[Klug-general] Samba....

David Halliday david.halliday at gmail.com
Fri Apr 29 18:02:47 UTC 2011 

I did (a few years ago when still in Rochester) spend quite some time
working with samba and authentication.

I wanted to achieve a number of goals:

   1. Users access a FTP, SSH and other services on a Linux server using AD
   usernames/passwords.
   2. Users authenticate to Linux workstations using their AD credentials.

Since I wanted to provide a number (and provide many more) services to users
I found that the solution was to configure pam (which is one of the main
central authentication engines) to allow authentication against the AD
server. This might be overkill or it might prove to be the simple solution
to all your problems, but once you get one service working through pam, you
can have any other authenticating against the same method.

My notes are here: http://david-halliday.co.uk/?Linux:AD_Authentication
They are a little old but reference a more in depth guide. I recently helped
implement a similar configuration (with in the past 6 months on a
centos installation) at work and little had changed.

The most important thing to check (and maintain) is that the Linux box and
the Microsoft server that it is authenticating against have the same time.
Where possible make them sync against the same server regularly (or
one against the other) as the time being out (and it doesn't have to be
much) can be a confusing hurdle.


For anyone who is interested in playing with authentication pam is
interesting as it is modular and you can fairly quickly build and implement
your own methods including authentication against something like a MySQL
server database if you particularly wanted.


I have not used any of the purpose built NAS on a CD distros (but many look
good).

We use CentOS at work and they seem good, I have used Cent OS in other
places too.  CentOS looked good a few years ago as Red Hat (from which its
derived) was the "solid business choice" and many proprietary applications
that were targeted at businesses were predominantly tested (and supported)
on Red Hat, so having a Red Hat based distribution makes life easier there.
I have wanted to use Debian in production servers but have always been out
voted by people who have a red hat background.

With the rise of Ubuntu and now Ubuntu Server... Things could shift in
support/consensus.



On 28 April 2011 12:38, Peter Childs <pchilds at bcs.org> wrote:

> Samba need good book, any ideas.....
>
> Peter.
>
> On 26 April 2011 20:07, Laurence Southon <laurence at southon.uk.net> wrote:
> > On 26/04/11 18:27, Peter Childs wrote:
> >> I've been asked to set up a File Server for a network of windows based
> >> machines, So I'm guessing Samba here..... I guess I need to set up
> >> Samba to run as a Windows PDC to sort out security and get all the
> >> Windows XP Pro (I think thats what they have) to join the "Network"
> >> Unless I can get the Samba server look like AD, but I'm not sure how
> >> to go about this... They want passwords and some "Security" over the
> >> files on the file server.....
> >>
> > You can have username:passwd security without a PDC, and unless the
> > workstations definitely are XP Pro they won't be able to join a domain.
> >
> > It's a lot of work to set up the domain and then join each machine to
> > it. Personally I would avoid it, and another downside is that by default
> > Samba will use roaming profiles which will likely lead to trouble in the
> > long run. You can disable that but it's yet another setting to get dead
> > right.
> >
> >> While doing a bit of reading up on doing this I worked out it should
> >> be possible to use Samba to do shared home directories on Linux and it
> >> should work *better* than NFS.
> >
> > Yes, homes are easy to set up in Samba. Be careful where you place them,
> > and consider user quotas to stop disc usage getting out of control.
> >>
> >> Also can I join the Wins bit of the SMB to my DNS and not have so much
> >> duplication of service.
> > Samba will become a WINS server, just put 'wins support = yes' in the
> > [global] part of smb.conf. Job done.
> >
> > Samba is a leviathan, there are literally hundreds of possible settings,
> > any of which can trip you up. Good place to start is the official
> > documentation:
> >
> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
> >
> > Feel free to fire questions, but a couple of tips on things that are
> > guaranteed to drive you up the wall at some point:
> >
> > You can grant whatever permissions you like in Samba, but if the
> > appropriate Unix permissions are not in place, then they won't work, and
> > you won't know why.
> >
> > Some config changes in Samba take effect straightaway, others require a
> > Windows logon/logoff or even reboot to take effect, so always worth
> > trying that before giving up.
> >
> > Good luck!
> >
> > LS
> > --
> > Laurence Southon
> > Tiger Computing, Bexley
> > www.tiger-computing.co.uk
> >
> > _______________________________________________
> > Kent mailing list
> > Kent at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/kent
> >
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20110429/353998e9/attachment.htm>

More information about the Kent mailing list