[Klug-general] Samba....

Peter Childs pchilds at bcs.org
Thu May 5 05:38:16 UTC 2011


On 4 May 2011 19:31, nicolas diogo <nicolasdiogo at yahoo.co.uk> wrote:
> have you tried Zentyal for running a Samba/AD.
> i have used this for a couple of year and i can testify that it works fine.
>

Looks like just the right tool for the job.

Ubuntu Based, but tuned for a file server so its basically what I was
thinking of creating without having to do too much work my self. I'll
need to have a look, to see that they havn't done too much playing.

Peter.

> ________________________________
> From: Peter Childs <pchilds at bcs.org>
> To: Kent Linux User Group - General Topics <kent at mailman.lug.org.uk>
> Sent: Friday, 29 April 2011, 20:09
> Subject: Re: [Klug-general] Samba....
>
> On 29 April 2011 19:52, David Halliday <david.halliday at gmail.com> wrote:
>> Using my method you get pam to point to AD and let it manage everything
>> for
>> you. This results in the box acting like any other client machine on an AD
>> network but still providing all the functionality (services and
>> applications) of a Linux box.
>> Unless you need more domain servers to handle authentication requests then
>> I
>> wouldn't worry to implement that part of Samba.
>
> I don't disagree, The only reason for getting Samba to be do the
> authentication is if you don't have an AD but loads of Windows Clients
> who would like one.
>
> Peter
>
>> Some interesting reading for heterogeneous networking is this book
>> (published bu Oreilly) Linux in a Windows World:
>> Book page: http://oreilly.com/catalog/9780596007584
>> Commons (Free Online
>>
>> Reading): http://commons.oreilly.com/wiki/index.php/Linux_in_a_Windows_World
>> This book was a big launchpad for me in the Linux/MS world. Some of it is
>> out of date (but some reading of documentation can bring you back up to
>> speed) but it gives a good overview of things. I do have a print copy
>> somewhere but I can't seem to find it in my shelf at this moment in time.
>> If
>> you or anyone else is interested in (and will use) this book then I can
>> have
>> a hunt for it. Since it is only gathering dust I'm happy to give it to a
>> good home.
>>
>> On 29 April 2011 19:42, Peter Childs <PChilds at bcs.org.uk> wrote:
>>>
>>> On 29 April 2011 18:52, David Halliday <david.halliday at gmail.com> wrote:
>>> > I did (a few years ago when still in Rochester) spend quite some time
>>> > working with samba and authentication.
>>> > I wanted to achieve a number of goals:
>>> >
>>> > Users access a FTP, SSH and other services on a Linux server using AD
>>> > usernames/passwords.
>>> > Users authenticate to Linux workstations using their AD credentials.
>>> >
>>> > Since I wanted to provide a number (and provide many more) services to
>>> > users
>>> > I found that the solution was to configure pam (which is one of the
>>> > main
>>> > central authentication engines) to allow authentication against the AD
>>> > server. This might be overkill or it might prove to be the simple
>>> > solution
>>> > to all your problems, but once you get one service working through pam,
>>> > you
>>> > can have any other authenticating against the same method.
>>> > My notes are here: http://david-halliday.co.uk/?Linux:AD_Authentication
>>> > They are a little old but reference a more in depth guide. I recently
>>> > helped
>>> > implement a similar configuration (with in the past 6 months on a
>>> > centos installation) at work and little had changed.
>>> > The most important thing to check (and maintain) is that the Linux box
>>> > and
>>> > the Microsoft server that it is authenticating against have the same
>>> > time.
>>> > Where possible make them sync against the same server regularly (or
>>> > one against the other) as the time being out (and it doesn't have to be
>>> > much) can be a confusing hurdle.
>>> >
>>> > For anyone who is interested in playing with authentication pam is
>>> > interesting as it is modular and you can fairly quickly build and
>>> > implement
>>> > your own methods including authentication against something like a
>>> > MySQL
>>> > server database if you particularly wanted.
>>> >
>>> > I have not used any of the purpose built NAS on a CD distros (but many
>>> > look
>>> > good).
>>> > We use CentOS at work and they seem good, I have used Cent OS in other
>>> > places too.  CentOS looked good a few years ago as Red Hat (from which
>>> > its
>>> > derived) was the "solid business choice" and
>>> > many proprietary applications
>>> > that were targeted at businesses were predominantly tested (and
>>> > supported)
>>> > on Red Hat, so having a Red Hat based distribution makes life easier
>>> > there.
>>> > I have wanted to use Debian in production servers but have always been
>>> > out
>>> > voted by people who have a red hat background.
>>> > With the rise of Ubuntu and now Ubuntu Server... Things could shift in
>>> > support/consensus.
>>> >
>>> >
>>> > On 28 April 2011 12:38, Peter Childs <pchilds at bcs.org> wrote:
>>> >>
>>> >> Samba need good book, any ideas.....
>>> >>
>>> >> Peter.
>>> >>
>>> >> On 26 April 2011 20:07, Laurence Southon <laurence at southon.uk.net>
>>> >> wrote:
>>> >> > On 26/04/11 18:27, Peter Childs wrote:
>>> >> >> I've been asked to set up a File Server for a network of windows
>>> >> >> based
>>> >> >> machines, So I'm guessing Samba here..... I guess I need to set up
>>> >> >> Samba to run as a Windows PDC to sort out security and get all the
>>> >> >> Windows XP Pro (I think thats what they have) to join the "Network"
>>> >> >> Unless I can get the Samba server look like AD, but I'm not sure
>>> >> >> how
>>> >> >> to go about this... They want passwords and some "Security" over
>>> >> >> the
>>> >> >> files on the file server.....
>>> >> >>
>>> >> > You can have username:passwd security without a PDC, and unless the
>>> >> > workstations definitely are XP Pro they won't be able to join a
>>> >> > domain.
>>> >> >
>>> >> > It's a lot of work to set up the domain and then join each machine
>>> >> > to
>>> >> > it. Personally I would avoid it, and another downside is that by
>>> >> > default
>>> >> > Samba will use roaming profiles which will likely lead to trouble in
>>> >> > the
>>> >> > long run. You can disable that but it's yet another setting to get
>>> >> > dead
>>> >> > right.
>>> >> >
>>> >> >> While doing a bit of reading up on doing this I worked out it
>>> >> >> should
>>> >> >> be possible to use Samba to do shared home directories on Linux and
>>> >> >> it
>>> >> >> should work *better* than NFS.
>>> >> >
>>> >> > Yes, homes are easy to set up in Samba. Be careful where you place
>>> >> > them,
>>> >> > and consider user quotas to stop disc usage getting out of control.
>>> >> >>
>>> >> >> Also can I join the Wins bit of the SMB to my DNS and not have so
>>> >> >> much
>>> >> >> duplication of service.
>>> >> > Samba will become a WINS server, just put 'wins support = yes' in
>>> >> > the
>>> >> > [global] part of smb.conf. Job done.
>>> >> >
>>> >> > Samba is a leviathan, there are literally hundreds of possible
>>> >> > settings,
>>> >> > any of which can trip you up. Good place to start is the official
>>> >> > documentation:
>>> >> >
>>> >> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
>>> >> >
>>> >> > Feel free to fire questions, but a couple of tips on things that are
>>> >> > guaranteed to drive you up the wall at some point:
>>> >> >
>>> >> > You can grant whatever permissions you like in Samba, but if the
>>> >> > appropriate Unix permissions are not in place, then they won't work,
>>> >> > and
>>> >> > you won't know why.
>>> >> >
>>> >> > Some config changes in Samba take effect straightaway, others
>>> >> > require
>>> >> > a
>>> >> > Windows logon/logoff or even reboot to take effect, so always worth
>>> >> > trying that before giving up.
>>> >> >
>>>
>>>
>>> Interesting. I'll have to do some playing, and see what I can get
>>> working.
>>>
>>> I've used most of the building blocks before but not together....
>>>
>>> From what I can see so far,
>>>
>>> Samba can be used with LDAP and Kerbros to emulate an AD but you can't
>>> mix it with Winodows AD servers.
>>>
>>> I can't stand LDAP I've always found it a beast and can't find a good
>>> tool to administrate it correctly.
>>>
>>> You still need to keep multiple databases in sync ie Kerbros, LDAP and
>>> I guess your file permissions too.
>>>
>>> Peter.
>>>
>>> _______________________________________________
>>> Kent mailing list
>>> Kent at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/kent
>>
>>
>> _______________________________________________
>> Kent mailing list
>> Kent at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/kent
>>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>



More information about the Kent mailing list