Slashdot Mirror
Samba 3 By Example
Samba 3 By Example begins on a very friendly note by explaining how to get the most out of it any what you'll need to complete the exercises in the rest of the book. The beginning also includes a Windows networking primer, complete with packet captures (using the popular tool 'ethereal') showing how network browsing really works, under the hood.
This book follows the evolution of a fictitious company, "Abmas", through an impossible growth from a 9-person office to a 2000-person network with multiple sites around the world. You assume the role of the IT guy: charged with growing the company's network infrastructure, planning for change and, above all, keeping the users happy.
Some of the major challenges tackled in this book are:
- Using Samba-3 as an NT-4 style PDC
- Using Samba-3 as an domain member server
- Using the various authentication backends as alternatives to the traditional 'smbpasswd' backend
- Using LDAP to implement a Samba-3 PDC with backup domain controllers
- Authentication using winbindd
- Migrating from NT-4 to Samba-3 for a PDC
- Using kerberos to integrate Samba-3 into a Microsoft Active Directory domain (as a domain member server)
I am extremely impressed by Terpstra's book. It addresses the complete spectrum of Samba deployments, from the 10-person office to the 2000-seat, multi-site enterprise while explaining not just what to do, but how to do it and, most importantly, why. The examples are practical and you can really imagine some poor sap^H^H^H^H^H^H^H^H unfortunate systems administrator finding him/herself in these very positions. This book says that these scenarios are hypothetical aggregations of real-world situations, but could swear I've worked for this company before.
One of the nicest things about this book is that each situation is followed by a Q&A section - almost like a textbook - that addresses both the important points of the exercise, as well as some of the trivial details that were left out for the sake of brevity. Don't be tempted to skip them thinking that it's just a rehash.
It's worth noting that this book is not a replacement for TOSHARG and defers to it for technical details in multiple cases. These two books should be sidearms for any IT administrator that has to deal with Windows clients on a daily basis.
I'm also very impressed with Terpstra's candor about Samba's features, weaknesses and road map. Nowhere in this book is Windows put down as inferior or is Samba touted as the "be-all, end-all" of Desktop and client management solutions. The relative flexibility of Active Directory and Samba is discussed only briefly and the choice to use Samba over Windows is ultimately left to the reader. Since you've gone to the trouble of purchasing this book, Terpstra assumes you've already made up your mind and require no further convincing.
Continuing to be mindful of office politics, Terpstra devotes a section in each chapter to the political implications of replacing Windows with an open source product, and an entire chapter to the issues inherent in bringing Samba into a traditionally Windows-based shop. Even though he refers to this chapter as a "shameless self-promotion of Samba-3", I found it to be an even-handed discussion of the issues you will most likely encounter from anti-Unix advocates and IT managers who have bought into the anti-Linux FUD. These are real issues that Systems Administrators need to know how to deal with effectively but too many of us simply dismiss because we feel they are uninformed.
In addition to examples of Samba configuration, examples are provided to integrate Samba with other useful servers such as the squid web proxy, OpenLDAP, bind and dhcpd. The configuration files for Samba as well as these additional pieces of software are also conveniently located on the included CD-ROM, along with Samba 3.0.2 packages for Red Hat Fedora Core 1 and SuSE Linux (Enterprise server 8 for x86 and s390 and SuSE Linux 9).
I think my biggest complaint with this book is that the "case study"-like format of this book tends to lump a large number of new features into a single example. This can make it hard to isolate the particular feature that you're interested in.
For instance, the example that illustrates automatic printer driver downloads to Windows clients is lumped into a chapter that is primarily concerned with using LDAP to implement a BDC. Automatic driver installation is a great feature that many sites far too small to consider implementing LDAP would likely be interested in.
In all, though, I'm extremely pleased with Samba 3 by Example - perhaps even more than TOSHARG. In it, you'll find plenty of tips, working examples and honest admissions of bugs (and their workarounds) that will keep you from losing your sanity. You could almost call this book a 300 page Samba and Windows networking consultant with over 8 years of experience. Terpstra has been incredibly kind to the Samba community by imparting so much wisdom to us all in this book.
Josh Malone has been a FreeBSD and Windows system administrator for three and a half years working in development shops and hosting companies, and currently works as a Linux engineer for an embedded systems company. You can purchase Samba 3 By Example from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page
It's a free, robust, easy to admin file server and DC with impeccable reliability.
KARMA TAG! You're it.
bookpool.com
The most recent Samba-3 code now supports 'schannel' and "digital sign'n'seal" for joining an active directory domain. It cannot act as an ADS domain controller - only a member server
I should also clarify that samba-3 can join as a Win2K member server and not just a legacy NT-4 server. The difference is in how you join the samba server to the domain.
Use 'net ads join' to join as a Win2K member. If you use the older 'net rpc join' command, you're just doing NT-4 domain membership. Chapter 9 in the book covers Active Directory interoperation. The interoperability code is in Samba, not Kerberos.
Yes, and at the recent FOSE expo in DC the Apple guy that was standing under the sign in the Apple booth that said "LDAP and Kerberos" showed me how easy it was to use.
It uses all the normal Apple GUI type controls which basically take care of all of the configuration changes to smb.conf and krb5.conf. Basically a slick "apple looking" configuration file editor. I thought SWAT made samba configuration pretty easy, but this Apple stuff is great. Really cool stuff.
This book is currently available through The Register's bookshop with 30% off to UK readers.
I've got a fever and the only prescription is more COBOL.
I have been trying for MONTHS (on and off) to get SAMBA 3 working with LDAP. I got 2.2 working OK, so I'm not a complete idot. Still this book may be a good investment. For those who are interested the University of Navarra has a 3.0 HOWto and there is a 2.2 Howto (that I used sucessfully) at homex.subnet.at/~max/ldap.
http://www.oreilly.com/catalog/samba2/book/toc.htm l
"I just completed a three day training course based on this book. Every example just worked fine. The explanations are great but you do need the "Samba-3 Howto and Reference Guide" for detailed background information...."
That's funny, i just completed a google search for your "comment" here and gues what i found?
VERBATIM COPY
Interesting.
WinME can authenticate against a domain, just as every (networkable) version of windows is able to. That login is then used when connecting to any network shares. Anyway, when the poster said "Domain Master" he probably meant "Browse Master", since what was the problems being caused were probably a result of browser elections, etc, and not domain logon issues.
/etc files to LDAP. Or check out my howto, which is generally near the top of a google search for "linux ldap authentication" or similar. Samba-to-LDAP is also easy, if you follow the step-by-step readme's that are all over the place (including examples/LDAP/ in the samba source distro).
;)
Every version of windows after Win 95 SP1 uses encrypted passwords by default. That includes WinME. You have to apply a registry change (documented in the docs/Registry/ directory of your samba source distro) to make them use clear text passwords.
Linux authenticating against LDAP isn't very hard - most of the newer distros just require a couple button presses to set that up, and you should check out PADL's site (padl.com, IIRC) for scripts to migrate your
That 485 page PDF document bundled with the current Samba distro is really a useful read.
BTW, calling people stupid doesn't help much, esp when you're wrong.
Of course you'll want to RTFM on those commands first so you know what you're letting yourself in for.
However, that's going to change. There is already support for RPC security when using NFSv4 in Linux 2.6. That way, you can use Kerberos authentication and encryption for your NFS exports, and all is well. It's still marked as experimental, but I suspect it to be mature before long.
All that already works on Solaris, of course.
A better way to do it would be to only veto oplocks on certain types of files with the veto oplock files option.
/*.DBF/*.dbf/*.CDX/*.cdx/*.IDX/*.idx/*.fxp/*.FXP/* .prg/*.PRG/*.mmo/*.MMO/
We had problems with dbase file locking until we vetoed oplocks on those files.
To do it, it looks like this:
veto oplock files =
This way, you're not using oplocks on only the types of files that are giving you hell, while getting the best performance possible from all other file types.
Guys,
I committed the entire text of the book to the public samba-docs code tree on April 5th. We are having some difficulty in building the PDF file on the Samba build system. This will be resolved as soon as possible.
We are committed to open information about open source software. Please be a little patient with us, you will get your candy soon.
Cheers,
John T.