Samba 3 By Example

ALecs writes "When I first discovered Samba, I was in heaven! I could serve my Linux filesystems to my Windows 95 desktop and life was good. Between then and now, though, Samba has gotten a lot more capabilities, and I've been struggling to keep up with the cryptic voodoo that is Windows networking. While 'The Official Samba-3 HOWTO and Resource Guide' has been a great resource, Samba seems to just be once of those packages that you just need to see in action to understand. Hearing my cries, and those of countless others, John H. Terpstra has bestowed upon the Samba community the tome of ancient knowledge sought by all: Samba 3 By Example: Practical Exercises to Successful Deployment ." Read on for the rest of Malone's review.

Samba 3 By Example: Practical Exercises to Successful Deployment
author	John H. Terpstra
pages	340
publisher	Prentice Hall PTR
rating	10
reviewer	Joshua Malone
ISBN	0131472216
summary	Working examples to use Samba 3 in small or large office

Samba 3 By Example begins on a very friendly note by explaining how to get the most out of it any what you'll need to complete the exercises in the rest of the book. The beginning also includes a Windows networking primer, complete with packet captures (using the popular tool 'ethereal') showing how network browsing really works, under the hood.

This book follows the evolution of a fictitious company, "Abmas", through an impossible growth from a 9-person office to a 2000-person network with multiple sites around the world. You assume the role of the IT guy: charged with growing the company's network infrastructure, planning for change and, above all, keeping the users happy.

Some of the major challenges tackled in this book are:

• Using Samba-3 as an NT-4 style PDC
• Using Samba-3 as an domain member server
• Using the various authentication backends as alternatives to the traditional 'smbpasswd' backend
• Using LDAP to implement a Samba-3 PDC with backup domain controllers
• Authentication using winbindd
• Migrating from NT-4 to Samba-3 for a PDC
• Using kerberos to integrate Samba-3 into a Microsoft Active Directory domain (as a domain member server)

I am extremely impressed by Terpstra's book. It addresses the complete spectrum of Samba deployments, from the 10-person office to the 2000-seat, multi-site enterprise while explaining not just what to do, but how to do it and, most importantly, why. The examples are practical and you can really imagine some poor sap^H^H^H^H^H^H^H^H unfortunate systems administrator finding him/herself in these very positions. This book says that these scenarios are hypothetical aggregations of real-world situations, but could swear I've worked for this company before.

One of the nicest things about this book is that each situation is followed by a Q&A section - almost like a textbook - that addresses both the important points of the exercise, as well as some of the trivial details that were left out for the sake of brevity. Don't be tempted to skip them thinking that it's just a rehash.

It's worth noting that this book is not a replacement for TOSHARG and defers to it for technical details in multiple cases. These two books should be sidearms for any IT administrator that has to deal with Windows clients on a daily basis.

I'm also very impressed with Terpstra's candor about Samba's features, weaknesses and road map. Nowhere in this book is Windows put down as inferior or is Samba touted as the "be-all, end-all" of Desktop and client management solutions. The relative flexibility of Active Directory and Samba is discussed only briefly and the choice to use Samba over Windows is ultimately left to the reader. Since you've gone to the trouble of purchasing this book, Terpstra assumes you've already made up your mind and require no further convincing.

Continuing to be mindful of office politics, Terpstra devotes a section in each chapter to the political implications of replacing Windows with an open source product, and an entire chapter to the issues inherent in bringing Samba into a traditionally Windows-based shop. Even though he refers to this chapter as a "shameless self-promotion of Samba-3", I found it to be an even-handed discussion of the issues you will most likely encounter from anti-Unix advocates and IT managers who have bought into the anti-Linux FUD. These are real issues that Systems Administrators need to know how to deal with effectively but too many of us simply dismiss because we feel they are uninformed.

In addition to examples of Samba configuration, examples are provided to integrate Samba with other useful servers such as the squid web proxy, OpenLDAP, bind and dhcpd. The configuration files for Samba as well as these additional pieces of software are also conveniently located on the included CD-ROM, along with Samba 3.0.2 packages for Red Hat Fedora Core 1 and SuSE Linux (Enterprise server 8 for x86 and s390 and SuSE Linux 9).

I think my biggest complaint with this book is that the "case study"-like format of this book tends to lump a large number of new features into a single example. This can make it hard to isolate the particular feature that you're interested in.

For instance, the example that illustrates automatic printer driver downloads to Windows clients is lumped into a chapter that is primarily concerned with using LDAP to implement a BDC. Automatic driver installation is a great feature that many sites far too small to consider implementing LDAP would likely be interested in.

In all, though, I'm extremely pleased with Samba 3 by Example - perhaps even more than TOSHARG. In it, you'll find plenty of tips, working examples and honest admissions of bugs (and their workarounds) that will keep you from losing your sanity. You could almost call this book a 300 page Samba and Windows networking consultant with over 8 years of experience. Terpstra has been incredibly kind to the Samba community by imparting so much wisdom to us all in this book.

---

Josh Malone has been a FreeBSD and Windows system administrator for three and a half years working in development shops and hosting companies, and currently works as a Linux engineer for an embedded systems company. You can purchase Samba 3 By Example from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page

samba rocks

[jacquesm]

Samba is probably one of the largest driving forces enabling people to migrate away from windows servers. It's a cornerstone of lots of offices that I have visited.

little known fact

[mirko]

Samba 3 is used by Panther (OSX3) since the beginning.

We're talking about Samba and Linux here...

[gfhilton]

I've been struggling to keep up with the cryptic voodoo that is Windows networking.

The cryptic voodoo I struggle to keep up with is Samba and Linux itself. Setting up networking, even advanced domain stuff, in Windows is very easy in comparison. Hence books like this one.

I don't mean to troll, but one of Linux's biggest problems from a usability point of view is that there is no central place where configuration information is stored (aka the "hated" registry in Windows). It's supposed to end up in /etc but many times it doesn't and instead it's all scattered around in hundreds of tiny text files with various different formats that one must search out and edit. This is one of the (many) things that make it very difficult to set up or configure anything in Linux, be it hardware or software.

I think we would all be better off if the Linux community would work on fixing usability problems and making Linux more unified instead of continually adding new features. And if that sounds like many criticisms of Microsoft you've heard, then so be it.

Re:almost 40% at bookpool.com

[blackmonday]

Yes I know you were being funny: That's not a refferal ID, but even if it was, who cares? it wouldn't cost you any more money to buy it, and he gets some cash for spreading the word around. I don't see the angst against them on Slashdot.

Re:Kerberos Authentication

[Anonymous Coward]

And the PAC certainly doesn't violate any of the kerberos standards. Placing implementation specific information in the authorization data is what it's there for.

Very true, but I think the issue many people have is with Microsoft using this field and then not telling anyone how to interpret it (well, at first anyway).

Why aren't tech authors into "free as in beer?"

[stratjakt]

I've been struggling to get my samba PDC (and by extension every windows box on my network) and linux to authenticate against a single source, an LDAP server.

Of course, this means learning not only what LDAP is , but how to configure and test it, etc.. OpenLDAP wasnt the toughest nut to crack, but it's configuration files are out there in wackyland. This is as far as I've gotten.

Then getting samba and other services to auth against it. Of course, to use pam_ldap.so I need to have linux boxes that use PAM, and getting that running on my mutant once-slackware-but-now-fubar installs is no easy task..

Anyways, to say the documentation on such things is sparse would be an understatement. What's to be found is completely obtuse and hard to follow.

It would seem that this book would help. And if this were work-related I could get it and write off the expense. But this is just hobbyist messing-around stuff, and by this time next week I'll be messing with something different.

I just dont have the funds to spend 200 bucks on literature for my time-wasting project du jour. Google's alright most of the time, but often I just see 9 billion users group postings of the same error I'm getting (with no replies containing solutions).

Re:We're talking about Samba and Linux here...

[cbiltcliffe]

It's supposed to end up in /etc but many times it doesn't and instead it's all scattered around in hundreds of tiny text files with various different formats that one must search out and edit.

You mean like the 229 .ini files that are on my Windows 2000 machine, in various places in 'Program Files', 'WINNT', 'WINNT\System32', etc.etc?

Seriously...I don't know what Linux distro you're using......I've heard this comment before, and out of the few dozen I've tried, nothing ever stored configuration information in more than two places:

1) /etc and, for some programs with lots of config files, subdirectories of /etc dedicated to the one program.
2) hidden directories in the user's home directory, for personal configuration files, rather than system-wide.

Anything that's in the user's home directory is set by the interface of whatever program they're running, though, so you hardly need to 'search out and edit' files that are in 'various different formats'.

If you're going to spread FUD, at least spread something that's true.
Oh...wait.....that would mean it wouldn't be FUD, wouldn't it?

Re:excellent! i have been looking for this

[Lussarn]

It's like they say. Windows is easy until something breaks. Then you are screwed.

Re:adds stability to Win9x/ME workgroups

[mtnharo]

He wasn't really talking about using domains though. He mentioned setting up Samba as a "Master Browser." On a domainless network, one of the machines becomes the "master browser," which all of the other machines look to for info on who is on the network.

It sounds like a good idea, but in practice, if the master browser changes or is rebooted, the other machines in the workgroup won't be able to find network resources unless they are restarted too. This is usually the source of most network issues with Windows on home networks. By setting up a samba machine that is always and never gives up "master browser" status, the table of which machines are on the network remains available.

Re:Samba vs. NFS

[jrcamp]

Such as I expected. I can't believe there isn't a huge drive from RedHat, SuSE, IBM, etc. to get NFSv4 complete and up to par with Windows when it comes to network file sharing. I would never deploy NFS in an enterprise with its current state.

Re:excellent! i have been looking for this

[puddpunk]

The main reason I still keep M$ machines is for games, and Need For Speed - Porsche Unleashed happens to be one of my favorites.

Get a Playstation! Thats what I did and since have been able to kiss windows goodbye and still play games that I like.

Re:We're talking about Samba and Linux here...

[Whatchamacallit]

Yeah with a single point of failure on two binary files! I have no idea how many registries I've had to repair, replace, or just end up reloading Windows to fix but it's up in the 6 figure range!

MS needs to freaking put in some better backup and auto-recover features for the registry! It's far to vital to rely on a Sysadmin backing it up on a regular basis. There needs to be a multi-layered backup going back several days. Sure you can do a system restore but it's not rock solid enough and scares the hell out of most people. Go-Back was and is much more reliable and easier to understand then the first generation Microsoft System Restore feature. The registry should be backed up after every single successful reboot and one should have at least 4-5 choices to roll it back to if there is a problem. You should be able to do this at boot time when the registry has an issue being read or written to. A dialog should popup and ask if you wish to switch the current registry files to the backed up ones.

Linux scatters INI like configuration files in a variety of locations and the format varies. But at least if your Samba.conf file gets hosed, it won't blow out everything else along with it. Say it's truly corrupted, you can at least edit the sucker with vi / emacs and fix the glitch. With a binary registry file you're fucked.

Apple's got it right with their XML .plist files and the Property List editor to read and edit them. You can edit them with any text editor as well. In addition there are full command line tools that are vastly superior to the Windows command line tools. It's easy to write Cocoa/Carbon apps that use a .plist file to store default settings and preferences. Most apps if they follow the recommendation will have the ability to regenerate an applications .plist file if it's deleted. Before Apple came out with Journaled HFS+, there were many file corruption issues (all fixable with a permissions check and running a disk util). The new Journaled HFS+ is pretty darn solid, I haven't had a corrupted file ever since the journaling was added in Jaguar (it was there in Jaguar but you had to turn it on via a system hack in Panther it's on by default via the Disk Utility).