - being you are using red hat compatible
>>> software, you might look at the Fedora Directory Server - 389 or
>>> something it's called. The Apache project hosts the Apache
>>> Directory Studio which can really help administer LDAP servers - not
>>> just ApacheDS servers, but OpenLDAP, OpenDS, etc.
>>>
>>> Look, I'd like to be pretty clear on this point - LDAP is NOT
>>> required for Samba, however, once you get used to using it, you'll
>>> feel that it is a necessity.
>>>
>>>
>>> Getting to the point of either load balancing or failover - you've
>>> got several technologies to look at - a favorite of linux folks is
>>> DRBD - I've used it, it's pretty cool, but... I'm more a freebsd
>>> guy, so I've not used it for at least 3 years now. There are several
>>> methods in FreeBSD, but i'm not going to worry about that, you'll
>>> have a lot to get through as it is.
>>>
>>> Also, with regard to Samba, will you be centrally handling printing,
>>> or does everyone have a printer hanging off their machine, or are
>>> you using those big rigs that provide their own printserver per each
>>> printer?
>>>
>>> Order of things to determine
>>> Auth
>>> File/Printer sharing
>>> Load Balancing / Failover.
>>>
>>>
>>> You have a pretty large job ahead of you man! have a good time.
>>>
>>> Now... I've only setup Samba4 installs for kicks, not really done
>>> much with it. Most of what I've done has been with Samba3 - why I
>>> recommended turnkeylinux - it's Samba3 on that page. Now, someone
>>> with good Samba4 experience can probably tell you more/better stuff
>>> to worry about. I know for a fact Samba3 works fine with Win7,
>>> Vista, WinXP, Win2k3, Win2k, I think it worked fine for Win8 as
>>> well, but I don't really recall now.
>>>
>>> Anyway, I hope I've not wasted your time.
>>>
>>> Jack
>>>
>> Jack,
>>
>> Authentication? I was under the assumption that Samba gave me an
>> authentication method based on how it was installed/configured. For
>> now, with the Netware system, each user has their own login. Reading
>> the literature out there gave me the impression I could use passwd,
>> tdb, or ldap, and that samba used whatever I configured. Of course, I
>> would have to have the "method" installed like openldap, etc.
>> Somehow, authentication became part of authorization. I thought I
>> read where the samba install even provided a schema for ldap if I
>> chose to use it.
>>
>> Now I'm confused as to where the name of the login script to use
>> comes from.
>>
>> Big job ahead of me is an understatement.
>>
>> The person taking over administering this tells me print sharing is
>> not a situation we will use. File sharing is the main purpose of
>> this, and having login scripts for groups is his main worry.
>>
>> I've used DRBD before. Didn't like it (without real fencing).
>> Probably better when you have it. Heartbeat sounds OK, with a shared
>> virtual IP. But I'm wondering how much replication is built into
>> Samba4. I was hoping there was something like MySQL master/slave for
>> that. Again, reading indicates it's available for all but SysVol, so
>> I'm guessing that means file shares.
>>
>> Anyway, I appreciate you taking the time to respond. This might be a
>> try-it-and-see project and something I learn by mistake.
>>
>> steve
>>
>
> Yeah, you are correct - Samba can work with a multitude of auth
> mechanisms - some are so well integrated they make it feel like Samba
> is doing the authentication.
>
> There's been a few replies to you. I think there are excellent
> suggestions in them. So take what you've got and break into pieces.
> working Samba 4 isn't that hard to get up and running on it's own. A
> working ADS isn't too hard to get working on it's own. Tying them
> together really isn't too difficult either. It's trying to do them
> all at once that really gets people down the wrong rabbit hole in a
> hurry.... that was why i was saying to get your auth system in place
> first. A windows ADS is a fantastic setup, they work like a charm,
> are simple to administer, etc. I was suggesting openldap because I
> was unaware you had a Windows person in there as well.
>
> Anyway, have fun, you will find out that while it all sounds like a
> nightmare, it ends up just being legos - once you have the parts built
> they just link up with ease.
>
> Jack
More information about the samba
mailing list