[Klug-general] Samba....

Peter Childs PChilds at bcs.org.uk
Fri Apr 29 18:52:18 UTC 2011 

On 29 April 2011 18:52, David Halliday <david.halliday at gmail.com> wrote:
> I did (a few years ago when still in Rochester) spend quite some time
> working with samba and authentication.
> I wanted to achieve a number of goals:
>
> Users access a FTP, SSH and other services on a Linux server using AD
> usernames/passwords.
> Users authenticate to Linux workstations using their AD credentials.
>
> Since I wanted to provide a number (and provide many more) services to users
> I found that the solution was to configure pam (which is one of the main
> central authentication engines) to allow authentication against the AD
> server. This might be overkill or it might prove to be the simple solution
> to all your problems, but once you get one service working through pam, you
> can have any other authenticating against the same method.
> My notes are here: http://david-halliday.co.uk/?Linux:AD_Authentication
> They are a little old but reference a more in depth guide. I recently helped
> implement a similar configuration (with in the past 6 months on a
> centos installation) at work and little had changed.
> The most important thing to check (and maintain) is that the Linux box and
> the Microsoft server that it is authenticating against have the same time.
> Where possible make them sync against the same server regularly (or
> one against the other) as the time being out (and it doesn't have to be
> much) can be a confusing hurdle.
>
> For anyone who is interested in playing with authentication pam is
> interesting as it is modular and you can fairly quickly build and implement
> your own methods including authentication against something like a MySQL
> server database if you particularly wanted.
>
> I have not used any of the purpose built NAS on a CD distros (but many look
> good).
> We use CentOS at work and they seem good, I have used Cent OS in other
> places too.  CentOS looked good a few years ago as Red Hat (from which its
> derived) was the "solid business choice" and many proprietary applications
> that were targeted at businesses were predominantly tested (and supported)
> on Red Hat, so having a Red Hat based distribution makes life easier there.
> I have wanted to use Debian in production servers but have always been out
> voted by people who have a red hat background.
> With the rise of Ubuntu and now Ubuntu Server... Things could shift in
> support/consensus.
>
>
> On 28 April 2011 12:38, Peter Childs <pchilds at bcs.org> wrote:
>>
>> Samba need good book, any ideas.....
>>
>> Peter.
>>
>> On 26 April 2011 20:07, Laurence Southon <laurence at southon.uk.net> wrote:
>> > On 26/04/11 18:27, Peter Childs wrote:
>> >> I've been asked to set up a File Server for a network of windows based
>> >> machines, So I'm guessing Samba here..... I guess I need to set up
>> >> Samba to run as a Windows PDC to sort out security and get all the
>> >> Windows XP Pro (I think thats what they have) to join the "Network"
>> >> Unless I can get the Samba server look like AD, but I'm not sure how
>> >> to go about this... They want passwords and some "Security" over the
>> >> files on the file server.....
>> >>
>> > You can have username:passwd security without a PDC, and unless the
>> > workstations definitely are XP Pro they won't be able to join a domain.
>> >
>> > It's a lot of work to set up the domain and then join each machine to
>> > it. Personally I would avoid it, and another downside is that by default
>> > Samba will use roaming profiles which will likely lead to trouble in the
>> > long run. You can disable that but it's yet another setting to get dead
>> > right.
>> >
>> >> While doing a bit of reading up on doing this I worked out it should
>> >> be possible to use Samba to do shared home directories on Linux and it
>> >> should work *better* than NFS.
>> >
>> > Yes, homes are easy to set up in Samba. Be careful where you place them,
>> > and consider user quotas to stop disc usage getting out of control.
>> >>
>> >> Also can I join the Wins bit of the SMB to my DNS and not have so much
>> >> duplication of service.
>> > Samba will become a WINS server, just put 'wins support = yes' in the
>> > [global] part of smb.conf. Job done.
>> >
>> > Samba is a leviathan, there are literally hundreds of possible settings,
>> > any of which can trip you up. Good place to start is the official
>> > documentation:
>> >
>> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
>> >
>> > Feel free to fire questions, but a couple of tips on things that are
>> > guaranteed to drive you up the wall at some point:
>> >
>> > You can grant whatever permissions you like in Samba, but if the
>> > appropriate Unix permissions are not in place, then they won't work, and
>> > you won't know why.
>> >
>> > Some config changes in Samba take effect straightaway, others require a
>> > Windows logon/logoff or even reboot to take effect, so always worth
>> > trying that before giving up.
>> >


Interesting. I'll have to do some playing, and see what I can get working.

I've used most of the building blocks before but not together....

More information about the Kent mailing list