Samba 3 By Example 195
| Samba 3 By Example: Practical Exercises to Successful Deployment | |
| author | John H. Terpstra |
| pages | 340 |
| publisher | Prentice Hall PTR |
| rating | 10 |
| reviewer | Joshua Malone |
| ISBN | 0131472216 |
| summary | Working examples to use Samba 3 in small or large office |
Samba 3 By Example begins on a very friendly note by explaining how to get the most out of it any what you'll need to complete the exercises in the rest of the book. The beginning also includes a Windows networking primer, complete with packet captures (using the popular tool 'ethereal') showing how network browsing really works, under the hood.
This book follows the evolution of a fictitious company, "Abmas", through an impossible growth from a 9-person office to a 2000-person network with multiple sites around the world. You assume the role of the IT guy: charged with growing the company's network infrastructure, planning for change and, above all, keeping the users happy.
Some of the major challenges tackled in this book are:
- Using Samba-3 as an NT-4 style PDC
- Using Samba-3 as an domain member server
- Using the various authentication backends as alternatives to the traditional 'smbpasswd' backend
- Using LDAP to implement a Samba-3 PDC with backup domain controllers
- Authentication using winbindd
- Migrating from NT-4 to Samba-3 for a PDC
- Using kerberos to integrate Samba-3 into a Microsoft Active Directory domain (as a domain member server)
I am extremely impressed by Terpstra's book. It addresses the complete spectrum of Samba deployments, from the 10-person office to the 2000-seat, multi-site enterprise while explaining not just what to do, but how to do it and, most importantly, why. The examples are practical and you can really imagine some poor sap^H^H^H^H^H^H^H^H unfortunate systems administrator finding him/herself in these very positions. This book says that these scenarios are hypothetical aggregations of real-world situations, but could swear I've worked for this company before.
One of the nicest things about this book is that each situation is followed by a Q&A section - almost like a textbook - that addresses both the important points of the exercise, as well as some of the trivial details that were left out for the sake of brevity. Don't be tempted to skip them thinking that it's just a rehash.
It's worth noting that this book is not a replacement for TOSHARG and defers to it for technical details in multiple cases. These two books should be sidearms for any IT administrator that has to deal with Windows clients on a daily basis.
I'm also very impressed with Terpstra's candor about Samba's features, weaknesses and road map. Nowhere in this book is Windows put down as inferior or is Samba touted as the "be-all, end-all" of Desktop and client management solutions. The relative flexibility of Active Directory and Samba is discussed only briefly and the choice to use Samba over Windows is ultimately left to the reader. Since you've gone to the trouble of purchasing this book, Terpstra assumes you've already made up your mind and require no further convincing.
Continuing to be mindful of office politics, Terpstra devotes a section in each chapter to the political implications of replacing Windows with an open source product, and an entire chapter to the issues inherent in bringing Samba into a traditionally Windows-based shop. Even though he refers to this chapter as a "shameless self-promotion of Samba-3", I found it to be an even-handed discussion of the issues you will most likely encounter from anti-Unix advocates and IT managers who have bought into the anti-Linux FUD. These are real issues that Systems Administrators need to know how to deal with effectively but too many of us simply dismiss because we feel they are uninformed.
In addition to examples of Samba configuration, examples are provided to integrate Samba with other useful servers such as the squid web proxy, OpenLDAP, bind and dhcpd. The configuration files for Samba as well as these additional pieces of software are also conveniently located on the included CD-ROM, along with Samba 3.0.2 packages for Red Hat Fedora Core 1 and SuSE Linux (Enterprise server 8 for x86 and s390 and SuSE Linux 9).
I think my biggest complaint with this book is that the "case study"-like format of this book tends to lump a large number of new features into a single example. This can make it hard to isolate the particular feature that you're interested in.
For instance, the example that illustrates automatic printer driver downloads to Windows clients is lumped into a chapter that is primarily concerned with using LDAP to implement a BDC. Automatic driver installation is a great feature that many sites far too small to consider implementing LDAP would likely be interested in.
In all, though, I'm extremely pleased with Samba 3 by Example - perhaps even more than TOSHARG. In it, you'll find plenty of tips, working examples and honest admissions of bugs (and their workarounds) that will keep you from losing your sanity. You could almost call this book a 300 page Samba and Windows networking consultant with over 8 years of experience. Terpstra has been incredibly kind to the Samba community by imparting so much wisdom to us all in this book.
Josh Malone has been a FreeBSD and Windows system administrator for three and a half years working in development shops and hosting companies, and currently works as a Linux engineer for an embedded systems company. You can purchase Samba 3 By Example from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page
Samba by example? (Score:4, Funny)
Re:Samba by example? (Score:4, Funny)
Re:Samba by example? (Score:4)
Whats even better is that in order to dance these dances well, you NEED to hold your partner in a close embrace. And you can't complain about that.
Another plus is that social latin dancing is done in places like public bars, but the atmosphere of the dance set is not 'meat market'. Thus it gives you a solid framework to get out in public that is not confrontationist. In my job where I do a bit of world travel, I always try and find the local dance places for some non work social life, and as a result have had some really fun times away from home.
On a final note, Samba is a Brazilian dance, and I can attest that all the Brazilians I have met have been fun loving people, and that the country is a great one to go and visit
samba rocks (Score:5, Insightful)
Re:samba rocks - until you hit oplocks! (Score:5, Interesting)
Believe me, I've been banging my head against this for a couple of weeks now (I can't reproduce the problem, but other people on the network can and do, daily). Everyone seems to have their own idea about the correct combination of oplocks, level 2 oplocks, veto oplocks, deadtime etc to use; but nothing seems 100% foolproof. This is the reason we're probably going to be switching away from Samba to Win2k3. I don't want this, but as the only Linux guy, it's hard to fight the tide when you're having to clear down the locks and force people to close and re-open files almost daily as they're lock out of their own files...
Re:samba rocks - until you hit oplocks! (Score:4, Interesting)
Re:samba rocks - until you hit oplocks! (Score:1)
Re:samba rocks - until you hit oplocks! (Score:5, Informative)
Of course you'll want to RTFM on those commands first so you know what you're letting yourself in for.
Re:samba rocks - until you hit oplocks! (Score:4, Informative)
Erm, isn't that a completely insane thing to do (unless you're sharing a CD over Samba)?!!! The Windows clients will assume they have a lock on a file, and blindly write to it, even though other clients will assume the same! If you really are using this on a writable share and haven't clobbered a whole load of files, then you've been damned lucky!
Re:samba rocks - until you hit oplocks! (Score:5, Interesting)
I don't know the specifics of your situation, so this very well may be an extremely bad idea for you, hence the "RTFM" comment.
The system these configuration entries came from is a server that hosts numerous files which many people read, but only one or two people need to write to (and only one of those on a regular basis).
The problem being that the annoying win32 program being used refuses to function unless it believes it has exclusive read and write access to the files, even though it never actually writes to the files (in most cases).
It¦s not an elegant solution, but it solved the problem here with no ill effects since it was installed over a year ago, but yes, it has huge potential to cause file corruption on a system where the same files are concurrently modified by multiple users.
Re:samba rocks - until you hit oplocks! (Score:5, Informative)
We had problems with dbase file locking until we vetoed oplocks on those files.
To do it, it looks like this:
veto oplock files =
This way, you're not using oplocks on only the types of files that are giving you hell, while getting the best performance possible from all other file types.
Re:samba rocks - until you hit oplocks! (Score:2, Interesting)
Kerberos Authentication (Score:5, Interesting)
Re:Kerberos Authentication (Score:5, Informative)
Re:Kerberos Authentication (Score:5, Informative)
Use 'net ads join' to join as a Win2K member. If you use the older 'net rpc join' command, you're just doing NT-4 domain membership. Chapter 9 in the book covers Active Directory interoperation. The interoperability code is in Samba, not Kerberos.
Re:Kerberos Authentication (Score:4, Informative)
This is because before using the information, you have to verify the signatures (to ensure the data hasn't been forged). Making use of the information in the PAC is on the TODO list though as it will result in a nice performance increase in some areas.
And the PAC certainly doesn't violate any of the kerberos standards. Placing implementation specific information in the authorization data is what it's there for.
Re:Kerberos Authentication (Score:1, Insightful)
Very true, but I think the issue many people have is with Microsoft using this field and then not telling anyone how to interpret it (well, at first anyway).
Re:Kerberos Authentication (Score:3, Informative)
See http://linuxtoday.com/news_story.php3?ltsn=2000-0
Re:Kerberos Authentication (Score:2)
Not that it really mattered. It's pretty easy to decode on its own.
excellent! i have been looking for this (Score:4, Interesting)
overall my impression is that in total i suppose you would need less time to set up and maintain a nice samba server than a w2k server, even if it is your first time installing linux.
with the help of this book it will become even simpler....
yay.
Re:excellent! i have been looking for this (Score:5, Funny)
; 7: Look at the "hosts allow" option, unless you want everyone on the internet
; to be able to access your files.
Well, I looked at it and they could still access my files.
Re:excellent! i have been looking for this (Score:1)
1) A: You look at the "hosts allow" option.
2) B: You want everyone on the internet to be able to access your files.
What the comment says is: A unless B. In other words, If B then not A. (If you want everyone on the internet to be able to access your files, then don't look at the "hosts allow" option.
It would be wrong only if they said: B unless A.
Re:excellent! i have been looking for this (Score:2)
He physically "looked at" the option, as instructed, and it unsurprisingly had no effect on server operations.
Personally, I love using samba as a PDC. With the addition of some decent web pages for LDAP user and group maintainance, it becomes a very slick, well-unified system. I haven't plunged into the world of printer sharing yet, b
Re:excellent! i have been looking for this (Score:4, Informative)
Re:excellent! i have been looking for this (Score:2, Informative)
Of course, the Samba developers shouldn't be blamed for that. I suppose that learning the black arts of Windows networking is about as logical as Windows itself, after all.
Re:excellent! i have been looking for this (Score:3, Informative)
I recently upgraded two of my MS-Windows machines at home, put a GeForce fx5200 video card in my desktop and got a new HP/Compaq notebook with XP pre-installed. The main reason I still keep M$ machines is for games, and Need For Speed - Porsche Unleashed happens to be one of my favorites. It took me several weeks to get it working in the notebook, and it still doesn't work on the desktop.
Compared to this, configuring Linux machines is easy. Usually y
Re:excellent! i have been looking for this (Score:4, Insightful)
Re:excellent! i have been looking for this (Score:5, Funny)
Re:excellent! i have been looking for this (Score:2)
Re:excellent! i have been looking for this (Score:2, Insightful)
Get a Playstation! Thats what I did and since have been able to kiss windows goodbye and still play games that I like.
cool (Score:1)
almost 40% at bookpool.com (Score:5, Informative)
Re:almost 40% at bookpool.com (Score:2, Funny)
Re:almost 40% at bookpool.com (Score:1)
The url was generated by going directly to bookpool and then searching for the title, so if your trying to infere I have any benefit from anyone using the link, then your an idiot.
Re:almost 40% at bookpool.com (Score:1)
Re:almost 40% at bookpool.com (Score:4, Insightful)
"By Example" books a great idea (Score:5, Interesting)
Samba is one of those setups where the total amount of functionality is far more than many users need, so a collection of well-designed examples will greatly speed one's implementation (and reduce common security problems). Fortunately the default config file has improved in Samba to the point where it's not too difficult to setup basic printer/filesystem sharing.
These "cookbook" style books obviously can't replace a reference, but they often are more useful as a starting point. I've spent over five years on unix systems now, but I still groan at the lack of examples in the man pages of more obscure command line software. Google often comes through, provided I can think of a good phrase that describes what I'm trying to do ("search and replace with perl command line" - perl -pi -e 's/searchterm/replaceterm/g' [filenames], btw).
Re:"By Example" books a great idea (Score:1)
sed 's/searchterm/replaceterm/g' filename
and get the work down without perl having to be there?
Re:"By Example" books a great idea (Score:2)
Well, isn't that the curse of the modern technology-plus-marketing society where we live? Any product today, be it software or hardware, comes with a lot more functionality than we really need.
Great! (Score:1, Interesting)
little known fact (Score:3, Insightful)
Re:little known fact (Score:4, Informative)
It uses all the normal Apple GUI type controls which basically take care of all of the configuration changes to smb.conf and krb5.conf. Basically a slick "apple looking" configuration file editor. I thought SWAT made samba configuration pretty easy, but this Apple stuff is great. Really cool stuff.
Samba Cryptic? (Score:5, Interesting)
Re:Samba Cryptic? (Score:2, Interesting)
Re:Samba Cryptic? (Score:2)
This is NFS version 2. Both Linux and solaris support NFS v3 but if you roll your own kernels don't forget to enable version 3.
30% off the price for UK readers (Score:4, Informative)
Tried Samba 3.0.2a... (Score:4, Informative)
Re:Tried Samba 3.0.2a... (Score:2)
Re:Tried Samba 3.0.2a... (Score:2)
We're talking about Samba and Linux here... (Score:3, Insightful)
The cryptic voodoo I struggle to keep up with is Samba and Linux itself. Setting up networking, even advanced domain stuff, in Windows is very easy in comparison. Hence books like this one.
I don't mean to troll, but one of Linux's biggest problems from a usability point of view is that there is no central place where configuration information is stored (aka the "hated" registry in Windows). It's supposed to end up in
I think we would all be better off if the Linux community would work on fixing usability problems and making Linux more unified instead of continually adding new features. And if that sounds like many criticisms of Microsoft you've heard, then so be it.
Re:We're talking about Samba and Linux here... (Score:2)
Funny, I think one of Linux's biggest advantages is that there is a central place where configuration information is stored. It's, as you mentioned, /etc. To find information about your configuration is normally as simple as "find /etc -exec grep -si some_text /dev/null {} \;". OK, the syntax of the find command is anything but easy, but, once you learn it, it'll become far easier than poring through regedit.exe
Re:We're talking about Samba and Linux here... (Score:2)
Eh? I'll call you on this one. How hard is it to open regedit and hit F3 to search for something? Also the registry is pretty logically layed out. HKLM for machine wide configurations, HKCU for per person settings. It's pretty straight forward once you learn it.
Re:We're talking about Samba and Linux here... (Score:2)
You answer your own question when you say that "...the registry is pretty logically layed out. HKLM for machine wide configurations, HKCU for per person settings.". Excuse me, but I fail to see the logic in it. How does "HKLM" relate logically to "machine wide configurations"? At least in Linux configuration is normally done by text files, and the text has some connection to the action one wants to perform. Want to configure smb? Check smb.
Re:We're talking about Samba and Linux here... (Score:2)
Re:We're talking about Samba and Linux here... (Score:2)
Re:We're talking about Samba and Linux here... (Score:2)
Re:We're talking about Samba and Linux here... (Score:5, Insightful)
You mean like the 229
Seriously...I don't know what Linux distro you're using......I've heard this comment before, and out of the few dozen I've tried, nothing ever stored configuration information in more than two places:
1)
2) hidden directories in the user's home directory, for personal configuration files, rather than system-wide.
Anything that's in the user's home directory is set by the interface of whatever program they're running, though, so you hardly need to 'search out and edit' files that are in 'various different formats'.
If you're going to spread FUD, at least spread something that's true.
Oh...wait.....that would mean it wouldn't be FUD, wouldn't it?
Re:We're talking about Samba and Linux here... (Score:2)
This allows for a simple architecture that can be easily extended since it works on the filesystem level.
http://registry.sf.net/
Re:We're talking about Samba and Linux here... (Score:2)
Re:We're talking about Samba and Linux here... (Score:2)
The Windows registry is regularly read from and written to and, we know that static systems are less problematic than dynamic ones. It is also difficult to secure the registry because most software relies on write acc
Re:We're talking about Samba and Linux here... (Score:2)
It should be noted that we (my employer) did not experienced any file system corruption since the introduction of journalled file systems. And we have a few 100s servers on support.
I have been out of the Windows support scene for a while (thanks, $deity!), but back when I was a support monkey, registry corruption where relatively common. Hopefully, they fixed that in Windows >= 2000.
Re:We're talking about Samba and Linux here... (Score:3, Insightful)
MS needs to freaking put in some better backup and auto-recover features for the registry! It's far to vital to rely on a Sysadmin backing it up on a regular basis. There needs to be a multi-layered backup going back several days. Sure you can do a system restore but it's not rock solid enough and scares the hell
Re:We're talking about Samba and Linux here... (Score:2)
A file system is also a "neat hierarchial structure". Unless this structure make sense, it's useless.
This is of interest only if you have to store binary data. Wheter you need dword and integer as configuration value is open to debate.
This is neat indeed, except for the drawback that it is the only way to access it.
This is neat too, and just abo
Re:We're talking about Samba and Linux here... (Score:2)
Start->Search->For Files or Folders->*.ini 229 items found.
How the hell could I possibly get it wrong?!
Re:We're talking about Samba and Linux here... (Score:2)
You may have had to edit the registry though, which would be the Windows equivalent of editing config in /etc.
Re:We're talking about Samba and Linux here... (Score:2)
Blah blah blah. Thing in the Open-Source world get adopted when people choose to use them. People choose to use new thing because they see a perceived value in using them, not because some comittee decided in your plac
Re:We're talking about Samba and Linux here... (Score:2)
The location of the data is not what is all-important. Making the tools that modify that data better is.
-Mark
NDS is your Friend. (Score:1)
Where to find a copy of TOSHARG? (Score:1)
Does anyone know where I can get a copy of the TOSHARG that was mentioned as the technical resource?
Re:Where to find a copy of TOSHARG? (Score:1)
Re:Where to find a copy of TOSHARG? (Score:3, Informative)
Samba vs. NFS (Score:3, Interesting)
Re:Samba vs. NFS (Score:2)
Is there something I'm missing here?
Re:Samba vs. NFS (Score:5, Informative)
However, that's going to change. There is already support for RPC security when using NFSv4 in Linux 2.6. That way, you can use Kerberos authentication and encryption for your NFS exports, and all is well. It's still marked as experimental, but I suspect it to be mature before long.
All that already works on Solaris, of course.
Re:Samba vs. NFS (Score:2)
Unfortunately NFS sucks [1]. If I go to someone's house can I mount an NFS export as easily as I can an SMB share? No, because the UID/GIDs don't match up. SMB keys on usernames.
[1] In truth SMB sucks too because of the many layers of protocol.
Re:Samba vs. NFS (Score:2)
CIFS has this. At least it sounds like DFS to me. If you try to access a directory that is hosted on another server you get NT_STATUS_PATH_NOT_COVERED, the client queries for a referral and redirects to a server in the list.
Regardless, SMB and NFS still both suck. NFS will always suck because there's very little focus on integrating it with other related concepts like user and access management. SMB sucks bec
Re:Samba vs. NFS (Score:2, Insightful)
Re:Samba vs. NFS (Score:3, Informative)
There's also O'Reilly's free Using Samba online... (Score:5, Informative)
Re:There's also O'Reilly's free Using Samba online (Score:2)
Why aren't tech authors into "free as in beer?" (Score:2, Insightful)
Of course, this means learning not only what LDAP is , but how to configure and test it, etc.. OpenLDAP wasnt the toughest nut to crack, but it's configuration files are out there in wackyland. This is as far as I've gotten.
Then getting samba and other services to auth against it. Of course, to use pam_ldap.so I need to have linux boxes that use P
Re:Why aren't tech authors into "free as in beer?" (Score:2)
Agree with reviewer (Score:3, Informative)
Re:Question: (Score:5, Informative)
Re:Question: (Score:2)
Re:Question: (Score:3, Informative)
Re:Question: (Score:2)
Oddly enough, I just benchmarked that yesterday for my Samba implementation project. For the test, I used a 100MB or so directory, composed of a mix of large and small files, which also happened to be part of my home directory. Compared to NFS Maestro on the clients, mounting a shared directory from a Solaris box, Samba3 measured 78 percent faster writing to the server, and 73 percent faster reading from the server.
Hard to argue
adds stability to Win9x/ME workgroups (Score:5, Interesting)
Once I installed Samba on my main OpenBSD server, things quieted down. Took a few weeks before I realized: no Windows "hiccups" had happened! It's stayed that way for months now. I may have gotten the same effect by setting up a Windows PDC, but I don't have a "dedicated" box new enough to be useful for that. At this point, even if I don't need the shares, I'll leave it running just to stabilize the wife's WinME box!
Re:adds stability to Win9x/ME workgroups (Score:1)
Re:adds stability to Win9x/ME workgroups (Score:1)
For home use, I like samba just to turn what would otherwise be junk into fileservers. I have a samba PDC machine that also hosts a MSDFS root share. Basically its a ghetto SAN, with everything online easily browsable from one mapped drive.
The kids can find the games and cartoons, the wife can find her music and pictures, applications are all stored.
Roaming profiles and remote home director
Re:adds stability to Win9x/ME workgroups (Score:2, Informative)
Businesses have been using Win95/98 systems on domains (Windows NT) and Netware networks for years. Windows ME can logon to and utilize an NT domain but there is no official Netware client for ME...not that I've heard of anyone using WinME with a Netware server.
Re:adds stability to Win9x/ME workgroups (Score:4, Insightful)
It sounds like a good idea, but in practice, if the master browser changes or is rebooted, the other machines in the workgroup won't be able to find network resources unless they are restarted too. This is usually the source of most network issues with Windows on home networks. By setting up a samba machine that is always and never gives up "master browser" status, the table of which machines are on the network remains available.
Re:adds stability to Win9x/ME workgroups (Score:5, Informative)
Every version of windows after Win 95 SP1 uses encrypted passwords by default. That includes WinME. You have to apply a registry change (documented in the docs/Registry/ directory of your samba source distro) to make them use clear text passwords.
Linux authenticating against LDAP isn't very hard - most of the newer distros just require a couple button presses to set that up, and you should check out PADL's site (padl.com, IIRC) for scripts to migrate your
That 485 page PDF document bundled with the current Samba distro is really a useful read.
BTW, calling people stupid doesn't help much, esp when you're wrong.
Re:adds stability to Win9x/ME workgroups (Score:2)
Except a Samba PDC would win every NetBIOS election and keep browse list current IN A STABLE FASHION instead of having the Win9x machines fight over it every time one reboot. Set the Samba box as a WINS server and the clients accordingly, and you could have reliable NetBIOS name resolution that don't depend on broadcast.
AMAZON.COM review copy? (Score:5, Informative)
That's funny, i just completed a google search for your "comment" here and gues what i found?
VERBATIM COPY [amazon.com]
Interesting.
EVEN MORE INTERESTING!!!!!! (Score:1)
You are a liar, congrats. Get lost, son.
Re:EVEN MORE INTERESTING!!!!!! (Score:2)
Why not mention that AmandaHugginkiss [slashdot.org] is not a woman at all, but a man? Now my girlfriend things(sic) [slashdot.org]
Well, either that or a lesbian. But I don't think so, and neither does The Gender Genie [bookblog.net]: Female Score: 1079, Male Score: 1562
Re:AMAZON.COM review copy? (Score:2)
Now see that the Amazon review is written by one 'Josh Malone'.
Re:ta3o (Score:1)
Re:So, Where is Samba-3 By Example? (Score:4, Informative)
I committed the entire text of the book to the public samba-docs code tree on April 5th. We are having some difficulty in building the PDF file on the Samba build system. This will be resolved as soon as possible.
We are committed to open information about open source software. Please be a little patient with us, you will get your candy soon.
Cheers,
John T.