Slashdot Mirror
Samba Success in the Enterprise?
gunnk asks: "We've deployed a Samba server here to replace some aging Novell Netware boxes. It works great: fast, secure, stable. However, we have one VIP that feels that Samba is 'amateur' software and that we should be buying Windows servers. I've been searching with little success for large Samba deployments in Enterprise environments. Anyone out there care to share stories of places that are happily running large Samba installations for their file servers? Or not so happy, for that matter — better to be informed!"
called Google?
Probably not.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
I work in a Fortune 500 Media company, and with our mixed environment -- Sun, Linux, Windows, Mac -- we use Samba quite extensively for workflow. It works great, it's stable, and it makes our lives so much easier when we have to mass migrate files between the different platforms.
I've been using samba for the last 12 years in various guises, if there ever was a problem then
it usually was that I did not upgrade the software often enough because *it just works*.
That in my eyes is the best feature any software package can have, that it is so reliable
you forget you have it.
As for it being 'amateur' software, amateur to me spells motivation and the quality level
of the samba software reflects that dedication quite well.
Better than the 9-5 code monkeys products by a long shot most of the time.
OSS is the future, better believe it.
MP3 Search Engine
In our corporate environment we use Samba to share resources that reside in our AIX environment. It has been in use for 4+ years and 500+ developers that are baning away at it all day long. We have not had a single issue with the software. And to boot it is supported by IBM from both a hardware and software support perspective. Your VIP is simply wrong or misinformed.
Q: I am short, useless and provide no value. What am I? A: a sig
We use it on my site. In fact we have about 2000+ users who use it every day.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
AOL/Time-Warner enormously relies on linux and Samba all over the place. This may or may not help your case depending on what your boss thinks of AOL as a company...
Ross
I can imagine samba making the workplace feel a little more-upbeat, what with the 1..a-2..3..a-4 rhythm that makes you want to shake that booty. It can definitely keep folks awake at their workstations, which would boost productivity. Plus it would give everything a more Brazilian feel, which will help people forget that in fact outside it's all icy and cold. So, yes, I could definitely see samba being successful in enterprise.
Paso Doble not so much. Spanish Gypsy can get quite annoying after a while.
I like basketball!!1!
Department of health and human services (office of families) uses it to serve all of the files to their webservers.
Technically yes, as Samba is based on SMB it is amateur. You should be looking towards something more like NFS or other tried and true Unix solutions. :)
Our network guys used a Samba machine for at least one file share server that I knew of at HQMC. That was a number of years ago now. I know my college (a MS certified partner) used it and it was used heavily in a number of our networking and security classes.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
sounds like your vp is an amateur and should be replaced with 'anyone' else!
However, we have one VIP that feels that Samba is 'amateur' software and that we should be buying Windows servers.
Someone needs to tell your VIP to STFU and let the IT people do their jobs without him sticking his nose in. He's probably pushing it just so he can try to get some kickbacks from his friend Bob, who happens to be an MS sales rep.
I have several samba servers that serve 3000 users and almost 1000 computers, from Windows 98 to XP. It works well and only ever gives us problems when LDAP (OpenLDAP is tempermental) has a problem. We've used Samba since the 2.2 days in production. We're looking forward to Samba 4 to get ActiveDirectory-style domains. NT domains work fine, but are clunky. Only our lab machines are on a domain. The rest of the machines either just have local accounts with network drives mapped, or have pGina logins that map the drives for the user.
For many enterprises, Samba isn't enough. They require the management aspects of ActiveDirectory. Fortunately Samba 4 will do all that. Plus I have yet to integrate Vista into our system. Promises to be a nightmare I think.
This stigma your VP has is quite common, and no amount of evidence or arguing will change his mind, likely. Stubborn ignorance. The world is slowly changing, but I think it's as the truly ignorant people die off.
Ever since it started to talk to Active Directory domain servers, it was perfect for the office. Before that it was great, but lacked the key feature to allow it to get accepted properly.
My infrastructure is responsible for transactions totaling over 18 billion USD a day, and we use Samba.
/my identity withheld to protect...well, me
We've deployed a Samba server here to replace some aging Novell Netware boxes
So at some point, this VIP probably trusted Novell. Since Novell is putting all it's effort into OES linux (which ships with Samba, not to mention employed Jeremy Allison for awhile), I bet they'd have an opinion on the subject.
There is no reasonable defense against an idiot with an agenda
:wq
Samba is every bit as good as anything else for running a file server, and if you're setting your file servers up correctly, nobody will know or care what they're running. They either work or they don't.
I would still recommend that you use Windows, because I'm at Microsoft. We like people to use Windows. You should use Windows more often. You should install it on everything. I'd be happy to explain how you could do the same things you already do with more Windows licenses. But it's sort of your job to think about what's best for your company, not ours.
Microsoft cheerleader, blue flag waving, you got a problem with that?
I hear they use it on the Excelsior as well. It's a great little secret weapon, let's hope the Klingons don't get it.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
On my network, SAMBA is doing a better job as a server than what I've managed using Microsoft products as a server. I'd hate to cling to something or avoid something just because of a prejudiced notion. Apparently, you're already using it successfully. I suppose the only way to argue with good results is to make emotion-based nitpicks on the methodology.
It's the protocol, and he's darn right, you should be migrating away from it to a more open protocol like NFS or (S)FTP.
But putting it on Microsoft servers isn't a good answer either, Unix boxes have done it for years and are still good at it. If he's looking for simple and cheap, he shouldn't be looking at Microsoft, but at Apple. They have both software and hardware for cheap and large deployments and has seamless support for more than 5 protocols at the same time, with the same credentials.
And by the way, he's a VIP? Shouldn't that be a VP, they usually have no other information than what some marketing drone tells him. And I think he has some good intentions for his own wallet if he has been 'convinced' by Microsoft.
Custom electronics and digital signage for your business: www.evcircuits.com
I'm servicing 3 computer labs consisting of roughly 100 workstations here, all with a Samba/Linux backend. I have nothing but praise for Samba and would highly recommend it to anyone. I have some native clients and some that are housed in a vmware image. I have cross platform printing, cross platform credentials (thanks to password sync) and cross platform ~/. What's not to like?
The only downside is that until v4 hits the streets, we can't do full AD. We could of course get around this by dropping in a single 2k3 box to be the DC, but we'd like to avoid that if possible. I'm really looking forward to v4, as AD is one of the good things MS has done, imo (standards adherence aside)!
-Ben
Samba also ships with OS X!
We have a project inside IBM called the Global Storage Architecture that provides enterprise file system service. There are currently over 95K users on GSA with over 143TB of used space, spread across 39 installations on 5 continents.
7 .html
There are several different ways to connect to GSA File depending on the platform and application, but Samba is used for connecting the Windows clients, of which there are tens of thousands. In addition to general office productivity, many of these clients are doing hardware design and software development.
You can read an account of GSA File in appendix B of the Implementing NFSv4 in the Enterprise: Planning and Migration Strategies Redbook. The appendix is oriented toward the NFS aspects of the service, but you can still get a good idea of what is going on.
http://publib-b.boulder.ibm.com/abstracts/sg24665
Roll out Windows and make damned sure his name is attached to the project. Call it the "$VIPNAME project". Make sure you replace all of the Samba boxes in your enterprise. By the end of the projected he'll be well and truly fucked over. It'll be a salutary lesson to VP's the world over.
Samba is used all over the place. All the FTSE 100's I've been at have used it.
Deleted
I suggest telling the intern doing this. He was already going to be fired as soon as it was found out he's porking the VIP's daughter.
If a nation expects to be ignorant and free, in a state of civilization, it expects what never was and never will be.-TJ
And there is a host of companies out there getting paid to do Samba support:
http://us1.samba.org/samba/support/us.html
... calling your colleague an amateur.
-- Cheers!
I've used Samba at home for about eight years with a Linux file / print server. The server uses RAID1. The only time it's been down is:
1) Changing hardware (including replacing drives with bigger drives).
2) Changing entire server (replacing with faster box and previous drives).
3) Power failure & UPS battery had died.
Right now it's serving files to four Windows boxes including storing video for a PVR.
Not that a home installation will mean anything to your VP.
[Insert pithy quote here]
That wouldn't happen to be the same Bob from those Enzyte commercials would it?
The Linksys consumer-level network storage controller, NSLU2, is embedded linux + samba. This box looks like a Windows shared drive and has to interoperate with different flavors of windows without configuration. (The web interface just allows you to create and name volumes, add users, etc.)
It's weird to compare a $100 box with enterprise-scale problems, but embedded software has to be 100% reliable since you can't issue patches or administer the box later if there's a problem.
(BTW the box is also linux friendly, both flashed applications and booting to a HD-based Debian system. I have one at home.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Novell will sell you "professional" Samba servers to replace your aging servers.
I work for a small/medium size business with around 167 employees. We have locations in Plainville KS, Hays KS, Chicago IL, Pasadena CA, and New York City NY. We use Samba for network file shares in all these locations. It works great in a mixed Linux, WinXP, Mac OS X environment. We haven't ever had any issues with it what so ever.
Unstable Apps: Our Android Apps Don't Suck
We support about 6500 engineers here at the rocket ranch. Back at the turn of the century, we wanted to migrate everybody from expensive-to-maintain *nix workstations to vastly cheaper Windows PCs, but we had a problem: all our data was on several dozen HP N-class data servers. We do serious 3D CAD and FEA, with engineering data sets measured in dozens of terabytes. We wanted to leverage the performance and economy of fast, cheap X86 boxen while not losing our investment in our storage management infrastructure. My IT masters had never heard of samba, and were amazed when I demonstrated how easy it was to serve out a Pro/E drawing to an engineer working at one of our brand new 1 GHz NT4 PCs (I told you it was at the turn of the century.) We deployed it sitewide in 2000, and even now, seven years later, my users still thank me for making it possible for them to use fast PCs to access their Unix-based data sets. We ran samba on SunOS boxes, because we never could get it to play nice with HPUX. Samba is ridiculously easy to install, manage, and maintain, especially with one of the GUI frontends that are readily available. We used SWAT, and it rocked. Samba was a great intermediate enabler, allowing us to continue to use our N class servers while we were moving our user base to PCs.
In 2003, however, we acquired a bunch of Network Appliance servers, and migrated off our HPUX and Sun data servers. NetApp filers are platform agnostic; if the client is a *nix box, the filer presents the data as an NFS mount. If the client is Windows, it looks like NTFS. NetApps aren't cheap, but they were worth the major investment. If your company doesn't want to shell out for a filer, then samba is very viable and I recommend it highly.
Samba may have been met with trepidation like 8 years ago. The rest of the world has gotten with the program. It works. It works well. It works extremely well.
I've implemented it at a number of Fortune 100 companies. I cannot name names due to NDA but you would recognize the names. I am contracting at one of them right now.
For enterprise scale use, I would even contend that Samba makes a better file server to large numbers of Windows clients than running Windows on the server. Can you run Windows on an IBM pSeries 570 (16 POWER5+ processors, 128GB RAM) to serve files to ~20,000 users? I can tell you that RHEL 4 does that just fine.
While we aren't a huge environment (50 - 75 PCs), Samba is working great for us. Running Samba 3.0.22 on Ubuntu. I've integrated authentication into our Active Directory environment (native 2003) complete with ACLs. Although it is worth pointing out that there is a very distinct difference in ACLs on Samba (POSIX ACLs) vs Windows ACLs if you are used to Windows 2000 and beyond permissions. I won't tell the whole story here, but make sure to read Samba documentation on the subject if you don't already know. The short short version is that POSIX ACLs offer a much simpler set of permissions of rwx where Windows breaks out several others. This usually isn't a big deal.
Configuring all of the proper settings on shares can be cumbersome if you have quite a few. If you require some quick and easy GUI to do everything, Swat is a favorite. Centeris also makes a product that looks promising.
Keep your eye on Samba 4. It will allow you to replace your Windows Active Directory servers. All in all, I'd have to say your VIP calling Samba amateur software shows either ignorance of reality or negative bias towards Samba.
Show him the cost of setting up a Samba server on a commodity hardware (or for that matter, existing surplus hardware that still works) versus the cost of hardware, licensing, maintenance and installation of Windows Server 2003 to do the same job. Especially after you add in the licensing. That will shut him up.
Joe Dougherty, Florida, USA
The words I thought I brought, I left behind. So, never mind.
How about at a large global company? Is that good enough?
My group in particular uses it to share files to Windows XP, 2000, 2003. The same server (Linux based) is also used for NFS for the other OSes we have. The file share is visible company-wide, since there are execs and other groups that need important files from it periodically. We generally don't have problems with it. Its current uptime is 90 days (power outage 90 days ago). The Windows servers don't even stay up for more than a couple of weeks (never mind not being able to serve to Unix and Unix-clones).
My group is not supporting 1000 desktops all constantly mounting/reading/writing (we're not in a support role), but when it needs to work, it does, and we use it every day.
A lot of government uses it. We use it in the municipality that I work for, and it does all the domain auth, file, and print serving for everything. The backend is OpenLDAP and is the authentication source for email and UNIX systems. You can do the same thing in the other direction, for the most part, if you want AD to be your auth source, but I haven't spent any time looking at it as of yet.
If you need Active Directory style functionality, take a look at Novell eDirectory and ZenWorks. There's a few other things out there that will give you management functionality, and software deployment, such as WPKG and Mandriva Pulse.
Also, using SAMBA doesn't mean that you *can't* be using Windows Server systems, or Active Directory. W2k3 server can still join a SAMBA controlled domain, and SAMBA can join and authenticate against an AD domain just fine. Domain trusts work, too.
Instead of quoting specific companies, how about pointing to that well known study which shows that Samba is more than twice as fast as Windows Server 2003 for SMB serving?
You'd have to bring that up. My wife and I both hate Bob and his defective penis.
We're not as big as some enterprise customers, but we do have a 5 TB FreeBSD server which uses samba to both run our domain of analysis workstations and serve up all of that data. Someone else mentioned OpenLDAP frustrations (with which I somewhat agree). However, IDEALX's smbldap does warrant a shoutout for making things easier for so long.
i was hired on after a merger and had to combine seven sites. dumped all that microsoft crap and installed suse servers and ipcop firewalls. i also installed a SME e-mail server and it too has performed flawlessly. god i love linux, it is really fun to be an administrator again. i had forgotten the command line (which isn't necessary) but it really is a blast. another benefit: i won't be hit by a chair (balmer's trademark).
I recently graduated from the University of Lethbridge. Has at least 5000 students, each of them has their own personal network drive for use on school computers, as well as a web drive, where any files saved there are published on their personal site at the University. How does it all function? A bank of Linux machines that use Samba. It's never been anything but reliable.
Funny you should ask.
I've just finished deploying a brand new CentOS/Samba solution to replace some ageing NT4 servers.
We got a shiny new Dell Poweredge 2900 with 16GB Memory, twin quad-core Xeons and 8x300GB hot-swap SAS drives.
I configured up CentOS 4.4, using Samba/OpenLDAP/Postfix/Dovecot and MySQL to provide domain, database, roaming profile and file sharing services to a workgroup of around 100 workstations running XP.
Now we have ironed out the smaller issues with the deployment, it's absolutely rock-solid. Current uptime is 18 days, without a glitch at all. Utilisation hasn't peaked over about 20%, giving us plenty of spare capacity for expansion.
We did consider deploying Windows Server 2003, but were put off by the price tag of the cluster of machines that was recommended to provide us with the capacity to service 100 workstations. Suffice to say that the £6k we paid was a mere fraction of the Windows alternative.
Beer Coat: The invisible but warm coat worn when walking home after a booze cruise at 3 in the morning.
5 Samba servers. A DFS root, two main file servers (2x250gb sata raid 0 each), a backup server in another room, and a spare server (our previous backup server). With DFS, rsync, and the spare I was able to upgrade the hard drives in both file servers without downtime.
Samba got our full attention when we installed it on an old, slow, unused server and noticed that it was visibly much faster than any of our Windows file servers. Just clicking around the file shares in Windows Explorer, the difference was like night and day. One the Windows servers, directory listings would always take at least 1/2 second to display. On the Samba server, it was practically instantaneous. It was like local browsing.
Nearly all of our downtime has been hardware related. Our old backup server suffered multiple simultaneous hard disk failures. One of our file servers suffered from failed ram, and I didn't have a replacement handy, but I was able to get it to avoid the bad parts with a kernel boot option, until I could get it replaced. There have been a couple software issues. Our spare server, at a time when we didn't need it, somehow managed to damage its MBR, booting to a blank screen after we rebooted it, but I was able to restore grub with a live CD once I figured out what it had done. I'm really not sure what was to blame for that. And we had WildFire IM server on our DFS root, and it managed to fill the hard disk with error logs one day, but that was a WildFire problem, not Samba or Linux.
And they'll be happy to sell your boss as platinum support contract which includes it, so as to make it appropriaterly expensive (;-))
--dave
davecb@spamcop.net
If you're going to do the BoFH treatment, make sure that your most-certified-clueless MCSE's are on the project -- so as to lose that dead weight. ;-)
HP calls it CIFS Server for HP-UX, but it's really Samba.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
A few months ago I removed Fedora Core 4 (which had X) and replaced it with Ubuntu Server (no X).
This is the only Linux box in our Windows based company - running phpBB2, media wiki, samba and port forwarding for remote desktop.
Does it meet the needs of our business? Yes. Configuration is not easy, but that does not mean it's amateur software.
Webmin is installed (http://www.webmin.com/) - and it allows basic configuration of Samba. Occasionally I need to use ssh to edit the config manually.
They still use POSIX style permissions which does not work well with modern filesystem ACLs. The amount of times I have had to log into Unix to modify a file because the Windows 2003 Terminal Server says access denied. I'm like "WTF, I just created this file, now I cannot rename it?" It seems that the SAMBA team don't give a shit about modern filesystem access control lists.
we have over 10,000 users (students/faculty/staff) with home directories on a single sparc solaris samba box (files stored on a SAN), and i can't say that we have had any problems with it. It has been extremely reliable for the past 5+ years we have been using it.
> get some kickbacks from his friend Bob, who happens to be an MS sales rep.
That's how Microsoft sells most big deals from what I've seen. They take idiot VP's to strip clubs and get them drunk and get them to agree to give Microsoft stupid amounts of money for nothing. That's the reason our four largest customers switched to the Microsoft garbage. Even though I make a lot more money because I bill them by the hour to fix all of their Microsoft-created problems, it still makes me angry to see them get ripped-off like that because one stupid VP likes to get drunk with the Microsoft rep.
No, that's not "Bob", that's "Rob" - as in Enderle...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Nobody that I noticed mentioned it yet, but Macs use samba for sharing with windows.
We haven't had any problems with our Mac/Linux NFS/Samba servers, and our windows clients.
But we have had problems trying to make our windows servers do NFS.
"Sometimes it's hard to tell the dancer from the dance." --Corwin Of Amber in CoC
Is Apple OSX considered good enough for the enterprise? It uses Samba for its file sharing with Windows computers.
If Apple thinks Samba is good enough, can't you use it too (in your operating system of choice)?
A couple of years ago I worked in a University department and we acquired an EMC Celerra NAS server (NS600) which promised to serve files to both our Unix and Windows clients (about 200) using NFS and CIFS (SMB) from the same volume sets.
Long story short: There were so many problems (not the least security-wise) on the CIFS part of it that we ended up putting a Samba server in front of it for our windows clients. Samba simplified operations, was very simple, efficient, and secure. It integrated in our Domain almost transparently.
$200,000 server needed a cheap PC running Linux in front of it. You do the math.
If I had had any guts, I'd have imposed my views and never let the department spend that money on the EMC box and would have gotten Intel server(s) instead, for one tenth the price. >
Using SAMBA, is there any way for server/client communication to be encrypted after authentication? Or is the only solution to be on a secure network, e.g. over a VPN?
The possibilities for blackmail are worth considering.
Something else you might want to consider are the things Windows will do that Samba does not (or, at least, does not do without lots of hacking around).
Two of these are DFS Replication (DFSR) and Volume SnapShots (VSS).
We are currently in the process of evaluation a replacement for our aging fileserver plus some sort of centralised, SAN-like storage. Two of the leading candidates are Sun's 5320 and IBM's N5200 which offer access for clients via both network (CIFS, NFS, etc) and block-level (iSCSI, FC). Several branch offices are also in the same situation, although they lack the need for block-level, centralised disk.
However, neither of them support DFSR (nor does any other non-Windows based NAS device from what I can gather). They do both have replication technologies of their own, but those are just as expensive (additional US$8k-ish) - if not more so - than just buying a dedicated Windows fileserver to connect to the SAN/NAS device via iSCSI.
Then there's the snapshotting, which Samba doesn't do on its own (but you can hack together something, depending on the host OS). VSS in Windows is trivial to enable, very simple to use and works quite well. It's primary benefit is to reduce the overheads on support staff from users "accidentally" deleting things and needing them restored - something they are now able to do themselves, rather than weighing down support staff with those requests. It can also be used for simplifying backup procedures. (Any decent NAS device will also have some sort of snapshotting functionality).
With regards to Samba in general, we use it fairly extensively on a per-host basis to allow easy access to certain parts of the filesystem for certain staff. I've experimented with it in the past on an AD level and successfully gotten it working, but the overhead for setup is non-trivial, especially if you want things like UIDs to match up across different machines.
Simple setups in Samba and Windows are simple. More complex (Active Directory integration, especially with multiple servers) are also fairly simple in Windows, but relatively much more difficult with Samba. If you're looking at the latter - *especially if you're not already an expert* - you'll probably need almost a complete person full-time to work with it during the implementation phase.
The simple version is this: software and hardware are cheap, people-time is expensive (this is a concept a *lot* of technically oriented people - myself included - have significant difficulty a) grasping and b) remembering). In all likelihood, you will use substantially more people-time - especially in the earlier phases - with Samba than you will with Windows. That's where the "value" of Windows (or NAS appliances) comes in - saving people-time $$$. If you're already a Samba expert, OTOH, the people-time aspect of the equation will be substantially different and you can compare largely on features. However, banging out a good, manageable, sustainable, reliable AD-integrated Samba infrastructure is something that will take on the order of weeks unless you already know what you're doing and have done it before. Your boss has a very poor argument against Samba, but do not kid yourself that good arguments against Samba do not exist.
I work for company that makes "Enterprise Storage" devices... NAS and archival. The controllers in all our devices run Linux and use CIFS (Samba) and NFS. This is serious stuff. We guarantee your data will be safe for a minimum of 50 years. American hospitals use our stuff for archival of patients' MRI scans and other medical records.
Back when I did system admin one of the companies I worked for needed SAMBA but the management did not trust it so I found a product called Totalnet. It was an exact replica of SAMBA but with a nice graphical interface, since it was a commercial product management had an easier time and paid the thousands of dollars, but I had a nicer graphical interface, in addition to the command line tools.
Samba has had AD support for a while already. Here is a guide with a deliberately broken link to avoid a Slashdotting: www.aeronetworks.ca \ LinuxActiveDirectory.html Please have mercy on the server and only read the above if you are really interested in Active Directory on Samba.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
I'm a sysadmin for a midsize company, I use samba exclusively for the past 6-7 years 4 servers for about 200 users, its easy to manage and never had problems with it.
A true undelete program.
With Novell file systems (SALVAGE traditional NWFS and Console1 "Deleted files view" for the newer NSS file system) as well as add-on products for NTF$ (Undelete server), versioned undeletes are possible within the file system.
This is a show-stopper for us as getting files from tape is a chore (distributed backup services). Plus, the accountants like the peace of mind knowing that if they revised a file 20x during the day, they can go back and grab data from any of those 20 "file > saves".
The VFS layer works OK under Samba for full file detest. It just doesn't do Office file-level versioning, which is the functionality we need to go full-Samba.
Now, if we didn't need the Office-file versioning of deleted files, we'd be all Samba in this department. SLES 10 is a great server solution IMO. I have it running as a VMWare host for 4 VM boxes, and one installation for all-user Samba file sharing. Samba is rock-solid!