Slashdot Mirror
Samba 3 By Example
Samba 3 By Example begins on a very friendly note by explaining how to get the most out of it any what you'll need to complete the exercises in the rest of the book. The beginning also includes a Windows networking primer, complete with packet captures (using the popular tool 'ethereal') showing how network browsing really works, under the hood.
This book follows the evolution of a fictitious company, "Abmas", through an impossible growth from a 9-person office to a 2000-person network with multiple sites around the world. You assume the role of the IT guy: charged with growing the company's network infrastructure, planning for change and, above all, keeping the users happy.
Some of the major challenges tackled in this book are:
- Using Samba-3 as an NT-4 style PDC
- Using Samba-3 as an domain member server
- Using the various authentication backends as alternatives to the traditional 'smbpasswd' backend
- Using LDAP to implement a Samba-3 PDC with backup domain controllers
- Authentication using winbindd
- Migrating from NT-4 to Samba-3 for a PDC
- Using kerberos to integrate Samba-3 into a Microsoft Active Directory domain (as a domain member server)
I am extremely impressed by Terpstra's book. It addresses the complete spectrum of Samba deployments, from the 10-person office to the 2000-seat, multi-site enterprise while explaining not just what to do, but how to do it and, most importantly, why. The examples are practical and you can really imagine some poor sap^H^H^H^H^H^H^H^H unfortunate systems administrator finding him/herself in these very positions. This book says that these scenarios are hypothetical aggregations of real-world situations, but could swear I've worked for this company before.
One of the nicest things about this book is that each situation is followed by a Q&A section - almost like a textbook - that addresses both the important points of the exercise, as well as some of the trivial details that were left out for the sake of brevity. Don't be tempted to skip them thinking that it's just a rehash.
It's worth noting that this book is not a replacement for TOSHARG and defers to it for technical details in multiple cases. These two books should be sidearms for any IT administrator that has to deal with Windows clients on a daily basis.
I'm also very impressed with Terpstra's candor about Samba's features, weaknesses and road map. Nowhere in this book is Windows put down as inferior or is Samba touted as the "be-all, end-all" of Desktop and client management solutions. The relative flexibility of Active Directory and Samba is discussed only briefly and the choice to use Samba over Windows is ultimately left to the reader. Since you've gone to the trouble of purchasing this book, Terpstra assumes you've already made up your mind and require no further convincing.
Continuing to be mindful of office politics, Terpstra devotes a section in each chapter to the political implications of replacing Windows with an open source product, and an entire chapter to the issues inherent in bringing Samba into a traditionally Windows-based shop. Even though he refers to this chapter as a "shameless self-promotion of Samba-3", I found it to be an even-handed discussion of the issues you will most likely encounter from anti-Unix advocates and IT managers who have bought into the anti-Linux FUD. These are real issues that Systems Administrators need to know how to deal with effectively but too many of us simply dismiss because we feel they are uninformed.
In addition to examples of Samba configuration, examples are provided to integrate Samba with other useful servers such as the squid web proxy, OpenLDAP, bind and dhcpd. The configuration files for Samba as well as these additional pieces of software are also conveniently located on the included CD-ROM, along with Samba 3.0.2 packages for Red Hat Fedora Core 1 and SuSE Linux (Enterprise server 8 for x86 and s390 and SuSE Linux 9).
I think my biggest complaint with this book is that the "case study"-like format of this book tends to lump a large number of new features into a single example. This can make it hard to isolate the particular feature that you're interested in.
For instance, the example that illustrates automatic printer driver downloads to Windows clients is lumped into a chapter that is primarily concerned with using LDAP to implement a BDC. Automatic driver installation is a great feature that many sites far too small to consider implementing LDAP would likely be interested in.
In all, though, I'm extremely pleased with Samba 3 by Example - perhaps even more than TOSHARG. In it, you'll find plenty of tips, working examples and honest admissions of bugs (and their workarounds) that will keep you from losing your sanity. You could almost call this book a 300 page Samba and Windows networking consultant with over 8 years of experience. Terpstra has been incredibly kind to the Samba community by imparting so much wisdom to us all in this book.
Josh Malone has been a FreeBSD and Windows system administrator for three and a half years working in development shops and hosting companies, and currently works as a Linux engineer for an embedded systems company. You can purchase Samba 3 By Example from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page
Cool, I've always wanted to learn how to samba.
True story.
Samba is probably one of the largest driving forces enabling people to migrate away from windows servers. It's a cornerstone of lots of offices that I have visited.
MP3 Search Engine
So does Samba-3 support the "trade secret" PAC information that Microsoft inserted into their Kerberos tickets (to great consternation of the Kerberos community)?
It's a free, robust, easy to admin file server and DC with impeccable reliability.
KARMA TAG! You're it.
after my first experience with samba (opposed to windows 2k server) i was highly enthousiastic but being one of the lesser linux geeks around i had some difficulty setting it up.
overall my impression is that in total i suppose you would need less time to set up and maintain a nice samba server than a w2k server, even if it is your first time installing linux.
with the help of this book it will become even simpler....
yay.
Show a man some news, distract him for an hour. Show a man some mod points, distract him for the rest of his life.
"and I've been struggling to keep up with the cryptic voodoo that is Windows networking"
It isn't like Samba is any less voodoo-ishly cryptic, you know.
What is better about Samba then Windows Networking?
It is just a matter of preference.
I, for one, prefer to do Latin dance before Windows newtorking. But some like to do it after.
From what I recall, the file sharing benchmarks have proven to be faster, and best of all, no license fees for Windows Server. Also, the server itself will be immune to Windows viruses.
Samba is a really useful product.
FACT 1. Windows is the better desktop.
FACT 2. Linux is the better server.
Samba makes the two work together.
I'll have to read it sometime- I could really use samba.
/b
|f(x)dx = F(b) - F(a)
bookpool.com
Obviously teaching things by example is not new, but far too many computer books on too many subjects (especially programming) don't use enough examples to illustrate their points. Some just use poor examples.
Samba is one of those setups where the total amount of functionality is far more than many users need, so a collection of well-designed examples will greatly speed one's implementation (and reduce common security problems). Fortunately the default config file has improved in Samba to the point where it's not too difficult to setup basic printer/filesystem sharing.
These "cookbook" style books obviously can't replace a reference, but they often are more useful as a starting point. I've spent over five years on unix systems now, but I still groan at the lack of examples in the man pages of more obscure command line software. Google often comes through, provided I can think of a good phrase that describes what I'm trying to do ("search and replace with perl command line" - perl -pi -e 's/searchterm/replaceterm/g' [filenames], btw).
"The universe seems neither benign nor hostile, merely indifferent." --Carl Sagan
Not quite grammatical comment (in smb.cnf) lead to quite a good joke.
This is great. I just started migrating from windowsXP to Fedora Core 1 and have been trying to setup a Samba server for a week. I'm using the O'Reilly manual, but there are significant gaps in the setup descriptions. I remember thinking "I wish there was a case by case explanation of setups for this damn program" Well, I guess I'll be buying this today!
Samba 3 is used by Panther (OSX3) since the beginning.
Trolling using another account since 2005.
I have limited Samba experience, but have found that my 5-box home network became much more stable after allowing Samba to become a browse master. We had occasional issues with printers dropping offline, files copyable one direction but not another, odd hangs where the only solution was a power-off reset, bringing boxes up in sequence.
Once I installed Samba on my main OpenBSD server, things quieted down. Took a few weeks before I realized: no Windows "hiccups" had happened! It's stayed that way for months now. I may have gotten the same effect by setting up a Windows PDC, but I don't have a "dedicated" box new enough to be useful for that. At this point, even if I don't need the shares, I'll leave it running just to stabilize the wife's WinME box!
Anyone know when this will be released in PDF? I've thought about buying it blind, but not only would I really like to work with it a bit first, the places I typically shop from lists it as out of stock to boot (and has for some time. Not a big seller? I dunno).
(PS. Links to places which list the book as stocked will be totally unhelpful since you have no idea of where in the world I am or what currency/countries I prefer to deal with)
I have found Samba very workable and not too hard to set up. At first I only thought of Samba as a hack to interoperate with Windows and assumed NFS was better. But over a few years I've had a number of troubles with NFS, from timeouts to UID translation to large file support (on Linux - I'm sure NFS is better on Solaris!) Finally I realized that Samba is not just a scab, it works fine and is easy to set up. Now I use it even to network Linux boxes. Sure Samba's guts might be messy but it doesn't seem to hurt anything.
FACT 3. OS X is the best desktop
FACT 4. Linux is for hippies
FACT 5. SCO pwns Linux
FACT 7. This post will be modded as a troll
True story.
This book is currently available through The Register's bookshop with 30% off to UK readers.
I've got a fever and the only prescription is more COBOL.
I have been studying dance for a few years now, and I have never heard of newtorking. Is is a ballroom style?
...went back to 2.2.8a because for some reason it wasn't handling symbolic links properly. The drive containing the network share was running out of space, so I set up additional space on another drive and made a symlink to the location (yes, I used all lowercase letters in the symlink). Trying to access the directory with the 3.0.2a server resulted in a "Not a directory" error. It works properly in 2.2.8a, though.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
The cryptic voodoo I struggle to keep up with is Samba and Linux itself. Setting up networking, even advanced domain stuff, in Windows is very easy in comparison. Hence books like this one.
I don't mean to troll, but one of Linux's biggest problems from a usability point of view is that there is no central place where configuration information is stored (aka the "hated" registry in Windows). It's supposed to end up in
I think we would all be better off if the Linux community would work on fixing usability problems and making Linux more unified instead of continually adding new features. And if that sounds like many criticisms of Microsoft you've heard, then so be it.
"Do what you wish in your madness, but first let me down off this horse. I wish to see no eyes!"
"windows networking" is what you do when, after dancing, you get together with some important people by the window side, in order to impress them with your professional capabilities.
I never thought I'd see relative flexibility and Active Directory used in the same sentence.
FACT 6. PROFIT???
I am definitely going to pick up a copy of Samba 3 by Example.
Does anyone know where I can get a copy of the TOSHARG that was mentioned as the technical resource?
Computers are useless. They can only give answers. --Pablo Picasso
Just wondering... if you have a all Linux office does anyone choose Samba over NFS?
http://www.oreilly.com/catalog/samba2/book/toc.htm l
I've been struggling to get my samba PDC (and by extension every windows box on my network) and linux to authenticate against a single source, an LDAP server.
Of course, this means learning not only what LDAP is , but how to configure and test it, etc.. OpenLDAP wasnt the toughest nut to crack, but it's configuration files are out there in wackyland. This is as far as I've gotten.
Then getting samba and other services to auth against it. Of course, to use pam_ldap.so I need to have linux boxes that use PAM, and getting that running on my mutant once-slackware-but-now-fubar installs is no easy task..
Anyways, to say the documentation on such things is sparse would be an understatement. What's to be found is completely obtuse and hard to follow.
It would seem that this book would help. And if this were work-related I could get it and write off the expense. But this is just hobbyist messing-around stuff, and by this time next week I'll be messing with something different.
I just dont have the funds to spend 200 bucks on literature for my time-wasting project du jour. Google's alright most of the time, but often I just see 9 billion users group postings of the same error I'm getting (with no replies containing solutions).
I don't need no instructions to know how to rock!!!!
"I just completed a three day training course based on this book. Every example just worked fine. The explanations are great but you do need the "Samba-3 Howto and Reference Guide" for detailed background information...."
That's funny, i just completed a google search for your "comment" here and gues what i found?
VERBATIM COPY
Interesting.
Well, it does until you start using a lot of Excel spreadsheets which link to other spreadsheets on a Samba share at least. Then you start to see serious locking problems.
;-(
Believe me, I've been banging my head against this for a couple of weeks now (I can't reproduce the problem, but other people on the network can and do, daily). Everyone seems to have their own idea about the correct combination of oplocks, level 2 oplocks, veto oplocks, deadtime etc to use; but nothing seems 100% foolproof. This is the reason we're probably going to be switching away from Samba to Win2k3. I don't want this, but as the only Linux guy, it's hard to fight the tide when you're having to clear down the locks and force people to close and re-open files almost daily as they're lock out of their own files...
Code, Hardware, stuff like that.
This comment by you ALSO is on Amazon.com HERE....under another name.
You are a liar, congrats. Get lost, son.
i'm not sure of your exact problems, but the same thing happens in the win2k environment. sometimes, the application will give the error that the file is open already, buy the user that is trying to open it. The application does not even try to open it read-only. I've had to log into the file server and boot the open file. In that case, the program was MS Excel from office 2k. At least with a linux file server, you should be able to open the file read only. Most of the time, the application can just open it with no locking.
Why read the article when I can just make up a snap judgement?
I couldn't agree more!
We just turned oplocks off on windows or samba. We take a preformance hit but the crappy 3rd party program we use won't work with oplocks on.
I see a link in the story for the "Official HOWTO", and click it, expecting an index for the HOWTO. Instead, I see the 3 meg download whiz by before I realize what's going on (I'm on a pretty fat pipe). I'm sure that the samba folks greatly appreciate the submitter dropping that in there.
Of course you'll want to RTFM on those commands first so you know what you're letting yourself in for.
fake oplocks = yes
Erm, isn't that a completely insane thing to do (unless you're sharing a CD over Samba)?!!! The Windows clients will assume they have a lock on a file, and blindly write to it, even though other clients will assume the same! If you really are using this on a writable share and haven't clobbered a whole load of files, then you've been damned lucky!
Code, Hardware, stuff like that.
Read the post by hot_Karls_bad_cavern above for the proof. Just got to alert the mods, before this asshole gets any more karma.
Joke Score: -1 Ouch
Ok. This is starting to become a pet peeve of mine... when you put a link into a Slashdot comment post, can you take the time to make it clickable?
How do I do that you ask? Like this:o c.html>Samba Online</a>
<a href=http://www.oreilly.com/catalog/samba2/book/t
Which winds up as this:
Samba Online
Note that Slashdot will automatically add the [oreilly.com] (So that you can't fool people into looking at that goatse guy for the millionth time).
Sure it's a little extra typing but think how much time you'll be saving others. Also it's more likely to get you that (+1)Informative.
And yes, I'm sure that if I used a REAL browser it would automatically convert it... no need to berate me (on that point at least).
Is Samba maintained to close Windows vulnerabilities that might affect it, soon after they are found? To sell switching, I need to be able to say to my boss, that the flaw that Microsoft just patched, doesn't affect the Samba server, or it can be patched there too.
Amen buddy! If I only had mod points...
PERL:
All of the power of Voodoo with most of the understandibility!
Markov chains again?
Flaime ?? I just asked a question ! I just don't know what samba is ...
I don't know the specifics of your situation, so this very well may be an extremely bad idea for you, hence the "RTFM" comment.
The system these configuration entries came from is a server that hosts numerous files which many people read, but only one or two people need to write to (and only one of those on a regular basis).
The problem being that the annoying win32 program being used refuses to function unless it believes it has exclusive read and write access to the files, even though it never actually writes to the files (in most cases).
It¦s not an elegant solution, but it solved the problem here with no ill effects since it was installed over a year ago, but yes, it has huge potential to cause file corruption on a system where the same files are concurrently modified by multiple users.
From what I recall, the file sharing benchmarks have proven to be faster
Oddly enough, I just benchmarked that yesterday for my Samba implementation project. For the test, I used a 100MB or so directory, composed of a mix of large and small files, which also happened to be part of my home directory. Compared to NFS Maestro on the clients, mounting a shared directory from a Solaris box, Samba3 measured 78 percent faster writing to the server, and 73 percent faster reading from the server.
Hard to argue against a tool that's not only free, but is also substantially faster.
The corollary to this is that something is always broken. Such as: Intermittent problems with two of the most common network adapter chips.
Show this to your Win friends. Win2K3 is a mess. Since our NT PDC & Members our transfer rates have dropped, all sorts of bad lock situations with single file Excel docs (Office 97). - this comming from an NT guy.
A better way to do it would be to only veto oplocks on certain types of files with the veto oplock files option.
/*.DBF/*.dbf/*.CDX/*.cdx/*.IDX/*.idx/*.fxp/*.FXP/* .prg/*.PRG/*.mmo/*.MMO/
We had problems with dbase file locking until we vetoed oplocks on those files.
To do it, it looks like this:
veto oplock files =
This way, you're not using oplocks on only the types of files that are giving you hell, while getting the best performance possible from all other file types.
No, that's not how they work. Being compatible with the protocol doesn't mean you have to implement the handling code in exactly the same way. Besides which, the code injected via the vulnerability would only work on a Windows system as it would use Windows API calls.
On the other hand, a multi-platform worm that is specifically designed to target Samba and Windows networking vulnerabilities is quite possible.
My boss brought back a copy of S3bE from Real World Linux Expo in Toronto (with a dedicace to my name ... w00t!), and I must say I agree with reviewer. So far, I have only read chapters 10 and 11 (but thumbed through the rest), and they alone are worth the price of the book.
:wq
This is nothing new
For more information see: InformIT or Amazon.Com. The PDF and HTML versions of Samba-3 by Example (The Samba Guide) will appear on the Samba web site by April 14th under the documentation page. Really? How come I don't see it? Someone has a problem with deadlines...
Which is pretty useless, if you're trying to impliment Samba 3 features. I think that was the whole point - Samba 3 vs. Samba 2.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Of course your solution is best, but here is a tip that works for at least the Firefox/Linux combo if the url is right:
1. Copy the url to the clipboard by double-clicking it.
2. Past the url into the browser by clicking the middle button.
Anyone who generalizes about slashdotters is a typical slashdotter.
We have server 2003 and experience locking problems. Especially with excel. It happens with certain other older apps and also happened on 2000 also. So dont think it will be magically resolved by going to 2003.
We had a big expansion and were making samba servers out of old desktops to tide us over until we got a san. We then transfered the data over to the new san. Now some users complain that the $50000 san fronted by new ibm servers with win2k3 basketcase is slower than a crap old desktop with ide drives running freebsd and samba.
We also have the ever-popular 530pm everone logged out logie.
On 9 Apr the samba.org promised that "The PDF and HTML versions of Samba-3 by Example (The Samba Guide) will appear on the Samba web site by April 14th under the documentation page." As of my writing this it is 21 Apr (PST), a week later than promised, and it still isn't available. It would be nice if they would update their web site with a new date....
On the Samba website they mention:
The PDF and HTML versions Samba-3 by Example (The Samba Guide) will appear on the Samba web site by April 14th under the documenation page.
As far as I can tell this hasn't happened. Am I missing something or have they not posted it yet?
"And then I visited Wikipedia
There are a few really cool things with Samba 3. I had to configure it for clearcase. We needed to authenticate a user against a Windows 2003 domain. As a side effect (after a small tweak) I was able to authenticate my unix users against ADS domain. The problem i have been trying to find a solution for over the last couple of years is solved. Granted I would rather have Windows authenticate against openldap or iPlanet Ldap, but this is also way cool.
even though it never actually writes to the files (in most cases).
;)
Doesn't sound like you are too sure on whether it writes to the file or not
I have no mod points, therefore I am not a mod.
Unless I'm mistaken BIND puts stuff there. But then again I guess you could say zone files are data rather than configuration files.
I'm sorry if I haven't offended anyone
Actually Samba works great on FreeBSD as well. Not to mention the new UFS2 features in FreeBSD 5.x like access lists which enable you to set permissions on a Samba share just like you do to an NT share. Of course, most filesystems in Linux 2.6 have posix ACLs as well but I haven't tested such a setup yet.
It is not as much the location that is important, but the ease of access to these settings. Having an easy to use tool to easily perform simple tasks (like windows often has) is nice. Having the possibility to easily use and/or make a large range of tools is much better.
That is what I like about most unix-like config files. I can use simple tools like grep, wc diff etc for simple stuff. I can use advanced setups using CVS, rsync, preprocessors etc for advanced tasks.
How many of the easy-to-use windows system administration have the possibility for:
I grant that tools like samba or apache might benefit from easy to use GUI's for simple tasks (I dont use webmin, swat very well, so they might be adequate, but I have the impression that they might be more difficult to find for starting users).
But the main point is that easy access to the configuration data is prime. By easy access I mean many things:
- logical location
- easy to use format (text format)
- good documentation
- etc.
The examples in the book are clear and interesting, and almost make me want to set up a test network to try each one out. Next I'm going to need an LDAP cookbook, hmm, better search for it.
Oh, I see that there is:
- IBM pdf of LDAP implimentation cookbook
2 45110.pdf
Ah well, more to read.http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg
-- Mein Systemadminstrator hat einen großen schwarzen Moustache.