Slashdot Mirror

← Back to Stories (view on slashdot.org)

Large Scale Deployment of Linux for File/Print Services?

Posted by Cliff on from the linux-in-the-workplace dept.

sgtrock asks: "I was approached this week by a manager of the server support group at my company. He says he and his boss are trying to figure out what should host our file and print services for the company (read, replace Netware). He asked me if I thought if it would be feasible to do on Linux servers. Now, I was more than pleasantly surprised by the question, because as late as last fall I couldn't get this guy to take Linux seriously for companies our size. However, recent stories about Microsoft plus some of their actions here have really soured him on the idea of moving to Win2k services where he doesn't have to. I told him that in theory we could do it: LDAP authentication to our existing NDS on the back end, Samba file service and either LPR/LPD or CUPS based printing. The big open question mark for me is archiving. He then asked me if I knew of anyone already doing it." I'm sure there are shops out there that are using Linux as such. If you are, please raise your hand! Numbers on the size of the network and how well the system has been holding up would be appreciated.

"This is a pretty conservative company. We HATE to be first if we can avoid it. Every time we are we pay in much pain and sweat. So, I'd like to know the following: Does anyone know of or can point to success stories for this kind of application in very large environments? Mind you, I'm talking about tens of thousands of desktops, as we have 60,000 users. University stories will be looked at with skepticism by this management team. I'll read the stories, but they probably won't be given much credence by anyone else. Thanks for your time."

17 of 40 comments (clear)

  1. Moving to Linux in the Near Future by VaRunt · · Score: 2, Redundant

    I am the Network Coordinator for my company. When I first started working here my boss was very commited to Windows. But now that he has seen everything that has been going on with Microsoft. He is starting to listen to me about Linux. We are currently getting ready to place a print server that will allow three machine printing access. We are also looking into a new mail server. And we have a new Webserver that is linux. I am very pleased that my boss has decided to let me use linux in the office. For 2 reasons: 1. it is very stable and it doesn't require a lot of maintances. 2. it is very secure That's my 2 cents

  2. Well cisco does it. by j.e.hahn · · Score: 2, Interesting

    Back a few years ago there was a pretty famous article detailing how an admin at Cisco had implemented samba as the print infrastructure at all of cisco (and detailed some of the advantages and problems to it, as well as the problems inherent in the SMB protocol.)

    Apparently it worked really well. You might want to try googling around for it. It's a pretty good read, but I can't remember who published it. I'm fairly certain it was one of the Linux only webzines though.

    1. Re:Well cisco does it. by Mandrake · · Score: 2

      Actually, I thought they were all lpd, and all of that was done by a guy named Ben Woodard, who left cisco to work at VA Linux Systems working on the HP printing stuff for VA. Of course, I could be wrong, but I'm pretty sure that's the case.

      --
      Geoff "Mandrake" Harrison
      Some Random UI Hacker
  3. Buy new printers if... by Dunkirk · · Score: 2, Interesting

    they don't already use Postscript. Don't leave home without it when it comes to printing with any sort of *nix.

    --
    Acts 17:28, "For in Him we live, and move, and have our being."
  4. me! me! me! by Zurk · · Score: 3, Informative

    been there done that. i used LDAP with kerberos and LPR/LPD (& CUPS which we finally moved to but we started with lpr/lpd for its simplicity...i recommend doing the same) on 15 print servers for 15,000 students. solution is working well after 1.5 yrs...15 print servers deployed which handle the load quite well. print servers have web based admin (lpr called by a cgi--not very secure but the print servers have CDROM based boot and no remote access stuff other than lpr/lpd so rooting em doesnt get anyone anything..no compiler and minimal debian distros on em). archiving print jobs is handled by a copy to an AFS server and the cron jobs clear the spooled files from the RAM drive every 24 hrs after doing the AFS copy.

  5. SAMBA with NT authentication by gruntvald · · Score: 2, Informative

    I run 6 SAMBA boxes in an NT network, and they all authenticate back to PDC and BDC boxes. The SAMBA technical lists indicate that authenticating back to an LDAP backend such as NDS is mature.
    I have one "large" (150Gb storage) box that the other units trickle back to via rsync on 15 minute crons for backup, and a meagre 30Gb of archived files which barely fit on my 40Gb Tape backup unit. Check with the manufacturers for a supported hardware combination for your archive unit. I use HP, but they seem to be getting worse at support. IBM, for all their advertising, are probably just fine, or you could use an independant vendor. I don't recommend DELL. You will have to rsync via ssh the passwd and group files, and these will have to be generated independant from the NDS backend, or you can use "bad user" mapping, or even guest if you want.
    I have had nothing but grief with LPR, then LPRNG, all due to bugs. Currently LPRNG hangs with many print jobs, and I have confirmed that this is a bug, but there isn't an updated RPM yet. Printing support for W2K/NT clients in Samba 2.2.2 changed dramatically, if you have only 9x clients, you should be fine, otherwise take some time to set up your "shares" and do stress testing. You may find you need to manually compile your printing engine, so you can rapidly update it. Some have suggested CUPS, I'll try that next.

    1. Re:SAMBA with NT authentication by uslinux.net · · Score: 2
      The SAMBA technical lists indicate that authenticating back to an LDAP backend such as NDS is mature.

      I assume you actually mean immature. In any case, if you use PAM, there's no reason you really need Samba to have LDAP built-in. LDAP + nsswitch + /etc/pam.d files should work for all services (telnet, samba, ssh, etc).

  6. Been there, done that by uslinux.net · · Score: 4, Informative
    I used to work at a now bankrupt wireless telecom company headquarteres in NYC. We had a project to replace the NT 4.0 file and print server with Linux + Samba & LPRng. In general, it works, and LDAP would probably be a major help (since you otherwise need a parallel NIS, kerberos, or winbind+NT domain to do authentication and user management). Performance is there, compatibility is there, and cost savings is there.

    Our biggest issues were with printing - LPR just plain sucks. At the time, CUPS was still very new, so we used LPRng. I ended up writing a GUI front end for printer management (since printtool didn't work well, and editing printcap files by hand was unacceptable). The final "problem" was quotas - the NT admins were used to setting directory level quotas, while Linux/Unix uses partition level quotas. Simply put, we had to split /home and /shared while they were used to having just one partition. Quota management under Linux just isn't the same as NT (for better or worse), and you need to remember things like "if a user & group quota affect a directory, the MOST restrictive effects the user" (which is why you need to make two partitions).

    With newer kernels, this is a more reasonable project. Linux really is "enterprise-ready" now (I hate that term). Previously, things like a journaled filesystem were missing, which was a big gripe with the NT guys (when a system goes down, it takes a long time to scan 100 GB of data!). Also, newer kernels support more than 32000 users and groups (usefulness depends on your company size).

    Finally, make sure you consider backup systems, how the systems would be administered, etc. It's a big project, but manageable if your company is really interested.

    If you need some fodder for the fight to help convince management that this will save a LOT of money, check out this business case. You might also be interested in this deployment plan. Infrastructures.org also has a number of useful (must read) documents. Finally, you may want some help designing the architecture, and making sure you've found any issues. Find someone who has done this before (shameless plug: US Linux Networks) and have them at least work through some fo the major points to make sure you've got everything covered - the cost for a few days of requirements, architecture, and design may save you a lot of wasted effort.

  7. Not a big company but.... by pwagland · · Score: 3, Informative
    Hi there,

    OK, we are not a big company, so your "bigwigs" won't care too much for this story, but...

    We are using Samba and cups to provide all of our file/print services, and they are both authenticating back to LDAP. Here is best source that I have found so far for samba and LDAP integration. It works very nicely, and with Samba 2.2 you can even do automatic NT/2000 printer driver installation as well.

    For backup we use a Tivoli storage manager, which has native linux support, and so far has proved to be pretty reliable. We also run this thing in a very heterogenous environment (Linux, AIX, Solaris, NT and 2000!) with very few problems.

  8. And the business justification for replacing Net.. by sphealey · · Score: 3, Insightful
    And the business justification for replacing Netware is...? Particularly on the printing side, if the system is used by non-technical people? I have rarely seen a solid (read "cost justified") business case for replacing Netware in a large corporate environment. Usually it boils down to "we want to go Microsoft", and since that's not an issue for you, why are you doing this?

    sPh

  9. Cisco Linux Involvement by Halvard · · Score: 2, Informative

    Cisco in 1998 was managing 50 print servers and about 1600 printers world-wide. About 10,000 Unix and Windows clients.

    Linux Journal Article

  10. Should have some sort of a registry... by JMZero · · Score: 2

    This sort of "Let's have some Linux deployment stories" story comes up quite often (in fact, it gets sort of boring). Each time it gets some good answers, but I'm sure it would be nice for those looking for justification if they had all the business cases together... And sortable.

    People could say, "I've found hundreds of stories about companies our size. In fact, Joe Company down the road did it, and so did..."

    -

    --
    Let's not stir that bag of worms...
  11. Printing system by dago · · Score: 2, Interesting

    Cisco has internally devlopped their printing tools and can apply to other (large) entreprise systen.

    http://ceps.sourceforge.net/index.shtml

    and they work great under every OS ...

    --
    #include "coucou.h"
  12. Not a huge implementation, but mission-critical... by Bravo_Two_Zero · · Score: 2, Interesting

    We have Samba running on DGUX and HP-UX boxen for moving critical data, particularly stuff destined for our old ISAM database structure. We don't do a lot of fancy stuff (only basic user-authenticated shares), but we never have downtime issues.

    Not only that, but Samba runs flawlessly on the two machines that are absolutely critical to our enterprise. I'd never be able to do that with NT (apps on one, file services on the other if the apps are business-critical).

    And, speaking as a fairly senior NT guy, the biggest reason for the positive uptime the the underlying OS. As long as NT is tied so tightly tied to a display subsystem, uptime will suffer. That has improved in Win2k, but an enhancement of a "broken" philosophy isn't as good as a better philosophy.

    Ironically, we do use NT-based machines for general file services, though that is not considered business-critical at my company. However, we have it on our project list to move that (as well as domain control and WINS) to Samba/CIFS (CIFS is cool if you are an HP-UX shop since you can purchase commercial support from a company easily recognized by your executive-types).

    --


    Amateurs discuss tactics. Professionals discuss logistics.

  13. May not be applicable, but.... by Linux_ho · · Score: 2

    I work at a fairly large manufacturing company. We have 17 plants across the US and Canada, some of them over 200,000 square feet. A little over two years ago we needed a system to distribute print jobs from our corporate office to all of our plants. Our (fairly new) ERP system generates reports, pick sheets, order specifications, shipping labels, bar code labels, and so on, and it is CRITICAL that we have a reliable system to print these jobs at our plants. Product doesn't get shipped if there's a failure in this system.

    We have a 56K or 128K frame relay connection to each plant, and a Linux print server in each plant. At the time, CUPS was still brand-new, and plain lpr pretty much sucks, so we used LPRng. It's quite a bit more complex, but is rock-solid. Because the stability of Frame connections doesn't meet our uptime requirements, we had to come up with something to get the print jobs done if there was a failure. We generally have a failure or two per year per circuit that lasts longer than a couple minutes.

    We have an internal modem in each print server, plus one in a print server at the corporate office. The ERP system prints everything to our corporate LPRng server. That system pipes the print job into its UUCP spool. UUCP is configured to try the frame connection first, and then use the modems if that doesn't work. It has proven VERY reliable. It took a while to figure out how to set it all up, but it has been mostly an install-and-forget experience. I highly recommend LPRng for its stability and flexibility. You just can't set up a system with these reliability requirements on a Microsoft platform.

    --
    include $sig;
    1;
  14. Cisco by afidel · · Score: 2, Insightful

    Cisco's Enterprise Printing System (CEPS) runs off samba and lprng. The windows clients just enter \\servername, then double click on the printer they wish to set up. The samba server sends them the drivers appropriate for the model of the printer and the client's OS, and sets it's config to use the samba server as the print queue. We also have a web interface for stopping the queue, restarting it, checking the printers status etc.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  15. Skip SAMBA by Matts · · Score: 3, Informative

    This doesn't really answer your question, but...

    If you can, skip SAMBA. Instead use IPP in conjunction with CUPS. It's simply the easiest thing to use on the planet, and works perfectly with Windows2K, 98, ME and XP.

    I was astonished how easy it was to get this working, and you can even copy over the printer drivers onto the server (from the NT box) and have CUPS automatically deliver the printer driver down to the client when they request to "add" that printer.

    It's just the sweetest solution imaginable.

    --

    Matt. Want XML + Apache + Stylesheets? Get AxKit.