| 1 | <?xml version="1.0" encoding="iso-8859-1"?> | 
|---|
| 2 | <!DOCTYPE preface PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> | 
|---|
| 3 | <preface id="preface"> | 
|---|
| 4 | <title>Preface</title> | 
|---|
| 5 |  | 
|---|
| 6 | <para> | 
|---|
| 7 | Network administrators live busy lives. We face distractions and pressures | 
|---|
| 8 | that drive us to seek proven, working case scenarios that can be easily | 
|---|
| 9 | implemented. Often this approach lands us in trouble. There is a | 
|---|
| 10 | saying that, geometrically speaking, the shortest distance between two | 
|---|
| 11 | points is a straight line, but practically we find that the quickest | 
|---|
| 12 | route to a stable network solution is the long way around. | 
|---|
| 13 | </para> | 
|---|
| 14 |  | 
|---|
| 15 | <para> | 
|---|
| 16 | This book is your means to the straight path. It provides step-by-step, | 
|---|
| 17 | proven, working examples of Samba deployments.  If you want to deploy | 
|---|
| 18 | Samba-3 with the least effort, or if you want to become an expert at deploying | 
|---|
| 19 | Samba-3 without having to search through lots of documentation, this | 
|---|
| 20 | book is the ticket to your destination. | 
|---|
| 21 | </para> | 
|---|
| 22 |  | 
|---|
| 23 | <para> | 
|---|
| 24 | Samba is software that can be run on a platform other than Microsoft Windows, | 
|---|
| 25 | for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems. | 
|---|
| 26 | Samba uses the TCP/IP protocol that is installed on the host server. When | 
|---|
| 27 | correctly configured, it allows that host to interact with a Microsoft Windows | 
|---|
| 28 | client or server as if it is a Windows file and print server. This book | 
|---|
| 29 | will help you to implement Windows-compatible file and print services. | 
|---|
| 30 | </para> | 
|---|
| 31 |  | 
|---|
| 32 | <para> | 
|---|
| 33 | The examples presented in this book are typical of various businesses and | 
|---|
| 34 | reflect the problems and challenges they face. Care has been taken to preserve | 
|---|
| 35 | attitudes, perceptions, practices, and demands from real network case studies. | 
|---|
| 36 | The maximum benefit may be obtained from this book by working carefully through | 
|---|
| 37 | each exercise. You may be in a hurry to satisfy a specific need, so feel | 
|---|
| 38 | free to locate the example that most closely matches your need, copy it, and | 
|---|
| 39 | innovate as much as you like. Above all, enjoy the process of learning the | 
|---|
| 40 | secrets of MS Windows networking that is truly liberated by Samba. | 
|---|
| 41 | </para> | 
|---|
| 42 |  | 
|---|
| 43 | <para> | 
|---|
| 44 | The focus of attention in this book is Samba-3. Specific notes are made in | 
|---|
| 45 | respect of how Samba may be made secure. This book does not attempt to provide | 
|---|
| 46 | detailed information regarding secure operation and configuration of peripheral | 
|---|
| 47 | services and applications such as OpenLDAP, DNS and DHCP, the need for which | 
|---|
| 48 | can be met from other resources that are dedicated to the subject. | 
|---|
| 49 | </para> | 
|---|
| 50 |  | 
|---|
| 51 | <sect1> | 
|---|
| 52 | <title>Why Is This Book Necessary?</title> | 
|---|
| 53 |  | 
|---|
| 54 | <para> | 
|---|
| 55 | This book is the result of observations and feedback. The feedback from | 
|---|
| 56 | the Samba-HOWTO-Collection has been positive and complimentary. There | 
|---|
| 57 | have been requests for far more worked examples, a | 
|---|
| 58 | <quote>Samba Cookbook,</quote> and for training materials to | 
|---|
| 59 | help kick-start the process of mastering Samba. | 
|---|
| 60 | </para> | 
|---|
| 61 |  | 
|---|
| 62 | <para> | 
|---|
| 63 | The Samba mailing lists users have asked for sample configuration files | 
|---|
| 64 | that work. It is natural to question one's own ability to correctly | 
|---|
| 65 | configure a complex tool such as Samba until a minimum necessary | 
|---|
| 66 | knowledge level has been attained. | 
|---|
| 67 | </para> | 
|---|
| 68 |  | 
|---|
| 69 | <para> | 
|---|
| 70 | The Samba-HOWTO-Collection &smbmdash; as does <emphasis>The Official Samba-3 HOWTO and | 
|---|
| 71 | Reference Guide</emphasis> &smbmdash; documents Samba features and functionality in | 
|---|
| 72 | a topical context.  This book takes a completely different approach. It | 
|---|
| 73 | walks through Samba network configurations that are working within particular | 
|---|
| 74 | environmental contexts, providing documented step-by-step implementations. | 
|---|
| 75 | All example case configuration files, scripts, and other tools are provided | 
|---|
| 76 | on the CD-ROM. This book is descriptive, provides detailed diagrams, and | 
|---|
| 77 | makes deployment of Samba-3 a breeze. | 
|---|
| 78 | </para> | 
|---|
| 79 |  | 
|---|
| 80 | <sect2> | 
|---|
| 81 | <title>Samba 3.0.20 Update Edition</title> | 
|---|
| 82 |  | 
|---|
| 83 | <para> | 
|---|
| 84 | The Samba 3.0.x series has been remarkably popular. At the time this book first | 
|---|
| 85 | went to print samba-3.0.2 was being released. There have been significant modifications | 
|---|
| 86 | and enhancements between samba-3.0.2 and samba-3.0.14 (the current release) that | 
|---|
| 87 | necessitate this documentation update. This update has the specific intent to | 
|---|
| 88 | refocus this book so that its guidance can be followed for samba-3.0.20 | 
|---|
| 89 | and beyond. Further changes are expected as Samba-3 matures further and will | 
|---|
| 90 | be reflected in future updates. | 
|---|
| 91 | </para> | 
|---|
| 92 |  | 
|---|
| 93 | <para> | 
|---|
| 94 | The changes shown in <link linkend="pref-new"/> are incorporated in this update. | 
|---|
| 95 | </para> | 
|---|
| 96 |  | 
|---|
| 97 | <table id="pref-new"> | 
|---|
| 98 | <title>Samba Changes &smbmdash; 3.0.2 to 3.0.20</title> | 
|---|
| 99 | <tgroup cols="2"> | 
|---|
| 100 | <colspec align="left"/> | 
|---|
| 101 | <colspec align="justify"/> | 
|---|
| 102 | <thead> | 
|---|
| 103 | <row> | 
|---|
| 104 | <entry align="left"> | 
|---|
| 105 | <para> | 
|---|
| 106 | New Feature | 
|---|
| 107 | </para> | 
|---|
| 108 | </entry> | 
|---|
| 109 | <entry align="left"> | 
|---|
| 110 | <para> | 
|---|
| 111 | Description | 
|---|
| 112 | </para> | 
|---|
| 113 | </entry> | 
|---|
| 114 | </row> | 
|---|
| 115 | </thead> | 
|---|
| 116 | <tbody> | 
|---|
| 117 | <row> | 
|---|
| 118 | <entry> | 
|---|
| 119 | <para> | 
|---|
| 120 | Winbind Case Handling | 
|---|
| 121 | </para> | 
|---|
| 122 | </entry> | 
|---|
| 123 | <entry> | 
|---|
| 124 | <para> | 
|---|
| 125 | User and group names returned by <command>winbindd</command> are now converted to lower case | 
|---|
| 126 | for better consistency. Samba implementations that depend on the case of information returned | 
|---|
| 127 | by winbind (such as %u and %U) must now convert the dependency to expecting lower case values. | 
|---|
| 128 | This affects mail spool files, home directories, valid user lines in the &smb.conf; file, etc. | 
|---|
| 129 | </para> | 
|---|
| 130 | </entry> | 
|---|
| 131 | </row> | 
|---|
| 132 | <row> | 
|---|
| 133 | <entry> | 
|---|
| 134 | <para> | 
|---|
| 135 | Schema Changes | 
|---|
| 136 | </para> | 
|---|
| 137 | </entry> | 
|---|
| 138 | <entry> | 
|---|
| 139 | <para> | 
|---|
| 140 | Addition of code to handle password aging, password uniqueness controls, bad | 
|---|
| 141 | password instances at logon time, have made necessary extensions to the SambaSAM | 
|---|
| 142 | schema. This change affects all sites that use LDAP and means that the directory | 
|---|
| 143 | schema must be updated. | 
|---|
| 144 | </para> | 
|---|
| 145 | </entry> | 
|---|
| 146 | </row> | 
|---|
| 147 | <row> | 
|---|
| 148 | <entry> | 
|---|
| 149 | <para> | 
|---|
| 150 | Username Map Handling | 
|---|
| 151 | </para> | 
|---|
| 152 | </entry> | 
|---|
| 153 | <entry> | 
|---|
| 154 | <para> | 
|---|
| 155 | Samba-3.0.8 redefined the behavior: Local authentication results in a username map file | 
|---|
| 156 | lookup before authenticating the connection. All authentication via an external domain | 
|---|
| 157 | controller will result in the use of the fully qualified name (i.e.: DOMAIN\username) | 
|---|
| 158 | after the user has been successfully authenticated. | 
|---|
| 159 | </para> | 
|---|
| 160 | </entry> | 
|---|
| 161 | </row> | 
|---|
| 162 | <row> | 
|---|
| 163 | <entry> | 
|---|
| 164 | <para> | 
|---|
| 165 | UNIX Extension Handling | 
|---|
| 166 | </para> | 
|---|
| 167 | </entry> | 
|---|
| 168 | <entry> | 
|---|
| 169 | <para> | 
|---|
| 170 | Symbolically linked files and directories on the UNIX host to absolute paths will | 
|---|
| 171 | now be followed. This can be turned off using <quote>wide links = No</quote> in | 
|---|
| 172 | the share stanza in the &smb.conf; file. Turning off <quote>wide links</quote> | 
|---|
| 173 | support will degrade server performance because each path must be checked. | 
|---|
| 174 | </para> | 
|---|
| 175 | </entry> | 
|---|
| 176 | </row> | 
|---|
| 177 | <row> | 
|---|
| 178 | <entry> | 
|---|
| 179 | <para> | 
|---|
| 180 | Privileges Support | 
|---|
| 181 | </para> | 
|---|
| 182 | </entry> | 
|---|
| 183 | <entry> | 
|---|
| 184 | <para> | 
|---|
| 185 | Versions of Samba prior to samba-3.0.11 required the use of the UNIX <constant>root</constant> | 
|---|
| 186 | account from network Windows clients. The new <quote>enable privileges = Yes</quote> capability | 
|---|
| 187 | means that functions such as adding machines to the domain, managing printers, etc. can now | 
|---|
| 188 | be delegated to normal user accounts or to groups of users. | 
|---|
| 189 | </para> | 
|---|
| 190 | </entry> | 
|---|
| 191 | </row> | 
|---|
| 192 | </tbody> | 
|---|
| 193 | </tgroup> | 
|---|
| 194 | </table> | 
|---|
| 195 | </sect2> | 
|---|
| 196 |  | 
|---|
| 197 | </sect1> | 
|---|
| 198 |  | 
|---|
| 199 | <sect1> | 
|---|
| 200 | <title>Prerequisites</title> | 
|---|
| 201 |  | 
|---|
| 202 | <para> | 
|---|
| 203 | This book is not a tutorial on UNIX or Linux administration. UNIX and Linux | 
|---|
| 204 | training is best obtained from books dedicated to the subject. This book | 
|---|
| 205 | assumes that you have at least the basic skill necessary to use these operating | 
|---|
| 206 | systems, and that you can use a basic system editor to edit and configure files. | 
|---|
| 207 | It has been written with the assumption that you have experience with Samba, | 
|---|
| 208 | have read <emphasis>The Official Samba-3 HOWTO and Reference Guide</emphasis> and | 
|---|
| 209 | the Samba-HOWTO-Collection, or that you have familiarity with Microsoft Windows. | 
|---|
| 210 | </para> | 
|---|
| 211 |  | 
|---|
| 212 | <para> | 
|---|
| 213 | If you do not have this experience, you can follow the examples in this book but may | 
|---|
| 214 | find yourself at times intimidated by assumptions made. In this situation, you | 
|---|
| 215 | may need to refer to administrative guides or manuals for your operating system | 
|---|
| 216 | platform to find what is the best method to achieve what the text of this book describes. | 
|---|
| 217 | </para> | 
|---|
| 218 |  | 
|---|
| 219 | </sect1> | 
|---|
| 220 |  | 
|---|
| 221 | <sect1> | 
|---|
| 222 | <title>Approach</title> | 
|---|
| 223 |  | 
|---|
| 224 | <para> | 
|---|
| 225 | The first chapter deals with some rather thorny network analysis issues. Do not be | 
|---|
| 226 | put off by this. The information you glean, even without a detailed understanding | 
|---|
| 227 | of network protocol analysis, can help you understand how Windows networking functions. | 
|---|
| 228 | </para> | 
|---|
| 229 |  | 
|---|
| 230 | <para> | 
|---|
| 231 | Each following chapter of this book opens with the description of a networking solution | 
|---|
| 232 | sought by a hypothetical site. Bob Jordan is a hypothetical decision maker | 
|---|
| 233 | for an imaginary company, <constant>Abmas Biz NL</constant>. We will use the | 
|---|
| 234 | non-existent domain name <constant>abmas.biz</constant>. All <emphasis>facts</emphasis> | 
|---|
| 235 | presented regarding this company are fictitious and have been drawn from a variety of real | 
|---|
| 236 | business scenarios over many years. Not one of these reveal the identify of the | 
|---|
| 237 | real-world company from which the scenario originated. | 
|---|
| 238 | </para> | 
|---|
| 239 |  | 
|---|
| 240 | <para> | 
|---|
| 241 | In any case, Mr. Jordan likes to give all his staff nasty little assignments. | 
|---|
| 242 | Stanley Saroka is one of his proteges; Christine Roberson is the network administrator | 
|---|
| 243 | Bob trusts. Jordan is inclined to treat other departments well because they finance | 
|---|
| 244 | Abmas IT operations. | 
|---|
| 245 | </para> | 
|---|
| 246 |  | 
|---|
| 247 | <para> | 
|---|
| 248 | Each chapter presents a summary of the network solution we have chosen to | 
|---|
| 249 | demonstrate together with a rationale to help you to understand the | 
|---|
| 250 | thought process that drove that solution. The chapter then documents in precise | 
|---|
| 251 | detail all configuration files and steps that must be taken to implement the | 
|---|
| 252 | example solution. Anyone wishing to gain serious value from this book will | 
|---|
| 253 | do well to take note of the implications of points made, so watch out for the | 
|---|
| 254 | <emphasis>this means that</emphasis> notations. | 
|---|
| 255 | </para> | 
|---|
| 256 |  | 
|---|
| 257 | <para> | 
|---|
| 258 | Each chapter has a set of questions and answers to help you to | 
|---|
| 259 | to understand and digest key attributes of the solutions presented. | 
|---|
| 260 | </para> | 
|---|
| 261 |  | 
|---|
| 262 | </sect1> | 
|---|
| 263 |  | 
|---|
| 264 | <sect1> | 
|---|
| 265 | <title>Summary of Topics</title> | 
|---|
| 266 |  | 
|---|
| 267 | <para> | 
|---|
| 268 | The contents of this second edition of <emphasis>Samba-3 by Example</emphasis> | 
|---|
| 269 | have been rearranged based on feedback from purchasers of the first edition. | 
|---|
| 270 | </para> | 
|---|
| 271 |  | 
|---|
| 272 | <para> | 
|---|
| 273 | Clearly the first edition contained most of what was needed and that was missing | 
|---|
| 274 | from other books that cover this difficult subject. The new arrangement adds | 
|---|
| 275 | additional material to meet consumer requests and includes changes that originated | 
|---|
| 276 | as suggestions for improvement. | 
|---|
| 277 | </para> | 
|---|
| 278 |  | 
|---|
| 279 | <para> | 
|---|
| 280 | Chapter 1 now dives directly into the heart of the implementation of Windows | 
|---|
| 281 | file and print server networks that use Samba at the heart. | 
|---|
| 282 | </para> | 
|---|
| 283 |  | 
|---|
| 284 | <variablelist> | 
|---|
| 285 | <varlistentry> | 
|---|
| 286 | <term>Chapter 1 &smbmdash; No Frills Samba Servers.</term><listitem> | 
|---|
| 287 | <para> | 
|---|
| 288 | Here you design a solution for three different business scenarios, each for a | 
|---|
| 289 | company called Abmas. There are two simple networking problems and one slightly | 
|---|
| 290 | more complex networking challenge. In the first two cases, Abmas has a small | 
|---|
| 291 | simple office, and they want to replace a Windows 9x peer-to-peer network. The | 
|---|
| 292 | third example business uses Windows 2000 Professional. This must be simple, | 
|---|
| 293 | so let's see how far we can get. If successful, Abmas grows quickly and | 
|---|
| 294 | soon needs to replace all servers and workstations. | 
|---|
| 295 | </para> | 
|---|
| 296 |  | 
|---|
| 297 | <para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demands: | 
|---|
| 298 | <itemizedlist> | 
|---|
| 299 | <listitem><para>Case 1: The simplest &smb.conf; file that may | 
|---|
| 300 | reasonably be used. Works with Samba-2.x also. This | 
|---|
| 301 | configuration uses Share Mode security. Encrypted | 
|---|
| 302 | passwords are not used, so there is no | 
|---|
| 303 | <filename>smbpasswd</filename> file. | 
|---|
| 304 | </para></listitem> | 
|---|
| 305 |  | 
|---|
| 306 | <listitem><para>Case 2: Another simple &smb.conf; file that adds | 
|---|
| 307 | WINS support and printing support. This case deals with | 
|---|
| 308 | a special requirement that demonstrates how to deal with | 
|---|
| 309 | purpose-built software that has a particular requirement | 
|---|
| 310 | for certain share names and printing demands. This | 
|---|
| 311 | configuration uses Share Mode security and also works with | 
|---|
| 312 | Samba-2.x. Encrypted passwords are not used, so there is no | 
|---|
| 313 | <filename>smbpasswd</filename> file. | 
|---|
| 314 | </para></listitem> | 
|---|
| 315 |  | 
|---|
| 316 | <listitem><para>Case 3: This &smb.conf; configuration uses User Mode | 
|---|
| 317 | security. The file share configuration demonstrates | 
|---|
| 318 | the ability to provide master access to an administrator | 
|---|
| 319 | while restricting all staff to their own work areas. | 
|---|
| 320 | Encrypted passwords are used, so there is an implicit | 
|---|
| 321 | <filename>smbpasswd</filename> file. | 
|---|
| 322 | </para></listitem> | 
|---|
| 323 | </itemizedlist> | 
|---|
| 324 | </para> | 
|---|
| 325 | </listitem> | 
|---|
| 326 | </varlistentry> | 
|---|
| 327 |  | 
|---|
| 328 | <varlistentry> | 
|---|
| 329 | <term>Chapter 2 &smbmdash; Small Office Networking.</term><listitem> | 
|---|
| 330 | <para> | 
|---|
| 331 | Abmas is a successful company now. They have 50 network users | 
|---|
| 332 | and want a little more varoom from the network. This is a typical | 
|---|
| 333 | small office and they want better systems to help them to grow. This is | 
|---|
| 334 | your chance to really give advanced users a bit more functionality and usefulness. | 
|---|
| 335 | </para> | 
|---|
| 336 |  | 
|---|
| 337 | <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file | 
|---|
| 338 | makes use of encrypted passwords, so there is an <filename>smbpasswd</filename> | 
|---|
| 339 | file. It also demonstrates use of the <parameter>valid users</parameter> and | 
|---|
| 340 | <parameter>valid groups</parameter> to restrict share access. The Windows | 
|---|
| 341 | clients access the server as Domain members. Mobile users log onto | 
|---|
| 342 | the Domain while in the office, but use a local machine account while on the | 
|---|
| 343 | road. The result is an environment that answers mobile computing user needs. | 
|---|
| 344 | </para> | 
|---|
| 345 | </listitem> | 
|---|
| 346 | </varlistentry> | 
|---|
| 347 |  | 
|---|
| 348 | <varlistentry> | 
|---|
| 349 | <term>Chapter 3 &smbmdash; Secure Office Networking.</term><listitem> | 
|---|
| 350 | <para> | 
|---|
| 351 | Abmas is growing rapidly now. Money is a little tight, but with 130 | 
|---|
| 352 | network users, security has become a concern. They have many new machines | 
|---|
| 353 | to install and the old equipment will be retired. This time they want the | 
|---|
| 354 | new network to scale and grow for at least two years. Start with a sufficient | 
|---|
| 355 | system and allow room for growth. You are now implementing an Internet | 
|---|
| 356 | connection and have a few reservations about user expectations. | 
|---|
| 357 | </para> | 
|---|
| 358 |  | 
|---|
| 359 | <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file | 
|---|
| 360 | makes use of encrypted passwords, and you can use a <filename>tdbsam</filename> | 
|---|
| 361 | password backend. Domain logons are introduced. Applications are served from the central | 
|---|
| 362 | server. Roaming profiles are mandated. Access to the server is tightened up | 
|---|
| 363 | so that only domain members can access server resources. Mobile computing | 
|---|
| 364 | needs still are catered to. | 
|---|
| 365 | </para> | 
|---|
| 366 | </listitem> | 
|---|
| 367 | </varlistentry> | 
|---|
| 368 |  | 
|---|
| 369 | <varlistentry> | 
|---|
| 370 | <term>Chapter 4 &smbmdash; The 500 User Office.</term><listitem> | 
|---|
| 371 | <para> | 
|---|
| 372 | The two-year projections were met. Congratulations, you are a star. | 
|---|
| 373 | Now Abmas needs to replace the network. Into the existing user base, they | 
|---|
| 374 | need to merge a 280-user company they just acquired. It is time to build a serious | 
|---|
| 375 | network. There are now three buildings on one campus and your assignment is | 
|---|
| 376 | to keep everyone working while a new network is rolled out. Oh, isn't it nice | 
|---|
| 377 | to roll out brand new clients and servers! Money is no longer tight, you get | 
|---|
| 378 | to buy and install what you ask for. You will install routers and a firewall. | 
|---|
| 379 | This is exciting! | 
|---|
| 380 | </para> | 
|---|
| 381 |  | 
|---|
| 382 | <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file | 
|---|
| 383 | makes use of encrypted passwords, and a <filename>tdbsam</filename> | 
|---|
| 384 | password backend is used. You are not ready to launch into LDAP yet, so you | 
|---|
| 385 | accept the limitation of having one central Domain Controller with a Domain | 
|---|
| 386 | Member server in two buildings on your campus. A number of clever techniques | 
|---|
| 387 | are used to demonstrate some of the smart options built into Samba. | 
|---|
| 388 | </para> | 
|---|
| 389 | </listitem> | 
|---|
| 390 | </varlistentry> | 
|---|
| 391 |  | 
|---|
| 392 | <varlistentry> | 
|---|
| 393 | <term>Chapter 5 &smbmdash; Making Happy Users.</term><listitem> | 
|---|
| 394 | <para> | 
|---|
| 395 | Congratulations again. Abmas is happy with your services and you have been given another raise. | 
|---|
| 396 | Your users are becoming much more capable and are complaining about little | 
|---|
| 397 | things that need to be fixed. Are you up to the task? Mary says it takes her 20 minutes | 
|---|
| 398 | to log onto the network and it is killing her productivity. Email is a bit <emphasis> | 
|---|
| 399 | unreliable</emphasis> &smbmdash; have you been sleeping on the job? We do not discuss the | 
|---|
| 400 | technology of email but when the use of mail clients breaks because of networking | 
|---|
| 401 | problems, you had better get on top of it. It's time for a change. | 
|---|
| 402 | </para> | 
|---|
| 403 |  | 
|---|
| 404 | <para><emphasis>TechInfo</emphasis> &smbmdash; This &smb.conf; file | 
|---|
| 405 | makes use of encrypted passwords; a distributed <filename>ldapsam</filename> | 
|---|
| 406 | password backend is used. Roaming profiles are enabled. Desktop profile controls | 
|---|
| 407 | are introduced. Check out the techniques that can improve the user experience | 
|---|
| 408 | of network performance. As a special bonus, this chapter documents how to configure | 
|---|
| 409 | smart downloading of printer drivers for drag-and-drop printing support. And, yes, | 
|---|
| 410 | the secret of configuring CUPS is clearly documented. Go for it; this one will | 
|---|
| 411 | tease you, too. | 
|---|
| 412 | </para> | 
|---|
| 413 | </listitem> | 
|---|
| 414 | </varlistentry> | 
|---|
| 415 |  | 
|---|
| 416 | <varlistentry> | 
|---|
| 417 | <term>Chapter 6 &smbmdash; A Distributed 2000 User Network.</term><listitem> | 
|---|
| 418 | <para> | 
|---|
| 419 | Only eight months have passed, and Abmas has acquired another company. You now need to expand | 
|---|
| 420 | the network further. You have to deal with a network that spans several countries. | 
|---|
| 421 | There are three new networks in addition to the original three buildings at the head-office | 
|---|
| 422 | campus. The head office is in New York and you have branch offices in Washington, Los Angeles, and | 
|---|
| 423 | London. Your desktop standard is Windows XP Professional. In many ways, everything has changed | 
|---|
| 424 | and yet it must remain the same. Your team is primed for another roll-out. You know there are | 
|---|
| 425 | further challenges ahead. | 
|---|
| 426 | </para> | 
|---|
| 427 |  | 
|---|
| 428 | <para><emphasis>TechInfo</emphasis> &smbmdash; Slave LDAP servers are introduced. Samba is | 
|---|
| 429 | configured to use multiple LDAP backends. This is a brief chapter; it assumes that the | 
|---|
| 430 | technology has been mastered and gets right down to concepts and how to deploy them. | 
|---|
| 431 | </para> | 
|---|
| 432 | </listitem> | 
|---|
| 433 | </varlistentry> | 
|---|
| 434 |  | 
|---|
| 435 | <varlistentry> | 
|---|
| 436 | <term>Chapter 7 &smbmdash; Adding UNIX/Linux Servers and Clients.</term><listitem> | 
|---|
| 437 | <para> | 
|---|
| 438 | Well done, Bob, your team has achieved much. Now help Abmas integrate the entire network. | 
|---|
| 439 | You want central control and central support and you need to cut costs. How can you reduce administrative | 
|---|
| 440 | overheads and yet get better control of the network? | 
|---|
| 441 | </para> | 
|---|
| 442 |  | 
|---|
| 443 | <para> | 
|---|
| 444 | This chapter has been contributed by Mark Taylor <email>mark.taylor@siriusit.co.uk</email> | 
|---|
| 445 | and is based on a live site. For further information regarding this example case, | 
|---|
| 446 | please contact Mark directly. | 
|---|
| 447 | </para> | 
|---|
| 448 |  | 
|---|
| 449 | <para><emphasis>TechInfo</emphasis> &smbmdash; It is time to consider how to add Samba servers | 
|---|
| 450 | and UNIX and Linux network clients. Users who convert to Linux want to be able to log on | 
|---|
| 451 | using Windows network accounts. You explore nss_ldap, pam_ldap, winbind, and a few neat | 
|---|
| 452 | techniques for taking control. Are you ready for this? | 
|---|
| 453 | </para> | 
|---|
| 454 | </listitem> | 
|---|
| 455 | </varlistentry> | 
|---|
| 456 |  | 
|---|
| 457 | <varlistentry> | 
|---|
| 458 | <term>Chapter 8 &smbmdash; Updating Samba-3.</term><listitem> | 
|---|
| 459 | <para> | 
|---|
| 460 | This chapter is the result of repeated requests for better documentation of the steps | 
|---|
| 461 | that must be followed when updating or upgrading a Samba server. It attempts to cover | 
|---|
| 462 | the entire subject in broad-brush but at the same time provides detailed background | 
|---|
| 463 | information that is not covered elsewhere in the Samba documentation. | 
|---|
| 464 | </para> | 
|---|
| 465 |  | 
|---|
| 466 | <para><emphasis>TechInfo</emphasis> &smbmdash; Samba stores a lot of essential network | 
|---|
| 467 | information in a large and growing collection of files. This chapter documents the | 
|---|
| 468 | essentials of where those files may be located and how to find them. It also provides | 
|---|
| 469 | an insight into inter-related matters that affect a Samba installation. | 
|---|
| 470 | </para> | 
|---|
| 471 | </listitem> | 
|---|
| 472 | </varlistentry> | 
|---|
| 473 |  | 
|---|
| 474 | <varlistentry> | 
|---|
| 475 | <term>Chapter 9 &smbmdash; Migrating NT4 Domain to Samba-3.</term><listitem> | 
|---|
| 476 | <para> | 
|---|
| 477 | Another six months have passed. Abmas has acquired yet another company. You will find a | 
|---|
| 478 | way to migrate all users off the old network onto the existing network without loss | 
|---|
| 479 | of passwords and will effect the change-over during one weekend. May the force (and caffeine) be with | 
|---|
| 480 | you, may you keep your back to the wind and may the sun shine on your face. | 
|---|
| 481 | </para> | 
|---|
| 482 |  | 
|---|
| 483 | <para><emphasis>TechInfo</emphasis> &smbmdash; This chapter demonstrates the use of | 
|---|
| 484 | the <command>net rpc migrate</command> facility using an LDAP ldapsam backend, and also | 
|---|
| 485 | using a tdbsam passdb backend. Both are much-asked-for examples of NT4 Domain migration. | 
|---|
| 486 | </para> | 
|---|
| 487 | </listitem> | 
|---|
| 488 | </varlistentry> | 
|---|
| 489 |  | 
|---|
| 490 | <varlistentry> | 
|---|
| 491 | <term>Chapter 10 &smbmdash; Migrating NetWare 4.11 Server to Samba.</term><listitem> | 
|---|
| 492 | <para> | 
|---|
| 493 | Misty Stanley-Jones has contributed information that summarizes her experience at migration | 
|---|
| 494 | from a NetWare server to Samba-3. | 
|---|
| 495 | </para> | 
|---|
| 496 |  | 
|---|
| 497 | <para><emphasis>TechInfo</emphasis> &smbmdash; The documentation provided demonstrates | 
|---|
| 498 | how one site migrated from NetWare to Samba. Some alternatives tools are mentioned. These | 
|---|
| 499 | could be used to provide another pathway to a successful migration. | 
|---|
| 500 | </para> | 
|---|
| 501 | </listitem> | 
|---|
| 502 | </varlistentry> | 
|---|
| 503 |  | 
|---|
| 504 | <varlistentry> | 
|---|
| 505 | <term>Chapter 11 &smbmdash; Active Directory, Kerberos and Security.</term><listitem> | 
|---|
| 506 | <para> | 
|---|
| 507 | Abmas has acquired another company that has just migrated to running Windows Server 2003 and | 
|---|
| 508 | Active Directory. One of your staff makes offhand comments that land you in hot water. | 
|---|
| 509 | A network security auditor is hired by the head of the new business and files a damning | 
|---|
| 510 | report, and you must address the <emphasis>defects</emphasis> reported. You have hired new | 
|---|
| 511 | network engineers who want to replace Microsoft Active Directory with a pure Kerberos | 
|---|
| 512 | solution. How will you handle this? | 
|---|
| 513 | </para> | 
|---|
| 514 |  | 
|---|
| 515 | <para><emphasis>TechInfo</emphasis> &smbmdash; This chapter is your answer. Learn about | 
|---|
| 516 | share access controls, proper use of UNIX/Linux file system access controls, and Windows | 
|---|
| 517 | 200x Access Control Lists. Follow these steps to beat the critics. | 
|---|
| 518 | </para> | 
|---|
| 519 | </listitem> | 
|---|
| 520 | </varlistentry> | 
|---|
| 521 |  | 
|---|
| 522 | <varlistentry> | 
|---|
| 523 | <term>Chapter 12 &smbmdash; Integrating Additional Services.</term><listitem> | 
|---|
| 524 | <para> | 
|---|
| 525 | The battle is almost over, Samba-3 has won the day. Your team are delighted and now you | 
|---|
| 526 | find yourself at yet another cross-roads. Abmas have acquired a snack food business, you | 
|---|
| 527 | made promises you must keep. IT costs must be reduced, you have new resistance, but you | 
|---|
| 528 | will win again. This time you choose to install the Squid proxy server to validate the | 
|---|
| 529 | fact that Samba is far more than just a file and print server. SPNEGO authentication | 
|---|
| 530 | support means that your Microsoft Windows clients gain transparent proxy access. | 
|---|
| 531 | </para> | 
|---|
| 532 |  | 
|---|
| 533 | <para><emphasis>TechInfo</emphasis> &smbmdash; Samba provides the <command>ntlm_auth</command> | 
|---|
| 534 | module that makes it possible for MS Windows Internet Explorer to connect via the Squid Web | 
|---|
| 535 | and FTP proxy server. You will configure Samba-3 as well as Squid to deliver authenticated | 
|---|
| 536 | access control using the Active Directory Domain user security credentials. | 
|---|
| 537 | </para> | 
|---|
| 538 | </listitem> | 
|---|
| 539 | </varlistentry> | 
|---|
| 540 |  | 
|---|
| 541 | <varlistentry> | 
|---|
| 542 | <term>Chapter 13 &smbmdash; Performance, Reliability and Availability.</term><listitem> | 
|---|
| 543 | <para> | 
|---|
| 544 | Bob, are you sure the new Samba server is up to the load? Your network is serving many | 
|---|
| 545 | users who risk becoming unproductive. What can you do to keep ahead of demand? Can you | 
|---|
| 546 | keep the cost under control also? What can go wrong? | 
|---|
| 547 | </para> | 
|---|
| 548 |  | 
|---|
| 549 | <para><emphasis>TechInfo</emphasis> &smbmdash; Hot tips that put chili into your | 
|---|
| 550 | network. Avoid name resolution problems, identify potential causes of network collisions, | 
|---|
| 551 | avoid Samba configuration options that will weigh the server down. MS distributed file | 
|---|
| 552 | services to make your network fly and much more. This chapter contains a good deal of | 
|---|
| 553 | <quote>Did I tell you about this...?</quote> type of hints to help keep your name on the top | 
|---|
| 554 | performers list. | 
|---|
| 555 | </para> | 
|---|
| 556 | </listitem> | 
|---|
| 557 | </varlistentry> | 
|---|
| 558 |  | 
|---|
| 559 | <varlistentry> | 
|---|
| 560 | <term>Chapter 14 &smbmdash; Samba Support.</term><listitem> | 
|---|
| 561 | <para> | 
|---|
| 562 | This chapter has been added specifically to help those who are seeking professional | 
|---|
| 563 | paid support for Samba. The critics of Open Source Software often assert that | 
|---|
| 564 | there is no support for free software. Some critics argue that free software | 
|---|
| 565 | undermines the service that proprietary commercial software vendors depend on. | 
|---|
| 566 | This chapter explains what are the support options for Samba and the fact that | 
|---|
| 567 | a growing number of businesses make money by providing commercial paid-for | 
|---|
| 568 | Samba support. | 
|---|
| 569 | </para> | 
|---|
| 570 | </listitem> | 
|---|
| 571 | </varlistentry> | 
|---|
| 572 |  | 
|---|
| 573 | <varlistentry> | 
|---|
| 574 | <term>Chapter 15 &smbmdash; A Collection of Useful Tid-bits.</term><listitem> | 
|---|
| 575 | <para> | 
|---|
| 576 | Sometimes it seems that there is not a good place for certain odds and ends that | 
|---|
| 577 | impact Samba deployment. Some readers would argue that everyone can be expected | 
|---|
| 578 | to know this information, or at least be able to find it easily. So to avoid | 
|---|
| 579 | offending a reader's sensitivities, the tid-bits have been placed in this chapter. | 
|---|
| 580 | Do check out the contents, you may find something of value among the loose ends. | 
|---|
| 581 | </para> | 
|---|
| 582 | </listitem> | 
|---|
| 583 | </varlistentry> | 
|---|
| 584 |  | 
|---|
| 585 | <varlistentry> | 
|---|
| 586 | <term>Chapter 16 &smbmdash; Windows Networking Primer.</term><listitem> | 
|---|
| 587 | <para> | 
|---|
| 588 | Here we cover practical exercises to help us to understand how MS Windows | 
|---|
| 589 | network protocols function. A network protocol analyzer helps you to | 
|---|
| 590 | appreciate the fact that Windows networking is highly dependent on broadcast | 
|---|
| 591 | messaging. Additionally, you can look into network packets that a Windows | 
|---|
| 592 | client sends to a network server to set up a network connection. On completion, | 
|---|
| 593 | you should have a basic understanding of how network browsing functions and | 
|---|
| 594 | have seen some of the information a Windows client sends to | 
|---|
| 595 | a file and print server to create a connection over which file and print | 
|---|
| 596 | operations may take place. | 
|---|
| 597 | </para> | 
|---|
| 598 | </listitem> | 
|---|
| 599 | </varlistentry> | 
|---|
| 600 |  | 
|---|
| 601 | </variablelist> | 
|---|
| 602 |  | 
|---|
| 603 | </sect1> | 
|---|
| 604 |  | 
|---|
| 605 | <!-- the conventions used in this book --> | 
|---|
| 606 | <xi:include href="conventions.xml" xmlns:xi="http://www.w3.org/2003/XInclude" /> | 
|---|
| 607 |  | 
|---|
| 608 | </preface> | 
|---|
| 609 |  | 
|---|