Samba 3 By Example 195
Samba 3 By Example: Practical Exercises to Successful Deployment | |
author | John H. Terpstra |
pages | 340 |
publisher | Prentice Hall PTR |
rating | 10 |
reviewer | Joshua Malone |
ISBN | 0131472216 |
summary | Working examples to use Samba 3 in small or large office |
Samba 3 By Example begins on a very friendly note by explaining how to get the most out of it any what you'll need to complete the exercises in the rest of the book. The beginning also includes a Windows networking primer, complete with packet captures (using the popular tool 'ethereal') showing how network browsing really works, under the hood.
This book follows the evolution of a fictitious company, "Abmas", through an impossible growth from a 9-person office to a 2000-person network with multiple sites around the world. You assume the role of the IT guy: charged with growing the company's network infrastructure, planning for change and, above all, keeping the users happy.
Some of the major challenges tackled in this book are:
- Using Samba-3 as an NT-4 style PDC
- Using Samba-3 as an domain member server
- Using the various authentication backends as alternatives to the traditional 'smbpasswd' backend
- Using LDAP to implement a Samba-3 PDC with backup domain controllers
- Authentication using winbindd
- Migrating from NT-4 to Samba-3 for a PDC
- Using kerberos to integrate Samba-3 into a Microsoft Active Directory domain (as a domain member server)
I am extremely impressed by Terpstra's book. It addresses the complete spectrum of Samba deployments, from the 10-person office to the 2000-seat, multi-site enterprise while explaining not just what to do, but how to do it and, most importantly, why. The examples are practical and you can really imagine some poor sap^H^H^H^H^H^H^H^H unfortunate systems administrator finding him/herself in these very positions. This book says that these scenarios are hypothetical aggregations of real-world situations, but could swear I've worked for this company before.
One of the nicest things about this book is that each situation is followed by a Q&A section - almost like a textbook - that addresses both the important points of the exercise, as well as some of the trivial details that were left out for the sake of brevity. Don't be tempted to skip them thinking that it's just a rehash.
It's worth noting that this book is not a replacement for TOSHARG and defers to it for technical details in multiple cases. These two books should be sidearms for any IT administrator that has to deal with Windows clients on a daily basis.
I'm also very impressed with Terpstra's candor about Samba's features, weaknesses and road map. Nowhere in this book is Windows put down as inferior or is Samba touted as the "be-all, end-all" of Desktop and client management solutions. The relative flexibility of Active Directory and Samba is discussed only briefly and the choice to use Samba over Windows is ultimately left to the reader. Since you've gone to the trouble of purchasing this book, Terpstra assumes you've already made up your mind and require no further convincing.
Continuing to be mindful of office politics, Terpstra devotes a section in each chapter to the political implications of replacing Windows with an open source product, and an entire chapter to the issues inherent in bringing Samba into a traditionally Windows-based shop. Even though he refers to this chapter as a "shameless self-promotion of Samba-3", I found it to be an even-handed discussion of the issues you will most likely encounter from anti-Unix advocates and IT managers who have bought into the anti-Linux FUD. These are real issues that Systems Administrators need to know how to deal with effectively but too many of us simply dismiss because we feel they are uninformed.
In addition to examples of Samba configuration, examples are provided to integrate Samba with other useful servers such as the squid web proxy, OpenLDAP, bind and dhcpd. The configuration files for Samba as well as these additional pieces of software are also conveniently located on the included CD-ROM, along with Samba 3.0.2 packages for Red Hat Fedora Core 1 and SuSE Linux (Enterprise server 8 for x86 and s390 and SuSE Linux 9).
I think my biggest complaint with this book is that the "case study"-like format of this book tends to lump a large number of new features into a single example. This can make it hard to isolate the particular feature that you're interested in.
For instance, the example that illustrates automatic printer driver downloads to Windows clients is lumped into a chapter that is primarily concerned with using LDAP to implement a BDC. Automatic driver installation is a great feature that many sites far too small to consider implementing LDAP would likely be interested in.
In all, though, I'm extremely pleased with Samba 3 by Example - perhaps even more than TOSHARG. In it, you'll find plenty of tips, working examples and honest admissions of bugs (and their workarounds) that will keep you from losing your sanity. You could almost call this book a 300 page Samba and Windows networking consultant with over 8 years of experience. Terpstra has been incredibly kind to the Samba community by imparting so much wisdom to us all in this book.
Josh Malone has been a FreeBSD and Windows system administrator for three and a half years working in development shops and hosting companies, and currently works as a Linux engineer for an embedded systems company. You can purchase Samba 3 By Example from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page
Re:Question: (Score:5, Informative)
Re:Question: (Score:3, Informative)
almost 40% at bookpool.com (Score:5, Informative)
Re:Kerberos Authentication (Score:5, Informative)
Re:Kerberos Authentication (Score:4, Informative)
This is because before using the information, you have to verify the signatures (to ensure the data hasn't been forged). Making use of the information in the PAC is on the TODO list though as it will result in a nice performance increase in some areas.
And the PAC certainly doesn't violate any of the kerberos standards. Placing implementation specific information in the authorization data is what it's there for.
Re:Kerberos Authentication (Score:5, Informative)
Use 'net ads join' to join as a Win2K member. If you use the older 'net rpc join' command, you're just doing NT-4 domain membership. Chapter 9 in the book covers Active Directory interoperation. The interoperability code is in Samba, not Kerberos.
I just used this book. My experience. (Score:-1, Informative)
Re:little known fact (Score:4, Informative)
It uses all the normal Apple GUI type controls which basically take care of all of the configuration changes to smb.conf and krb5.conf. Basically a slick "apple looking" configuration file editor. I thought SWAT made samba configuration pretty easy, but this Apple stuff is great. Really cool stuff.
30% off the price for UK readers (Score:4, Informative)
Tried Samba 3.0.2a... (Score:4, Informative)
Re:adds stability to Win9x/ME workgroups (Score:2, Informative)
Businesses have been using Win95/98 systems on domains (Windows NT) and Netware networks for years. Windows ME can logon to and utilize an NT domain but there is no official Netware client for ME...not that I've heard of anyone using WinME with a Netware server.
Re:excellent! i have been looking for this (Score:3, Informative)
I recently upgraded two of my MS-Windows machines at home, put a GeForce fx5200 video card in my desktop and got a new HP/Compaq notebook with XP pre-installed. The main reason I still keep M$ machines is for games, and Need For Speed - Porsche Unleashed happens to be one of my favorites. It took me several weeks to get it working in the notebook, and it still doesn't work on the desktop.
Compared to this, configuring Linux machines is easy. Usually you just need to look in the log files for error messages and paste the message text in a Google search to get the info you need to get it working.
Re:excellent! i have been looking for this (Score:4, Informative)
There's also O'Reilly's free Using Samba online... (Score:5, Informative)
AMAZON.COM review copy? (Score:5, Informative)
That's funny, i just completed a google search for your "comment" here and gues what i found?
VERBATIM COPY [amazon.com]
Interesting.
Re:Where to find a copy of TOSHARG? (Score:3, Informative)
Re:adds stability to Win9x/ME workgroups (Score:5, Informative)
Every version of windows after Win 95 SP1 uses encrypted passwords by default. That includes WinME. You have to apply a registry change (documented in the docs/Registry/ directory of your samba source distro) to make them use clear text passwords.
Linux authenticating against LDAP isn't very hard - most of the newer distros just require a couple button presses to set that up, and you should check out PADL's site (padl.com, IIRC) for scripts to migrate your
That 485 page PDF document bundled with the current Samba distro is really a useful read.
BTW, calling people stupid doesn't help much, esp when you're wrong.
Re:samba rocks - until you hit oplocks! (Score:5, Informative)
Of course you'll want to RTFM on those commands first so you know what you're letting yourself in for.
Re:samba rocks - until you hit oplocks! (Score:4, Informative)
Erm, isn't that a completely insane thing to do (unless you're sharing a CD over Samba)?!!! The Windows clients will assume they have a lock on a file, and blindly write to it, even though other clients will assume the same! If you really are using this on a writable share and haven't clobbered a whole load of files, then you've been damned lucky!
Re:excellent! i have been looking for this (Score:2, Informative)
Of course, the Samba developers shouldn't be blamed for that. I suppose that learning the black arts of Windows networking is about as logical as Windows itself, after all.
Re:Samba vs. NFS (Score:5, Informative)
However, that's going to change. There is already support for RPC security when using NFSv4 in Linux 2.6. That way, you can use Kerberos authentication and encryption for your NFS exports, and all is well. It's still marked as experimental, but I suspect it to be mature before long.
All that already works on Solaris, of course.
Re:Kerberos Authentication (Score:3, Informative)
See http://linuxtoday.com/news_story.php3?ltsn=2000-0
Re:samba rocks - until you hit oplocks! (Score:5, Informative)
We had problems with dbase file locking until we vetoed oplocks on those files.
To do it, it looks like this:
veto oplock files =
This way, you're not using oplocks on only the types of files that are giving you hell, while getting the best performance possible from all other file types.
Re:Does Samba have some of the same security flaws (Score:1, Informative)
On the other hand, a multi-platform worm that is specifically designed to target Samba and Windows networking vulnerabilities is quite possible.
Agree with reviewer (Score:3, Informative)
Re:Samba vs. NFS (Score:3, Informative)
Re:So, Where is Samba-3 By Example? (Score:4, Informative)
I committed the entire text of the book to the public samba-docs code tree on April 5th. We are having some difficulty in building the PDF file on the Samba build system. This will be resolved as soon as possible.
We are committed to open information about open source software. Please be a little patient with us, you will get your candy soon.
Cheers,
John T.