- Timestamp:
- May 23, 2008, 6:56:41 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/docs/htmldocs/Samba3-ByExample/Big500users.html
r44 r134 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href=" samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id330645">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id330675">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id330756">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id330784">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id330961">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id330980">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id331694">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id332210">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id335273">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id335326">Questions and Answers</a></span></dt></dl></div><p>2 The Samba-3 networking you explored in <a href="secure.html" title="Chapter 3. Secure Office Networking">???</a> covers the finer points of1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id353553">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id353583">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id353662">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id353690">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id353866">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id353886">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id354601">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id355116">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id358090">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id358142">Questions and Answers</a></span></dt></dl></div><p> 2 The Samba-3 networking you explored in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a> covers the finer points of 3 3 configuration of peripheral services such as DHCP and DNS, and WINS. You experienced 4 4 implementation of a simple configuration of the services that are important adjuncts … … 15 15 so far in this book have focused on implementation of the simplest printing processes 16 16 involving no print job processing intelligence. In this chapter, you maintain 17 that same approach to printing, but <a href="happy.html" title="Chapter 5. Making Happy Users">???</a> presents an opportunity17 that same approach to printing, but <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a> presents an opportunity 18 18 to make printing more complex for the administrator while making it easier for the user. 19 19 </p><p> 20 <a class="indexterm" name="id3 30592"></a>21 <a class="indexterm" name="id3 30598"></a>22 <a class="indexterm" name="id3 30605"></a>23 <a href="secure.html" title="Chapter 3. Secure Office Networking">???</a> demonstrates operation of a DHCP server and a DNS server20 <a class="indexterm" name="id353500"></a> 21 <a class="indexterm" name="id353506"></a> 22 <a class="indexterm" name="id353513"></a> 23 <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a> demonstrates operation of a DHCP server and a DNS server 24 24 as well as a central WINS server. You validated the operation of these services and 25 25 saw an effective implementation of a Samba domain controller using the … … 42 42 You should take the opportunity to innovate and expand on the methods presented 43 43 here and explore them to the fullest. 44 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 30645"></a>Introduction</h2></div></div></div><p>44 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id353553"></a>Introduction</h2></div></div></div><p> 45 45 Business continues to go well for Abmas. Mr. Meany is driving your success and the 46 46 network continues to grow thanks to the hard work Christine has done. You recently … … 67 67 it is rolled out. Your strategy is to complete the new network so that it 68 68 is ready for operation when the old office moves into the new premises. 69 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 30675"></a>Assignment Tasks</h3></div></div></div><p>69 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id353583"></a>Assignment Tasks</h3></div></div></div><p> 70 70 The acquired business had 280 network users. The old Abmas building housed 71 71 220 network users in unbelievably cramped conditions. The network that … … 108 108 every four months. They automatically roll that out to each desktop system. 109 109 You must keep DirectPointe informed of all changes. 110 </p><p><a class="indexterm" name="id3 30732"></a>110 </p><p><a class="indexterm" name="id353637"></a> 111 111 The new network has a single Samba Primary Domain Controller (PDC) located in the 112 112 Network Operation Center (NOC). Buildings 1 and 2 each have a local server … … 116 116 Printing is based on raw pass-through facilities just as it has been used so far. 117 117 All printer drivers are installed on the desktop and notebook computers. 118 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 30756"></a>Dissection and Discussion</h2></div></div></div><p>119 <a class="indexterm" name="id3 30764"></a>118 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id353662"></a>Dissection and Discussion</h2></div></div></div><p> 119 <a class="indexterm" name="id353670"></a> 120 120 The example you are building in this chapter is of a network design that works, but this 121 121 does not make it a design that is recommended. As a general rule, there should be at least … … 127 127 responsiveness. This network will have 500 clients serviced by one central domain 128 128 controller. This is not a good omen for user satisfaction. You, of course, address this 129 very soon (see <a href="happy.html" title="Chapter 5. Making Happy Users">???</a>).130 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 30784"></a>Technical Issues</h3></div></div></div><p>129 very soon (see <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>). 130 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id353690"></a>Technical Issues</h3></div></div></div><p> 131 131 Stan has talked you into a horrible compromise, but it is addressed. Just make 132 132 certain that the performance of this network is well validated before going live. … … 134 134 Design decisions made in this design include the following: 135 135 </p><div class="itemizedlist"><ul type="disc"><li><p> 136 <a class="indexterm" name="id3 30804"></a>137 <a class="indexterm" name="id3 30811"></a>138 <a class="indexterm" name="id3 30817"></a>136 <a class="indexterm" name="id353710"></a> 137 <a class="indexterm" name="id353716"></a> 138 <a class="indexterm" name="id353723"></a> 139 139 A single PDC is being implemented. This limitation is based on the choice not to 140 140 use LDAP. Many network administrators fear using LDAP because of the perceived … … 142 142 identity management as well as to store network access credentials. 143 143 </p></li><li><p> 144 <a class="indexterm" name="id3 30831"></a>145 <a class="indexterm" name="id3 30838"></a>144 <a class="indexterm" name="id353737"></a> 145 <a class="indexterm" name="id353744"></a> 146 146 Because of the refusal to use an LDAP (ldapsam) passdb backend at this time, the 147 147 only choice that makes sense with 500 users is to use the tdbsam passwd backend. … … 157 157 integrity of operations considerations. 158 158 </p></li><li><p> 159 <a class="indexterm" name="id3 30872"></a>159 <a class="indexterm" name="id353778"></a> 160 160 A single central WINS server is being used. The PDC is also the WINS server. 161 161 Any attempt to operate a routed network without a WINS server while using NetBIOS … … 168 168 why a single WINS server is being implemented. This should work without a problem. 169 169 </p></li><li><p> 170 <a class="indexterm" name="id3 30904"></a>170 <a class="indexterm" name="id353810"></a> 171 171 BDCs make use of <code class="literal">winbindd</code> to provide 172 172 access to domain security credentials for file system access and object storage. 173 173 </p></li><li><p> 174 <a class="indexterm" name="id3 30922"></a>175 <a class="indexterm" name="id3 30931"></a>174 <a class="indexterm" name="id353828"></a> 175 <a class="indexterm" name="id353837"></a> 176 176 Configuration of Windows XP Professional clients is achieved using DHCP. Each 177 177 subnet has its own DHCP server. Backup DHCP serving is provided by one … … 189 189 each subnet. If in the future more addresses are required, it would make sense 190 190 to add further subnets rather than change addressing. 191 </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 30961"></a>Political Issues</h3></div></div></div><p>191 </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id353866"></a>Political Issues</h3></div></div></div><p> 192 192 This case gets close to the real world. You and I know the right way to implement 193 193 domain control. Politically, we have to navigate a minefield. In this case, the need is to 194 194 get the PDC rolled out in compliance with expectations and also to be ready to save the day 195 195 by having the real solution ready before it is needed. That real solution is presented in 196 <a href="happy.html" title="Chapter 5. Making Happy Users">???</a>.197 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 30980"></a>Implementation</h2></div></div></div><p>196 <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>. 197 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id353886"></a>Implementation</h2></div></div></div><p> 198 198 The following configuration process begins following installation of Red Hat Fedora Core2 on the 199 three servers shown in the network topology diagram in <a href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">???</a>. You have199 three servers shown in the network topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">“Network Topology 500 User Network Using tdbsam passdb backend.”</a>. You have 200 200 selected hardware that is appropriate to the task. 201 201 </p><div class="figure"><a name="chap05net"></a><p class="title"><b>Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap5-net.png" width="270" alt="Network Topology 500 User Network Using tdbsam passdb backend."></div></div></div><br class="figure-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-dnshcp-setup"></a>Installation of DHCP, DNS, and Samba Control Files</h3></div></div></div><p> 202 202 Carefully install the configuration files into the correct locations as shown in 203 <a href="Big500users.html#ch5-filelocations" title="Table 4.1. Domain: MEGANET, File Locations for Servers">???</a>. You should validate that the full file path is203 <a class="link" href="Big500users.html#ch5-filelocations" title="Table 4.1. Domain: MEGANET, File Locations for Servers">“Domain: MEGANET, File Locations for Servers”</a>. You should validate that the full file path is 204 204 correct as shown. 205 205 </p><p> 206 206 The abbreviation shown in this table as <code class="constant">{VLN}</code> refers to 207 207 the directory location beginning with <code class="filename">/var/lib/named</code>. 208 </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">???</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">???</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">???</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">???</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">???</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">???</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">???</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">???</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">???</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">???</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">???</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">???</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">???</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">???</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">???</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">???</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">???</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">???</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">???</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id331694"></a>Server Preparation: All Servers</h3></div></div></div><p>208 </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">“Server: MASSIVE (PDC), File: /etc/samba/smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">“Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf”</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">“Common Samba Configuration File: /etc/samba/common.conf”</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">“Server: BLDG1 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">“Server: BLDG2 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">“Common Domain Member Include File: dom-mem.conf”</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">“Server: MASSIVE, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">“Server: BLDG1, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">“Server: BLDG2, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">“Server: MASSIVE, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">“Server: MASSIVE, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">“Server: MASSIVE, File: named.conf, Part: C”</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">“Servers: BLDG1/BLDG2, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">“Servers: BLDG1/BLDG2, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id354601"></a>Server Preparation: All Servers</h3></div></div></div><p> 209 209 The following steps apply to all servers. Follow each step carefully. 210 </p><div class="procedure"><a name="id3 31704"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol type="1"><li><p>210 </p><div class="procedure"><a name="id354610"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol type="1"><li><p> 211 211 Using the UNIX/Linux system tools, set the name of the server as shown in the network 212 topology diagram in <a href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">???</a>. For SUSE Linux products, the tool212 topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">“Network Topology 500 User Network Using tdbsam passdb backend.”</a>. For SUSE Linux products, the tool 213 213 that permits this is called <code class="literal">yast2</code>; for Red Hat Linux products, 214 214 you can use the <code class="literal">netcfg</code> tool. … … 222 222 </pre><p> 223 223 </p></li><li><p> 224 <a class="indexterm" name="id3 31765"></a>225 <a class="indexterm" name="id3 31772"></a>224 <a class="indexterm" name="id354671"></a> 225 <a class="indexterm" name="id354678"></a> 226 226 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses 227 227 of all network interfaces that are on the host server. This is necessary so that during … … 231 231 should also include an entry for the printers in the <code class="filename">/etc/hosts</code> file. 232 232 </p></li><li><p> 233 <a class="indexterm" name="id3 31807"></a>233 <a class="indexterm" name="id354713"></a> 234 234 All DNS name resolution should be handled locally. To ensure that the server is configured 235 235 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> so it has the following … … 242 242 that is running locally to resolve names to addresses. 243 243 </p></li><li><p> 244 <a class="indexterm" name="id3 31835"></a>245 <a class="indexterm" name="id3 31842"></a>244 <a class="indexterm" name="id354741"></a> 245 <a class="indexterm" name="id354748"></a> 246 246 Add the <code class="constant">root</code> user to the password backend: 247 247 </p><pre class="screen"> … … 256 256 without considerable trouble. 257 257 </p></li><li><p> 258 <a class="indexterm" name="id3 31883"></a>259 <a class="indexterm" name="id3 31890"></a>258 <a class="indexterm" name="id354790"></a> 259 <a class="indexterm" name="id354796"></a> 260 260 Create the username map file to permit the <code class="constant">root</code> account to be called 261 261 <code class="constant">Administrator</code> from the Windows network environment. To do this, create … … 289 289 in both the forward lookup database for the zone <code class="constant">abmas.biz.hosts</code> 290 290 and in the reverse lookup database for the network segment that the printer is 291 located in. Example configuration files for similar zones were presented in <a href="secure.html" title="Chapter 3. Secure Office Networking">???</a>,292 <a href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">???</a> and <a href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">???</a>.291 located in. Example configuration files for similar zones were presented in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a>, 292 <a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">“DNS Abmas.biz Forward Zone File”</a> and <a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">“DNS 192.168.2 Reverse Zone File”</a>. 293 293 </p></li><li><p> 294 294 Follow the instructions in the printer manufacturer's manuals to permit printing 295 295 to port 9100. Use any other port the manufacturer specifies for direct mode, 296 296 raw printing. This allows the CUPS spooler to print using raw mode protocols. 297 <a class="indexterm" name="id3 31970"></a>298 <a class="indexterm" name="id3 31977"></a>299 </p></li><li><p> 300 <a class="indexterm" name="id3 31990"></a>297 <a class="indexterm" name="id354876"></a> 298 <a class="indexterm" name="id354883"></a> 299 </p></li><li><p> 300 <a class="indexterm" name="id354896"></a> 301 301 Only on the server to which the printer is attached configure the CUPS Print 302 302 Queues as follows: … … 304 304 <code class="prompt">root# </code> lpadmin -p <em class="parameter"><code>printque</code></em> -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E 305 305 </pre><p> 306 <a class="indexterm" name="id3 32024"></a>306 <a class="indexterm" name="id354930"></a> 307 307 This step creates the necessary print queue to use no assigned print filter. This 308 308 is ideal for raw printing, that is, printing without use of filters. … … 324 324 </pre><p> 325 325 </p></li><li><p> 326 <a class="indexterm" name="id3 32097"></a>327 <a class="indexterm" name="id3 32103"></a>328 <a class="indexterm" name="id3 32110"></a>326 <a class="indexterm" name="id355003"></a> 327 <a class="indexterm" name="id355010"></a> 328 <a class="indexterm" name="id355016"></a> 329 329 This step, as well as the next one, may be omitted where CUPS version 1.1.18 330 330 or later is in use. Although it does no harm to follow it anyway, and may … … 337 337 </pre><p> 338 338 </p></li><li><p> 339 <a class="indexterm" name="id3 32142"></a>339 <a class="indexterm" name="id355049"></a> 340 340 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line: 341 341 </p><pre class="screen"> … … 353 353 replicated using a tool such as <code class="literal">rsync</code>. Refer to the man 354 354 page for <code class="literal">rsync</code> for details regarding use. The notes in 355 <a href="secure.html#ch4appscfg" title="Application Share Configuration">???</a> may help in your decisions to use an application355 <a class="link" href="secure.html#ch4appscfg" title="Application Share Configuration">“Application Share Configuration”</a> may help in your decisions to use an application 356 356 server facility. 357 357 </p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> … … 360 360 is considerably more difficult when a single PDC is used on a routed network. It can be done, but not 361 361 as elegantly as you see in the next chapter. 362 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 32210"></a>Server-Specific Preparation</h3></div></div></div><p>362 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id355116"></a>Server-Specific Preparation</h3></div></div></div><p> 363 363 There are some steps that apply to particular server functionality only. Each step is critical 364 364 to correct server operation. The following step-by-step installation guidance will assist you 365 365 in working through the process of configuring the PDC and then both BDC's. 366 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3 32221"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p>366 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id355127"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p> 367 367 The steps presented here attempt to implement Samba installation in a generic manner. While 368 368 some steps are clearly specific to Linux, it should not be too difficult to apply them to 369 369 your platform of choice. 370 </p><div class="procedure"><a name="id3 32234"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol type="1"><li><p>371 <a class="indexterm" name="id3 32245"></a>372 <a class="indexterm" name="id3 32252"></a>370 </p><div class="procedure"><a name="id355140"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol type="1"><li><p> 371 <a class="indexterm" name="id355152"></a> 372 <a class="indexterm" name="id355158"></a> 373 373 The host server acts as a router between the two internal network segments as well 374 374 as for all Internet access. This necessitates that IP forwarding be enabled. This can be … … 398 398 <code class="filename">/etc/rc.d/init.d/rc.local</code>. 399 399 </p></li><li><p> 400 <a class="indexterm" name="id3 32330"></a>400 <a class="indexterm" name="id355236"></a> 401 401 The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 402 402 This file controls the operation of the various resolver libraries that are part of the Linux … … 406 406 </pre><p> 407 407 </p></li><li><p> 408 <a class="indexterm" name="id3 32357"></a>408 <a class="indexterm" name="id355264"></a> 409 409 Create and map Windows domain groups to UNIX groups. A sample script is provided in 410 <a href="Big500users.html#ch5-initgrps" title="Example 4.17. Initialize Groups Script, File: /etc/samba/initGrps.sh">???</a>. Create a file containing this script. You called yours410 <a class="link" href="Big500users.html#ch5-initgrps" title="Example 4.17. Initialize Groups Script, File: /etc/samba/initGrps.sh">“Initialize Groups Script, File: /etc/samba/initGrps.sh”</a>. Create a file containing this script. You called yours 411 411 <code class="filename">/etc/samba/initGrps.sh</code>. Set this file so it can be executed 412 412 and then execute the script. An example of the execution of this script as well as its 413 413 validation are shown in Section 4.3.2, Step 5. 414 414 </p></li><li><p> 415 <a class="indexterm" name="id3 32386"></a>416 <a class="indexterm" name="id3 32392"></a>417 <a class="indexterm" name="id3 32402"></a>415 <a class="indexterm" name="id355292"></a> 416 <a class="indexterm" name="id355299"></a> 417 <a class="indexterm" name="id355308"></a> 418 418 For each user who needs to be given a Windows domain account, make an entry in the 419 419 <code class="filename">/etc/passwd</code> file as well as in the Samba password backend. … … 421 421 <code class="literal">smbpasswd</code> to create a domain user account. 422 422 </p><p> 423 <a class="indexterm" name="id3 32426"></a>424 <a class="indexterm" name="id3 32433"></a>425 <a class="indexterm" name="id3 32439"></a>423 <a class="indexterm" name="id355332"></a> 424 <a class="indexterm" name="id355339"></a> 425 <a class="indexterm" name="id355346"></a> 426 426 There are a number of tools for user management under UNIX, such as 427 427 <code class="literal">useradd</code>, <code class="literal">adduser</code>, as well as a plethora of custom … … 436 436 file system partition using appropriate system tools. 437 437 </p></li><li><p> 438 <a class="indexterm" name="id3 32498"></a>438 <a class="indexterm" name="id355404"></a> 439 439 Create the top-level file storage directories for data and applications as follows: 440 440 </p><pre class="screen"> … … 476 476 </pre><p> 477 477 </p></li><li><p> 478 <a class="indexterm" name="id3 32690"></a>479 <a class="indexterm" name="id3 32697"></a>478 <a class="indexterm" name="id355597"></a> 479 <a class="indexterm" name="id355604"></a> 480 480 Create a logon script. It is important that each line is correctly terminated with 481 481 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure … … 510 510 You do, of course, use a valid user login ID in place of <em class="parameter"><code>username</code></em>. 511 511 </p></li><li><p> 512 Follow the processes shown in <a href="Big500users.html#ch5-procstart" title="Process Startup Configuration">???</a> to start all services.512 Follow the processes shown in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">“Process Startup Configuration”</a> to start all services. 513 513 </p></li><li><p> 514 514 Your server is ready for validation testing. Do not proceed with the steps in 515 <a href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">???</a> until after the operation of the server has been516 validated following the same methods as outlined in <a href="secure.html" title="Chapter 3. Secure Office Networking">???</a>, <a href="secure.html#ch4valid" title="Validation">???</a>.515 <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">“Configuration Specific to Domain Member Servers: BLDG1, BLDG2”</a> until after the operation of the server has been 516 validated following the same methods as outlined in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a>, <a class="link" href="secure.html#ch4valid" title="Validation">“Validation”</a>. 517 517 </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="ch5-domsvrspec"></a>Configuration Specific to Domain Member Servers: <code class="constant">BLDG1, BLDG2</code></h4></div></div></div><p> 518 518 The following steps will guide you through the nuances of implementing BDCs for the broadcast 519 519 isolated network segments. Remember that if the target installation platform is not Linux, it may 520 520 be necessary to adapt some commands to the equivalent on the target platform. 521 </p><div class="procedure"><a name="id3 32869"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol type="1"><li><p>522 <a class="indexterm" name="id3 32880"></a>521 </p><div class="procedure"><a name="id355775"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol type="1"><li><p> 522 <a class="indexterm" name="id355786"></a> 523 523 The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 524 524 This file controls the operation of the various resolver libraries that are part of the Linux … … 530 530 </pre><p> 531 531 </p></li><li><p> 532 Follow the steps outlined in <a href="Big500users.html#ch5-procstart" title="Process Startup Configuration">???</a> to start all services. Do not532 Follow the steps outlined in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">“Process Startup Configuration”</a> to start all services. Do not 533 533 start Samba at this time. Samba is controlled by the process called <code class="literal">smb</code>. 534 534 </p></li><li><p> 535 <a class="indexterm" name="id3 32927"></a>535 <a class="indexterm" name="id355833"></a> 536 536 You must now attempt to join the domain member servers to the domain. The following 537 537 instructions should be executed to effect this: … … 540 540 </pre><p> 541 541 </p></li><li><p> 542 <a class="indexterm" name="id3 32958"></a>542 <a class="indexterm" name="id355864"></a> 543 543 You now start the Samba services by executing: 544 544 </p><pre class="screen"> … … 547 547 </p></li><li><p> 548 548 Your server is ready for validation testing. Do not proceed with the steps in 549 <a href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">???</a> until after the operation of the server has been550 validated following the same methods as outlined in <a href="secure.html#ch4valid" title="Validation">???</a>.551 </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id3 33040"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id333052"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id333065"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id333077"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333090"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id333102"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id333115"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id333128"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id333140"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id333153"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id333166"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id333179"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id333192"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333205"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333217"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id333239"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id333252"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id333264"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id333286"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id333298"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id333311"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id333332"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id333345"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id333357"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id333405"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id333418"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id333431"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id333443"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id333456"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id333469"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id333481"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333494"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333506"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id333528"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id333540"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id333553"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id333566"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id333587"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id333600"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id333612"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333625"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id333646"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id333659"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id333672"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id333684"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id333728"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id333741"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id333753"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id333766"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id333779"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id333791"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id333804"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id333816"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333829"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id333841"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id333854"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id333867"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id333880"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333892"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id333905"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id333917"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id333930"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id333943"></a><em class="parameter"><code>include = </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id333968"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id333981"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id333993"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id334006"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id334018"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id334031"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id334043"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id334065"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id334077"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id334090"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id334102"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id334145"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id334158"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id334170"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id334214"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id334226"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id334239"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id334282"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id334295"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id334307"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id334320"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id334333"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id334345"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id334358"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen">549 <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">“Configuration Specific to Domain Member Servers: BLDG1, BLDG2”</a> until after the operation of the server has been 550 validated following the same methods as outlined in <a class="link" href="secure.html#ch4valid" title="Validation">“Validation”</a>. 551 </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id355946"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id355957"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id355969"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id355980"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id355992"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id356003"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id356015"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id356026"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id356038"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id356050"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id356062"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id356074"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id356086"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356097"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356109"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id356129"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id356141"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id356152"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id356173"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id356184"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id356196"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id356216"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id356228"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id356239"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id356286"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id356298"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id356309"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id356321"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id356332"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id356344"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id356355"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356367"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356378"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id356399"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id356410"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id356422"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356433"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id356454"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id356465"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id356477"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356488"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id356509"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id356520"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id356532"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id356543"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id356586"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id356598"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id356610"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id356621"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id356633"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id356644"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id356656"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id356667"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356679"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id356690"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id356702"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id356713"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id356725"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356737"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356748"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id356760"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id356771"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id356783"></a><em class="parameter"><code>include = </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id356807"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id356819"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id356830"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356842"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356853"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356864"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id356876"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id356896"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id356908"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id356919"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id356931"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id356973"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id356984"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id356996"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id357038"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id357049"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id357061"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id357103"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id357114"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id357126"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id357138"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id357149"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id357161"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id357172"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen"> 552 552 # Abmas Accounting Inc. 553 553 … … 899 899 net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d 900 900 </pre></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p> 901 <a class="indexterm" name="id3 34644"></a>902 <a class="indexterm" name="id3 34650"></a>901 <a class="indexterm" name="id357460"></a> 902 <a class="indexterm" name="id357467"></a> 903 903 There are two essential steps to process startup configuration. A process 904 904 must be configured so that it is automatically restarted each time the server … … 909 909 necessary start or kill script is run. 910 910 </p><p> 911 <a class="indexterm" name="id3 34682"></a>911 <a class="indexterm" name="id357499"></a> 912 912 In the event that a service is provided not as a daemon but via the internetworking 913 913 super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code> … … 919 919 are for a Red Hat Linux system, please adapt them to suit the target OS platform on which you 920 920 are installing Samba. 921 </p><div class="procedure"><a name="id3 34722"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol type="1"><li><p>921 </p><div class="procedure"><a name="id357538"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol type="1"><li><p> 922 922 Use the standard system tool to configure each service to restart 923 923 automatically at every system reboot. For example, 924 <a class="indexterm" name="id3 34734"></a>924 <a class="indexterm" name="id357551"></a> 925 925 </p><pre class="screen"> 926 926 <code class="prompt">root# </code> chkconfig dhpc on … … 931 931 </pre><p> 932 932 </p></li><li><p> 933 <a class="indexterm" name="id3 34783"></a>934 <a class="indexterm" name="id3 34790"></a>935 <a class="indexterm" name="id3 34797"></a>933 <a class="indexterm" name="id357600"></a> 934 <a class="indexterm" name="id357607"></a> 935 <a class="indexterm" name="id357613"></a> 936 936 Now start each service to permit the system to be validated. 937 937 Execute each of the following in the sequence shown: … … 947 947 The procedure for desktop client configuration for the network in this chapter is similar to 948 948 that used for the previous one. There are a few subtle changes that should be noted. 949 </p><div class="procedure"><a name="id3 34858"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol type="1"><li><p>949 </p><div class="procedure"><a name="id357674"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol type="1"><li><p> 950 950 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 951 951 TCP/IP protocol configuration. 952 <a class="indexterm" name="id3 34870"></a>953 <a class="indexterm" name="id3 34877"></a>952 <a class="indexterm" name="id357686"></a> 953 <a class="indexterm" name="id357693"></a> 954 954 DHCP configures all Windows clients to use the WINS Server address that has been defined 955 955 for the local subnet. … … 958 958 username <code class="constant">root</code> and the SMB password you assigned to this account. 959 959 A detailed step-by-step procedure for joining a Windows 200x/XP Professional client to 960 a Windows domain is given in <a href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">???</a>, <a href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">???</a>.960 a Windows domain is given in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">“A Collection of Useful Tidbits”</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">“Joining a Domain: Windows 200x/XP Professional”</a>. 961 961 Reboot the machine as prompted and then log on using the domain administrator account 962 962 (<code class="constant">root</code>). … … 986 986 Install printers on each machine using the following steps: 987 987 988 </p><div class="procedure"><a name="id3 34992"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol type="1"><li><p>988 </p><div class="procedure"><a name="id357809"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol type="1"><li><p> 989 989 Click <span class="guimenu">Start</span> → <span class="guimenuitem">Settings</span> → <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>. 990 990 Ensure that <span class="guimenuitem">Local printer</span> is selected. … … 1033 1033 </p></li><li><p> 1034 1034 Log onto the machine as the local Administrator (the only option), and join the machine to 1035 the domain following the procedure set out in <a href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">???</a>, <a href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">???</a>. You must now set the1035 the domain following the procedure set out in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">“A Collection of Useful Tidbits”</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">“Joining a Domain: Windows 200x/XP Professional”</a>. You must now set the 1036 1036 persistent drive mapping to the applications server that the user is to use. The system is now 1037 1037 ready for the user to log on, provided you have created a network logon account for that … … 1039 1039 </p></li><li><p> 1040 1040 Instruct all users to log onto the workstation using their assigned username and password. 1041 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 35273"></a>Key Points Learned</h3></div></div></div><p>1041 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id358090"></a>Key Points Learned</h3></div></div></div><p> 1042 1042 The network you have just deployed has been a valuable exercise in forced constraint. 1043 1043 You have deployed a network that works well, although you may soon start to see 1044 performance problems, at which time the modifications demonstrated in <a href="happy.html" title="Chapter 5. Making Happy Users">???</a>1044 performance problems, at which time the modifications demonstrated in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a> 1045 1045 bring the network to life. The following key learning points were experienced: 1046 1046 </p><div class="itemizedlist"><ul type="disc"><li><p> … … 1055 1055 </p></li><li><p> 1056 1056 The introduction of roaming profiles 1057 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 35326"></a>Questions and Answers</h2></div></div></div><p>1058 </p><div class="qandaset"><dl><dt> <a href="Big500users.html#id3 35341">1057 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id358142"></a>Questions and Answers</h2></div></div></div><p> 1058 </p><div class="qandaset"><dl><dt> <a href="Big500users.html#id358158"> 1059 1059 The example smb.conf files in this chapter make use of the include facility. 1060 1060 How may I get to see what the actual working smb.conf settings are? 1061 </a></dt><dt> <a href="Big500users.html#id3 35388">1061 </a></dt><dt> <a href="Big500users.html#id358205"> 1062 1062 Why does the include file common.conf have an empty include statement? 1063 </a></dt><dt> <a href="Big500users.html#id3 35445">1063 </a></dt><dt> <a href="Big500users.html#id358262"> 1064 1064 I accept that the simplest configuration necessary to do the job is the best. The use of tdbsam 1065 1065 passdb backend is much simpler than having to manage an LDAP-based ldapsam passdb backend. 1066 1066 I tried using rsync to replicate the passdb.tdb, and it seems to work fine! 1067 1067 So what is the problem? 1068 </a></dt><dt> <a href="Big500users.html#id3 35495">1068 </a></dt><dt> <a href="Big500users.html#id358312"> 1069 1069 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash? 1070 </a></dt><dt> <a href="Big500users.html#id3 35520">1070 </a></dt><dt> <a href="Big500users.html#id358337"> 1071 1071 How does the Windows client find the PDC? 1072 </a></dt><dt> <a href="Big500users.html#id3 35540">1072 </a></dt><dt> <a href="Big500users.html#id358356"> 1073 1073 Why did you enable IP forwarding (routing) only on the server called MASSIVE? 1074 </a></dt><dt> <a href="Big500users.html#id3 35567">1074 </a></dt><dt> <a href="Big500users.html#id358383"> 1075 1075 You did nothing special to implement roaming profiles. Why? 1076 </a></dt><dt> <a href="Big500users.html#id3 35585">1076 </a></dt><dt> <a href="Big500users.html#id358401"> 1077 1077 On the domain member computers, you configured winbind in the /etc/nsswitch.conf file. 1078 1078 You did not configure any PAM settings. Is this an omission? 1079 </a></dt><dt> <a href="Big500users.html#id3 35612">1079 </a></dt><dt> <a href="Big500users.html#id358428"> 1080 1080 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this? 1081 </a></dt><dt> <a href="Big500users.html#id3 35648">1081 </a></dt><dt> <a href="Big500users.html#id358465"> 1082 1082 The domain controller has an auto-shutdown script. Isn't that dangerous? 1083 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id3 35341"></a><a name="id335343"></a></td><td align="left" valign="top"><p>1083 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id358158"></a><a name="id358160"></a></td><td align="left" valign="top"><p> 1084 1084 The example <code class="filename">smb.conf</code> files in this chapter make use of the <em class="parameter"><code>include</code></em> facility. 1085 1085 How may I get to see what the actual working <code class="filename">smb.conf</code> settings are? … … 1089 1089 <code class="prompt">root# </code> testparm -s | less 1090 1090 </pre><p> 1091 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35388"></a><a name="id335390"></a></td><td align="left" valign="top"><p>1091 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358205"></a><a name="id358207"></a></td><td align="left" valign="top"><p> 1092 1092 Why does the include file <code class="filename">common.conf</code> have an empty include statement? 1093 1093 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1102 1102 the include in place, even though the file it points to has already been included. This is a bug 1103 1103 that will be fixed at a future date. 1104 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35445"></a><a name="id335447"></a></td><td align="left" valign="top"><p>1104 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358262"></a><a name="id358264"></a></td><td align="left" valign="top"><p> 1105 1105 I accept that the simplest configuration necessary to do the job is the best. The use of <em class="parameter"><code>tdbsam</code></em> 1106 1106 passdb backend is much simpler than having to manage an LDAP-based <em class="parameter"><code>ldapsam</code></em> passdb backend. … … 1112 1112 to log onto the network following a reboot and may have to rejoin the domain to recover network 1113 1113 access capability. 1114 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35495"></a><a name="id335497"></a></td><td align="left" valign="top"><p>1114 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358312"></a><a name="id358314"></a></td><td align="left" valign="top"><p> 1115 1115 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash? 1116 1116 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1121 1121 The only exception to this rule is when the client makes a directed request from a specific DHCP server 1122 1122 for renewal of the lease it has. This means that under normal circumstances there is no risk of a clash. 1123 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35520"></a><a name="id335522"></a></td><td align="left" valign="top"><p>1123 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358337"></a><a name="id358339"></a></td><td align="left" valign="top"><p> 1124 1124 How does the Windows client find the PDC? 1125 1125 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1128 1128 to register itself with the WINS server and to obtain enumeration of vital network information to 1129 1129 enable it to operate successfully. 1130 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35540"></a><a name="id335542"></a></td><td align="left" valign="top"><p>1130 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358356"></a><a name="id358358"></a></td><td align="left" valign="top"><p> 1131 1131 Why did you enable IP forwarding (routing) only on the server called <code class="constant">MASSIVE</code>? 1132 1132 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1135 1135 Route table entries are needed to direct MASSIVE to send all traffic intended for the remote network 1136 1136 segments to the router that is its gateway to them. 1137 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35567"></a><a name="id335569"></a></td><td align="left" valign="top"><p>1137 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358383"></a><a name="id358386"></a></td><td align="left" valign="top"><p> 1138 1138 You did nothing special to implement roaming profiles. Why? 1139 1139 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 1140 1140 Unless configured to do otherwise, the default behavior with Samba-3 and Windows XP Professional 1141 1141 clients is to use roaming profiles. 1142 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35585"></a><a name="id335587"></a></td><td align="left" valign="top"><p>1142 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358401"></a><a name="id358404"></a></td><td align="left" valign="top"><p> 1143 1143 On the domain member computers, you configured winbind in the <code class="filename">/etc/nsswitch.conf</code> file. 1144 1144 You did not configure any PAM settings. Is this an omission? … … 1149 1149 to enable the use of winbind. Samba makes use only of the identity resolution facilities of the name 1150 1150 service switch (NSS). 1151 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35612"></a><a name="id335614"></a></td><td align="left" valign="top"><p>1151 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358428"></a><a name="id358431"></a></td><td align="left" valign="top"><p> 1152 1152 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this? 1153 1153 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1158 1158 file but leaves in place a broken reference to the top-layer include file. SWAT was not designed to 1159 1159 handle this functionality gracefully. 1160 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 35648"></a><a name="id335650"></a></td><td align="left" valign="top"><p>1160 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id358465"></a><a name="id358467"></a></td><td align="left" valign="top"><p> 1161 1161 The domain controller has an auto-shutdown script. Isn't that dangerous? 1162 1162 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
Note:
See TracChangeset
for help on using the changeset viewer.
