- Timestamp:
- May 23, 2008, 6:56:41 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/docs/htmldocs/Samba3-ByExample/secure.html
r44 r134 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href=" samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id324364">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id324404">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id324626">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id324638">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id325007">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id325041">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id325866">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id330151">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id330204">Questions and Answers</a></span></dt></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id347711">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id347745">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id347954">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id347966">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id348311">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id348344">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id349099">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id353060">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id353113">Questions and Answers</a></span></dt></dl></div><p> 2 2 Congratulations, your Samba networking skills are developing nicely. You started out 3 with three simple networks in <a href="simple.html" title="Chapter 1. No-Frills Samba Servers">???</a>, and then in <a href="small.html" title="Chapter 2. Small Office Networking">???</a>3 with three simple networks in <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">“No-Frills Samba Servers”</a>, and then in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a> 4 4 you designed and built a network that provides a high degree of flexibility, integrity, 5 5 and dependability. It was enough for the basic needs each was designed to fulfill. In … … 12 12 To avoid confusion, this book is all about Samba-3. Let's get the exercises in this 13 13 chapter underway. 14 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 24364"></a>Introduction</h2></div></div></div><p>14 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id347711"></a>Introduction</h2></div></div></div><p> 15 15 You have made Mr. Meany a very happy man. Recently he paid you a fat bonus for work 16 16 well done. It is one year since the last network upgrade. You have been quite busy. … … 41 41 about your move, she almost resigned, although she was reassured that a new manager would 42 42 be hired to run Information Technology, and she would be responsible only for operations. 43 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 24404"></a>Assignment Tasks</h3></div></div></div><p>43 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id347745"></a>Assignment Tasks</h3></div></div></div><p> 44 44 You promised the staff Internet services including Web browsing, electronic mail, virus 45 45 protection, and a company Web site. Christine is eager to help turn the vision into … … 59 59 and a 10 Mb/sec ethernet port. You registered the domain 60 60 <code class="constant">abmas.us</code>, and the Internet Service Provider (ISP) is supplying 61 secondary DNS. Information furnished by your ISP is shown in <a href="secure.html#chap4netid" title="Table 3.1. Abmas.US ISP Information">???</a>.61 secondary DNS. Information furnished by your ISP is shown in <a class="link" href="secure.html#chap4netid" title="Table 3.1. Abmas.US ISP Information">“Abmas.US ISP Information”</a>. 62 62 </p><p> 63 63 It is of paramount priority that under no circumstances will Samba offer … … 84 84 some problems with desktop computers and software installation into the new users' 85 85 desktop profiles. 86 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 24626"></a>Dissection and Discussion</h2></div></div></div><p>86 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id347954"></a>Dissection and Discussion</h2></div></div></div><p> 87 87 Many of the conclusions you draw here are obvious. Some requirements are not very clear 88 88 or may simply be your means of drawing the most out of Samba-3. Much can be done more simply … … 90 90 users. This means that some functionality will be overdesigned for the current 130-user 91 91 environment. 92 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 24638"></a>Technical Issues</h3></div></div></div><p>92 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id347966"></a>Technical Issues</h3></div></div></div><p> 93 93 In this exercise we use a 24-bit subnet mask for the two local networks. This, 94 94 of course, limits our network to a maximum of 253 usable IP addresses. The network … … 98 98 in the 172.16.0.0/16 range. This is done in subsequent chapters. 99 99 </p><p> 100 <a class="indexterm" name="id3 24653"></a>101 <a class="indexterm" name="id3 24660"></a>100 <a class="indexterm" name="id347981"></a> 101 <a class="indexterm" name="id347987"></a> 102 102 The high growth rates projected are a good reason to use the <code class="constant">tdbsam</code> 103 103 passdb backend. The use of <code class="constant">smbpasswd</code> for the backend may result in … … 105 105 are not available with the older, flat ASCII-based <code class="constant">smbpasswd</code> database. 106 106 </p><p> 107 <a class="indexterm" name="id3 24687"></a>107 <a class="indexterm" name="id348012"></a> 108 108 The proposed network design uses a single server to act as an Internet services host for 109 109 electronic mail, Web serving, remote administrative access via SSH, … … 118 118 directly connected to the Internet. 119 119 </p><p> 120 <a class="indexterm" name="id3 24707"></a>121 <a class="indexterm" name="id3 24714"></a>122 <a class="indexterm" name="id3 24720"></a>123 <a class="indexterm" name="id3 24729"></a>120 <a class="indexterm" name="id348031"></a> 121 <a class="indexterm" name="id348037"></a> 122 <a class="indexterm" name="id348043"></a> 123 <a class="indexterm" name="id348052"></a> 124 124 You know that your ISP is providing full firewall services, but you cannot rely on that. 125 125 Always assume that human error will occur, so be prepared by using Linux firewall facilities … … 132 132 covered except insofar as this affects Samba-3. 133 133 </p><p> 134 <a class="indexterm" name="id3 24754"></a>134 <a class="indexterm" name="id348075"></a> 135 135 Notebook computers are configured to use a network login when in the office and a 136 136 local account to log in while away from the office. Users store all work done in … … 142 142 records. 143 143 </p><p> 144 <a class="indexterm" name="id3 24769"></a>144 <a class="indexterm" name="id348095"></a> 145 145 All applications are served from the central server from a share called <code class="constant">apps</code>. 146 146 Microsoft Office XP Professional and OpenOffice 1.1.0 will be installed using a network … … 149 149 locally installed applications on a need-to-have basis only. 150 150 </p><p> 151 <a class="indexterm" name="id3 24786"></a>151 <a class="indexterm" name="id348112"></a> 152 152 The introduction of roaming profiles support means that users can move between 153 153 desktop computer systems without constraint while retaining full access to their data. 154 154 The desktop travels with them as they move. 155 155 </p><p> 156 <a class="indexterm" name="id3 24798"></a>156 <a class="indexterm" name="id348123"></a> 157 157 The DNS server implementation must now address both internal and external 158 158 needs. You forward DNS lookups to your ISP-provided server as well as the 159 159 <code class="constant">abmas.us</code> external secondary DNS server. 160 160 </p><p> 161 <a class="indexterm" name="id3 24813"></a>162 <a class="indexterm" name="id3 24820"></a>163 <a class="indexterm" name="id3 24829"></a>164 Compared with the DHCP server configuration in <a href="small.html" title="Chapter 2. Small Office Networking">???</a>, <a href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">???</a>, the161 <a class="indexterm" name="id348137"></a> 162 <a class="indexterm" name="id348144"></a> 163 <a class="indexterm" name="id348152"></a> 164 Compared with the DHCP server configuration in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a>, <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">“Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf”</a>, the 165 165 configuration used in this example has to deal with the presence of an Internet connection. 166 166 The scope set for it ensures that no DHCP services will be offered on the external … … 185 185 then clone that configuration, using Norton Ghost, to all workstations. Each machine is 186 186 identical, so this should pose no problem. 187 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3 24872"></a>Hardware Requirements</h4></div></div></div><p>188 <a class="indexterm" name="id3 24879"></a>187 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id348190"></a>Hardware Requirements</h4></div></div></div><p> 188 <a class="indexterm" name="id348198"></a> 189 189 This server runs a considerable number of services. From similarly configured Linux 190 190 installations, the approximate calculated memory requirements are as shown in 191 <a href="secure.html#ch4memoryest" title="Example 3.1. Estimation of Memory Requirements">???</a>.191 <a class="link" href="secure.html#ch4memoryest" title="Example 3.1. Estimation of Memory Requirements">“Estimation of Memory Requirements”</a>. 192 192 193 193 </p><div class="example"><a name="ch4memoryest"></a><p class="title"><b>Example 3.1. Estimation of Memory Requirements</b></p><div class="example-contents"><pre class="screen"> … … 214 214 compromise in this area. 215 215 </p><p> 216 <a class="indexterm" name="id3 24923"></a>216 <a class="indexterm" name="id348237"></a> 217 217 Aggregate input/output loads should be considered for sizing network configuration as 218 218 well as disk subsystems. For network bandwidth calculations, one would typically use an … … 223 223 switched ports. 224 224 </p><p> 225 <a class="indexterm" name="id3 24942"></a>226 <a class="indexterm" name="id3 24949"></a>225 <a class="indexterm" name="id348252"></a> 226 <a class="indexterm" name="id348258"></a> 227 227 Considering the choice of 1 Gb Ethernet interfaces for the two local network segments, 228 228 the aggregate network I/O capacity will be 2100 Mb/sec (about 230 MB/sec), an I/O … … 238 238 deliver I/O rates of at least 100 MB/sec. 239 239 </p><p> 240 Disk storage requirements may be calculated as shown in <a href="secure.html#ch4diskest" title="Example 3.2. Estimation of Disk Storage Requirements">???</a>.240 Disk storage requirements may be calculated as shown in <a class="link" href="secure.html#ch4diskest" title="Example 3.2. Estimation of Disk Storage Requirements">“Estimation of Disk Storage Requirements”</a>. 241 241 242 242 </p><div class="example"><a name="ch4diskest"></a><p class="title"><b>Example 3.2. Estimation of Disk Storage Requirements</b></p><div class="example-contents"><pre class="screen"> … … 256 256 Recommended Storage: 908 GBytes 257 257 </pre></div></div><p><br class="example-break"> 258 <a class="indexterm" name="id3 24995"></a>258 <a class="indexterm" name="id348300"></a> 259 259 The preferred storage capacity should be approximately 1 Terabyte. Use of RAID level 5 260 260 with two hot spare drives would require an 8-drive by 200 GB capacity per drive array. 261 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 25007"></a>Political Issues</h3></div></div></div><p>261 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id348311"></a>Political Issues</h3></div></div></div><p> 262 262 Your industry is coming under increasing accountability pressures. Increased paranoia 263 263 is necessary so you can demonstrate that you have acted with due diligence. You must … … 268 268 gives you greater control over software licensing. 269 269 </p><p> 270 <a class="indexterm" name="id3 25025"></a>270 <a class="indexterm" name="id348329"></a> 271 271 You are well aware that the current configuration results in some performance issues 272 272 as the size of the desktop profile grows. Given that users use Microsoft Outlook 273 273 Express, you know that the storage implications of the <code class="constant">.PST</code> file 274 274 is something that needs to be addressed later. 275 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 25041"></a>Implementation</h2></div></div></div><p>276 <a href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">???</a> demonstrates the overall design of the network that you will implement.275 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id348344"></a>Implementation</h2></div></div></div><p> 276 <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">“Abmas Network Topology 130 Users”</a> demonstrates the overall design of the network that you will implement. 277 277 </p><p> 278 278 The information presented here assumes that you are already familiar with many basic steps. … … 289 289 The Domain name is set to <code class="constant">PROMISES</code>. 290 290 </p></li><li><p> 291 <a class="indexterm" name="id3 25100"></a>292 <a class="indexterm" name="id3 25107"></a>293 <a class="indexterm" name="id3 25114"></a>291 <a class="indexterm" name="id348394"></a> 292 <a class="indexterm" name="id348400"></a> 293 <a class="indexterm" name="id348406"></a> 294 294 Ethernet interface <code class="constant">eth0</code> is attached to the Internet connection 295 295 and is externally exposed. This interface is explicitly not available for Samba to use. … … 299 299 <em class="parameter"><code>bind interfaces only</code></em> entry. 300 300 </p></li><li><p> 301 <a class="indexterm" name="id3 25147"></a>302 <a class="indexterm" name="id3 25154"></a>303 <a class="indexterm" name="id3 25161"></a>301 <a class="indexterm" name="id348437"></a> 302 <a class="indexterm" name="id348443"></a> 303 <a class="indexterm" name="id348449"></a> 304 304 The <em class="parameter"><code>passdb backend</code></em> parameter specifies the creation and use 305 305 of the <code class="constant">tdbsam</code> password backend. This is a binary database that 306 306 has excellent scalability for a large number of user account entries. 307 307 </p></li><li><p> 308 <a class="indexterm" name="id3 25183"></a>309 <a class="indexterm" name="id3 25190"></a>310 <a class="indexterm" name="id3 25196"></a>311 WINS serving is enabled by the <a class=" indexterm" name="id325204"></a>wins support = Yes,308 <a class="indexterm" name="id348469"></a> 309 <a class="indexterm" name="id348476"></a> 310 <a class="indexterm" name="id348482"></a> 311 WINS serving is enabled by the <a class="link" href="smb.conf.5.html#WINSSUPPORT">wins support = Yes</a>, 312 312 and name resolution is set to use it by means of the 313 <a class=" indexterm" name="id325211"></a>name resolve order = wins bcast hostsentry.314 </p></li><li><p> 315 <a class="indexterm" name="id3 25223"></a>313 <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER">name resolve order = wins bcast hosts</a> entry. 314 </p></li><li><p> 315 <a class="indexterm" name="id348507"></a> 316 316 The Samba server is configured for use by Windows clients as a time server. 317 317 </p></li><li><p> 318 <a class="indexterm" name="id3 25235"></a>319 <a class="indexterm" name="id3 25242"></a>320 <a class="indexterm" name="id3 25248"></a>318 <a class="indexterm" name="id348519"></a> 319 <a class="indexterm" name="id348525"></a> 320 <a class="indexterm" name="id348531"></a> 321 321 Samba is configured to directly interface with CUPS via the direct internal interface 322 322 that is provided by CUPS libraries. This is achieved with the 323 <a class=" indexterm" name="id325257"></a>printing = CUPSas well as the324 <a class=" indexterm" name="id325264"></a>printcap name = CUPSentries.325 </p></li><li><p> 326 <a class="indexterm" name="id3 25275"></a>327 <a class="indexterm" name="id3 25282"></a>328 <a class="indexterm" name="id3 25289"></a>323 <a class="link" href="smb.conf.5.html#PRINTING">printing = CUPS</a> as well as the 324 <a class="link" href="smb.conf.5.html#PRINTCAPNAME">printcap name = CUPS</a> entries. 325 </p></li><li><p> 326 <a class="indexterm" name="id348558"></a> 327 <a class="indexterm" name="id348564"></a> 328 <a class="indexterm" name="id348570"></a> 329 329 External interface scripts are provided to enable Samba to interface smoothly to 330 330 essential operating system functions for user and group management. This is important … … 333 333 are provided as part of the <code class="filename">SRVTOOLS.EXE</code> toolkit that can be 334 334 downloaded from the Microsoft FTP 335 <a href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">site</a>.336 </p></li><li><p> 337 <a class="indexterm" name="id3 25316"></a>335 <a class="ulink" href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">site</a>. 336 </p></li><li><p> 337 <a class="indexterm" name="id348595"></a> 338 338 The <code class="filename">smb.conf</code> file specifies that the Samba server will operate in (default) <em class="parameter"><code> 339 security = user</code></em> mode<sup>[<a name="id3 25335" href="#ftn.id325335">5</a>]</sup>339 security = user</code></em> mode<sup>[<a name="id348612" href="#ftn.id348612" class="footnote">5</a>]</sup> 340 340 (User Mode). 341 341 </p></li><li><p> 342 <a class="indexterm" name="id3 25353"></a>343 <a class="indexterm" name="id3 25360"></a>342 <a class="indexterm" name="id348628"></a> 343 <a class="indexterm" name="id348635"></a> 344 344 Domain logon services as well as a Domain logon script are specified. The logon script 345 345 will be used to add robustness to the overall network configuration. 346 346 </p></li><li><p> 347 <a class="indexterm" name="id3 25372"></a>348 <a class="indexterm" name="id3 25379"></a>349 <a class="indexterm" name="id3 25386"></a>347 <a class="indexterm" name="id348647"></a> 348 <a class="indexterm" name="id348653"></a> 349 <a class="indexterm" name="id348659"></a> 350 350 Roaming profiles are enabled through the specification of the parameter, 351 <a class=" indexterm" name="id325393"></a>logon path = \\%L\profiles\%U. The value of this parameter translates the351 <a class="link" href="smb.conf.5.html#LOGONPATH">logon path = \\%L\profiles\%U</a>. The value of this parameter translates the 352 352 <code class="constant">%L</code> to the name by which the Samba server is called by the client (for this 353 353 configuration, it translates to the name <code class="constant">DIAMOND</code>), and the <code class="constant">%U</code> … … 357 357 requirement is when a profile is created for group use. 358 358 </p></li><li><p> 359 <a class="indexterm" name="id3 25420"></a>360 <a class="indexterm" name="id3 25426"></a>359 <a class="indexterm" name="id348691"></a> 360 <a class="indexterm" name="id348698"></a> 361 361 Precautionary veto is effected for particular Windows file names that have been targeted by 362 362 virus-related activity. Additionally, Microsoft Office files are vetoed from opportunistic locking … … 386 386 The following sections cover each step in logical and defined detail. 387 387 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4bsc"></a>Basic System Configuration</h3></div></div></div><p> 388 <a class="indexterm" name="id3 25511"></a>388 <a class="indexterm" name="id348775"></a> 389 389 The preparation in this section assumes that your SUSE Enterprise Linux Server 8.0 system has been 390 390 freshly installed. It prepares basic files so that the system is ready for comprehensive 391 operation in line with the network diagram shown in <a href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">???</a>.392 </p><div class="procedure"><a name="id3 25526"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol type="1"><li><p>393 <a class="indexterm" name="id3 25537"></a>391 operation in line with the network diagram shown in <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">“Abmas Network Topology 130 Users”</a>. 392 </p><div class="procedure"><a name="id348789"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol type="1"><li><p> 393 <a class="indexterm" name="id348799"></a> 394 394 Using the UNIX/Linux system tools, name the server <code class="constant">server.abmas.us</code>. 395 395 Verify that your hostname is correctly set by running: … … 404 404 </pre><p> 405 405 </p></li><li><p> 406 <a class="indexterm" name="id3 25579"></a>407 <a class="indexterm" name="id3 25586"></a>406 <a class="indexterm" name="id348836"></a> 407 <a class="indexterm" name="id348843"></a> 408 408 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses 409 409 of all network interfaces that are on the host server. This is necessary so that during … … 426 426 192.168.2.30 hplj6f.abmas.biz hplj6f 427 427 </pre><p> 428 <a class="indexterm" name="id3 25634"></a>429 <a class="indexterm" name="id3 25641"></a>430 <a class="indexterm" name="id3 25648"></a>428 <a class="indexterm" name="id348887"></a> 429 <a class="indexterm" name="id348894"></a> 430 <a class="indexterm" name="id348900"></a> 431 431 The printer entries are not necessary if <code class="literal">named</code> is started prior to 432 432 startup of <code class="literal">cupsd</code>, the CUPS daemon. 433 433 </p></li><li><p> 434 <a class="indexterm" name="id3 25674"></a>435 <a class="indexterm" name="id3 25681"></a>436 <a class="indexterm" name="id3 25687"></a>434 <a class="indexterm" name="id348923"></a> 435 <a class="indexterm" name="id348929"></a> 436 <a class="indexterm" name="id348935"></a> 437 437 The host server is acting as a router between the two internal network segments as well 438 438 as for all Internet access. This necessitates that IP forwarding be enabled. This can be … … 443 443 To ensure that your kernel is capable of IP forwarding during configuration, you may 444 444 wish to execute that command manually also. This setting permits the Linux system to 445 act as a router.<sup>[<a name="id3 25710" href="#ftn.id325710">6</a>]</sup>446 </p></li><li><p> 447 <a class="indexterm" name="id3 25722"></a>448 <a class="indexterm" name="id3 25729"></a>445 act as a router.<sup>[<a name="id348957" href="#ftn.id348957" class="footnote">6</a>]</sup> 446 </p></li><li><p> 447 <a class="indexterm" name="id348968"></a> 448 <a class="indexterm" name="id348975"></a> 449 449 Installation of a basic firewall and NAT facility is necessary. 450 450 The following script can be installed in the <code class="filename">/usr/local/sbin</code> 451 451 directory. It is executed from the <code class="filename">/etc/rc.d/boot.local</code> startup 452 452 script. In your case, this script is called <code class="filename">abmas-netfw.sh</code>. The 453 script contents are shown in <a href="secure.html#ch4natfw" title="Example 3.3. NAT Firewall Configuration Script">???</a>.453 script contents are shown in <a class="link" href="secure.html#ch4natfw" title="Example 3.3. NAT Firewall Configuration Script">“NAT Firewall Configuration Script”</a>. 454 454 455 455 </p><div class="example"><a name="ch4natfw"></a><p class="title"><b>Example 3.3. NAT Firewall Configuration Script</b></p><div class="example-contents"><pre class="screen"> … … 525 525 </pre><p> 526 526 </p></li></ol></div><p> 527 <a class="indexterm" name="id3 25846"></a>527 <a class="indexterm" name="id349080"></a> 528 528 The server is now ready for Samba configuration. During the validation step, you remove 529 529 the entry for the Samba server <code class="constant">diamond</code> from the <code class="filename">/etc/hosts</code> 530 530 file. This is done after you are satisfied that DNS-based name resolution is functioning correctly. 531 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 25866"></a>Samba Configuration</h3></div></div></div><p>531 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id349099"></a>Samba Configuration</h3></div></div></div><p> 532 532 When you have completed this section, the Samba server is ready for testing and validation; 533 533 however, testing and validation have to wait until DHCP, DNS, and printing (CUPS) services have 534 534 been configured. 535 </p><div class="procedure"><a name="id3 25877"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol type="1"><li><p>535 </p><div class="procedure"><a name="id349109"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol type="1"><li><p> 536 536 Install the Samba-3 binary RPM from the Samba-Team FTP site. Assuming that the binary 537 537 RPM file is called <code class="filename">samba-3.0.20-1.i386.rpm</code>, one way to install this … … 544 544 refer to the operating system manufacturer's documentation for guidance. 545 545 </p></li><li><p> 546 Install the <code class="filename">smb.conf</code> file shown in <a href="secure.html#promisnet" title="Example 3.4. 130 User Network with tdbsam [globals] Section">???</a>, <a href="secure.html#promisnetsvca" title="Example 3.5. 130 User Network with tdbsam Services Section Part A">???</a>,547 and <a href="secure.html#promisnetsvcb" title="Example 3.6. 130 User Network with tdbsam Services Section Part B">???</a>. Concatenate (join) all three files to make a single <code class="filename">smb.conf</code>546 Install the <code class="filename">smb.conf</code> file shown in <a class="link" href="secure.html#promisnet" title="Example 3.4. 130 User Network with tdbsam [globals] Section">“130 User Network with tdbsam [globals] Section”</a>, <a class="link" href="secure.html#promisnetsvca" title="Example 3.5. 130 User Network with tdbsam Services Section Part A">“130 User Network with tdbsam Services Section Part A”</a>, 547 and <a class="link" href="secure.html#promisnetsvcb" title="Example 3.6. 130 User Network with tdbsam Services Section Part B">“130 User Network with tdbsam Services Section Part B”</a>. Concatenate (join) all three files to make a single <code class="filename">smb.conf</code> 548 548 file. The final, fully qualified path for this file should be <code class="filename">/etc/samba/smb.conf</code>. 549 549 550 </p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id3 25993"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id326005"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id326018"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id326030"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326043"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id326056"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326068"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id326081"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id326094"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id326107"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326119"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id326132"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id326144"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id326157"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id326170"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id326182"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id326195"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326207"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id326220"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id326232"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id326245"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id326258"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id326271"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id326284"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id326297"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id326310"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id326322"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id326335"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id326348"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id326361"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id326373"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id326386"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326398"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326411"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326423"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326436"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326448"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id326461"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id326473"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id326486"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break">551 552 </p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id3 26530"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id326542"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id326555"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id326567"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id326589"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id326602"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id326614"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326627"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326639"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326652"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326664"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id326686"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id326698"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id326711"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id326724"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id326745"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id326758"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id326770"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id326783"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id326804"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id326817"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id326829"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break">553 554 </p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id3 26872"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id326885"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id326898"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id326919"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id326932"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id326944"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id326966"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id326978"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id326991"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id327003"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break">555 </p></li><li><p> 556 <a class="indexterm" name="id3 27024"></a><a class="indexterm" name="id327029"></a>550 </p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id349208"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id349219"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id349229"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id349240"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349250"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id349260"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349271"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id349281"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id349292"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id349303"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349313"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id349324"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id349334"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id349344"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id349355"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id349365"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id349376"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349386"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id349396"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id349407"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id349417"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id349428"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id349438"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id349448"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id349459"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id349470"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id349481"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id349491"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id349502"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id349512"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id349522"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id349533"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349543"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349554"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349564"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349574"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349585"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id349595"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id349606"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id349616"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break"> 551 552 </p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id349654"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id349664"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id349675"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id349685"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id349704"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id349714"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id349725"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349735"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349745"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349756"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349766"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id349785"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id349795"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id349806"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id349816"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id349835"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id349845"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id349856"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id349866"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id349885"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id349895"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id349906"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break"> 553 554 </p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id349944"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id349954"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id349964"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id349983"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id349994"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id350004"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id350023"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id350033"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id350044"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id350054"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break"> 555 </p></li><li><p> 556 <a class="indexterm" name="id350072"></a><a class="indexterm" name="id350077"></a> 557 557 Add the <code class="constant">root</code> user to the password backend as follows: 558 558 </p><pre class="screen"> … … 567 567 without considerable trouble. 568 568 </p></li><li><p> 569 <a class="indexterm" name="id3 27073"></a>569 <a class="indexterm" name="id350117"></a> 570 570 Create the username map file to permit the <code class="constant">root</code> account to be called 571 571 <code class="constant">Administrator</code> from the Windows network environment. To do this, create … … 594 594 </pre><p> 595 595 </p></li><li><p> 596 <a class="indexterm" name="id3 27111"></a>597 <a class="indexterm" name="id3 27118"></a>598 <a class="indexterm" name="id3 27129"></a>599 <a class="indexterm" name="id3 27140"></a>600 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in <a href="small.html" title="Chapter 2. Small Office Networking">???</a>,601 <a href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">???</a>. Create a file containing this script. We called ours596 <a class="indexterm" name="id350152"></a> 597 <a class="indexterm" name="id350158"></a> 598 <a class="indexterm" name="id350169"></a> 599 <a class="indexterm" name="id350179"></a> 600 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a>, 601 <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">“Script to Map Windows NT Groups to UNIX Groups”</a>. Create a file containing this script. We called ours 602 602 <code class="filename">/etc/samba/initGrps.sh</code>. Set this file so it can be executed, 603 603 and then execute the script. Sample output should be as follows: 604 604 605 </p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id3 27181"></a><pre class="screen">605 </p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id350213"></a><pre class="screen"> 606 606 #!/bin/bash 607 607 # … … 656 656 </pre><p> 657 657 </p></li><li><p> 658 <a class="indexterm" name="id3 27240"></a>659 <a class="indexterm" name="id3 27247"></a>660 <a class="indexterm" name="id3 27254"></a>661 <a class="indexterm" name="id3 27260"></a>662 <a class="indexterm" name="id3 27267"></a>663 <a class="indexterm" name="id3 27274"></a>664 <a class="indexterm" name="id3 27283"></a>658 <a class="indexterm" name="id350270"></a> 659 <a class="indexterm" name="id350276"></a> 660 <a class="indexterm" name="id350282"></a> 661 <a class="indexterm" name="id350288"></a> 662 <a class="indexterm" name="id350295"></a> 663 <a class="indexterm" name="id350301"></a> 664 <a class="indexterm" name="id350309"></a> 665 665 There is one preparatory step without which you will not have a working Samba 666 666 network environment. You must add an account for each network user. … … 687 687 You do of course use a valid user login ID in place of <em class="parameter"><code>username</code></em>. 688 688 </p></li><li><p> 689 <a class="indexterm" name="id3 27390"></a>690 <a class="indexterm" name="id3 27399"></a>691 <a class="indexterm" name="id3 27408"></a>689 <a class="indexterm" name="id350406"></a> 690 <a class="indexterm" name="id350414"></a> 691 <a class="indexterm" name="id350423"></a> 692 692 Using the preferred tool for your UNIX system, add each user to the UNIX groups created 693 693 previously as necessary. File system access control will be based on UNIX group membership. … … 698 698 file system partition using appropriate system tools. 699 699 </p></li><li><p> 700 <a class="indexterm" name="id3 27445"></a>700 <a class="indexterm" name="id350457"></a> 701 701 Create the top-level file storage directories for data and applications as follows: 702 702 </p><pre class="screen"> … … 739 739 </pre><p> 740 740 </p></li><li><p> 741 <a class="indexterm" name="id3 27647"></a>742 <a class="indexterm" name="id3 27653"></a>743 <a class="indexterm" name="id3 27660"></a>741 <a class="indexterm" name="id350631"></a> 742 <a class="indexterm" name="id350637"></a> 743 <a class="indexterm" name="id350644"></a> 744 744 Create a logon script. It is important that each line is correctly terminated with 745 745 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure … … 761 761 foundational to Internet access as well as to trouble-free operation of local networking. When 762 762 you have completed this section, the server should be ready for solid duty operation. 763 </p><div class="procedure"><a name="id3 27727"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol type="1"><li><p>764 <a class="indexterm" name="id3 27738"></a>763 </p><div class="procedure"><a name="id350702"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol type="1"><li><p> 764 <a class="indexterm" name="id350713"></a> 765 765 Create a file called <code class="filename">/etc/dhcpd.conf</code> with the contents as 766 shown in <a href="secure.html#prom-dhcp" title="Example 3.8. DHCP Server Configuration File /etc/dhcpd.conf">???</a>.766 shown in <a class="link" href="secure.html#prom-dhcp" title="Example 3.8. DHCP Server Configuration File /etc/dhcpd.conf">“DHCP Server Configuration File /etc/dhcpd.conf”</a>. 767 767 768 768 </p><div class="example"><a name="prom-dhcp"></a><p class="title"><b>Example 3.8. DHCP Server Configuration File <code class="filename">/etc/dhcpd.conf</code></b></p><div class="example-contents"><pre class="screen"> … … 813 813 </pre></div></div><p><br class="example-break"> 814 814 </p></li><li><p> 815 <a class="indexterm" name="id3 27812"></a>815 <a class="indexterm" name="id350767"></a> 816 816 Create a file called <code class="filename">/etc/named.conf</code> that has the combined contents 817 of the <a href="secure.html#ch4namedcfg" title="Example 3.9. DNS Master Configuration File /etc/named.conf Master Section">???</a>, <a href="secure.html#ch4namedvarfwd" title="Example 3.10. DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section">???</a>, and818 <a href="secure.html#ch4namedvarrev" title="Example 3.11. DNS Master Configuration File /etc/named.conf Reverse Lookup Definition Section">???</a> files that are concatenated (merged) in this817 of the <a class="link" href="secure.html#ch4namedcfg" title="Example 3.9. DNS Master Configuration File /etc/named.conf Master Section">“DNS Master Configuration File /etc/named.conf Master Section”</a>, <a class="link" href="secure.html#ch4namedvarfwd" title="Example 3.10. DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section">“DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section”</a>, and 818 <a class="link" href="secure.html#ch4namedvarrev" title="Example 3.11. DNS Master Configuration File /etc/named.conf Reverse Lookup Definition Section">“DNS Master Configuration File /etc/named.conf Reverse Lookup Definition Section”</a> files that are concatenated (merged) in this 819 819 specific order. 820 820 </p></li><li><p> 821 Create the files shown in their respective directories as shown in <a href="secure.html#namedrscfiles" title="Table 3.2. DNS (named) Resource Files">DNS821 Create the files shown in their respective directories as shown in <a class="link" href="secure.html#namedrscfiles" title="Table 3.2. DNS (named) Resource Files">DNS 822 822 (named) Resource Files</a>. 823 823 824 </p><div class="table"><a name="namedrscfiles"></a><p class="title"><b>Table 3.2. DNS (named) Resource Files</b></p><div class="table-contents"><table summary="DNS (named) Resource Files" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Reference</th><th align="left">File Location</th></tr></thead><tbody><tr><td align="left"><a href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">???</a></td><td align="left">/var/lib/named/localhost.zone</td></tr><tr><td align="left"><a href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">???</a></td><td align="left">/var/lib/named/127.0.0.zone</td></tr><tr><td align="left"><a href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">???</a></td><td align="left">/var/lib/named/root.hint</td></tr><tr><td align="left"><a href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">???</a></td><td align="left">/var/lib/named/master/abmas.biz.hosts</td></tr><tr><td align="left"><a href="secure.html#abmasus" title="Example 3.15. DNS Abmas.us Forward Zone File">???</a></td><td align="left">/var/lib/named/abmas.us.hosts</td></tr><tr><td align="left"><a href="secure.html#eth1zone" title="Example 3.12. DNS 192.168.1 Reverse Zone File">???</a></td><td align="left">/var/lib/named/192.168.1.0.rev</td></tr><tr><td align="left"><a href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">???</a></td><td align="left">/var/lib/named/192.168.2.0.rev</td></tr></tbody></table></div></div><p><br class="table-break">825 826 </p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id3 28017"></a><pre class="screen">824 </p><div class="table"><a name="namedrscfiles"></a><p class="title"><b>Table 3.2. DNS (named) Resource Files</b></p><div class="table-contents"><table summary="DNS (named) Resource Files" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Reference</th><th align="left">File Location</th></tr></thead><tbody><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left">/var/lib/named/localhost.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left">/var/lib/named/127.0.0.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left">/var/lib/named/root.hint</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">“DNS Abmas.biz Forward Zone File”</a></td><td align="left">/var/lib/named/master/abmas.biz.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasus" title="Example 3.15. DNS Abmas.us Forward Zone File">“DNS Abmas.us Forward Zone File”</a></td><td align="left">/var/lib/named/abmas.us.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#eth1zone" title="Example 3.12. DNS 192.168.1 Reverse Zone File">“DNS 192.168.1 Reverse Zone File”</a></td><td align="left">/var/lib/named/192.168.1.0.rev</td></tr><tr><td align="left"><a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">“DNS 192.168.2 Reverse Zone File”</a></td><td align="left">/var/lib/named/192.168.2.0.rev</td></tr></tbody></table></div></div><p><br class="table-break"> 825 826 </p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id350938"></a><pre class="screen"> 827 827 ### 828 828 # Abmas Biz DNS Control File … … 1009 1009 1010 1010 </p></li><li><p> 1011 <a class="indexterm" name="id3 28181"></a><a class="indexterm" name="id328187"></a>1011 <a class="indexterm" name="id351093"></a><a class="indexterm" name="id351098"></a> 1012 1012 All DNS name resolution should be handled locally. To ensure that the server is configured 1013 1013 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> to have the following … … 1018 1018 nameserver 123.45.54.23 1019 1019 </pre><p> 1020 <a class="indexterm" name="id3 28209"></a>1020 <a class="indexterm" name="id351119"></a> 1021 1021 This instructs the name resolver function (when configured correctly) to ask the DNS server 1022 1022 that is running locally to resolve names to addresses. In the event that the local name server … … 1024 1024 purely local names to IP addresses. 1025 1025 </p></li><li><p> 1026 <a class="indexterm" name="id3 28228"></a>1026 <a class="indexterm" name="id351137"></a> 1027 1027 The final step is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 1028 1028 This file controls the operation of the various resolver libraries that are part of the Linux … … 1043 1043 submitted to it. In other words, our configuration turns CUPS into a raw-mode print queue. This means that 1044 1044 the correct printer driver must be installed on all clients. 1045 </p><div class="procedure"><a name="id3 28275"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol type="1"><li><p>1045 </p><div class="procedure"><a name="id351180"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol type="1"><li><p> 1046 1046 Configure each printer to be a DHCP client, carefully following the manufacturer's guidelines. 1047 1047 </p></li><li><p> … … 1050 1050 port as necessary in the following example commands. 1051 1051 This allows the CUPS spooler to print using raw mode protocols. 1052 <a class="indexterm" name="id3 28297"></a>1053 <a class="indexterm" name="id3 28304"></a>1052 <a class="indexterm" name="id351201"></a> 1053 <a class="indexterm" name="id351207"></a> 1054 1054 </p></li><li><p> 1055 <a class="indexterm" name="id3 28317"></a><a class="indexterm" name="id328325"></a>1055 <a class="indexterm" name="id351220"></a><a class="indexterm" name="id351227"></a> 1056 1056 Configure the CUPS Print Queues as follows: 1057 1057 </p><pre class="screen"> … … 1061 1061 <code class="prompt">root# </code> lpadmin -p hplj6f -v socket://hplj6f.abmas.biz:9100 -E 1062 1062 </pre><p> 1063 <a class="indexterm" name="id3 28365"></a>1063 <a class="indexterm" name="id351268"></a> 1064 1064 This creates the necessary print queues with no assigned print filter. 1065 </p></li><li><p><a class="indexterm" name="id3 28379"></a>1065 </p></li><li><p><a class="indexterm" name="id351281"></a> 1066 1066 Print queues may not be enabled at creation. Use <code class="literal">lpc stat</code> to check 1067 1067 the status of the print queues and, if necessary, make certain that the queues you have … … 1073 1073 <code class="prompt">root# </code> /usr/bin/enable hplj6f 1074 1074 </pre><p> 1075 </p></li><li><p><a class="indexterm" name="id3 28431"></a>1075 </p></li><li><p><a class="indexterm" name="id351333"></a> 1076 1076 Even though your print queues may be enabled, it is still possible that they 1077 1077 are not accepting print jobs. A print queue services incoming printing … … 1085 1085 </pre><p> 1086 1086 </p></li><li><p> 1087 <a class="indexterm" name="id3 28478"></a>1088 <a class="indexterm" name="id3 28485"></a>1089 <a class="indexterm" name="id3 28492"></a>1087 <a class="indexterm" name="id351381"></a> 1088 <a class="indexterm" name="id351387"></a> 1089 <a class="indexterm" name="id351394"></a> 1090 1090 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line: 1091 1091 </p><pre class="screen"> … … 1093 1093 </pre><p> 1094 1094 </p></li><li><p> 1095 <a class="indexterm" name="id3 28518"></a>1095 <a class="indexterm" name="id351420"></a> 1096 1096 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line: 1097 1097 </p><pre class="screen"> … … 1106 1106 The UNIX system print queues have been configured and are ready for validation testing. 1107 1107 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="procstart"></a>Process Startup Configuration</h3></div></div></div><p> 1108 <a class="indexterm" name="id3 28580"></a>1108 <a class="indexterm" name="id351482"></a> 1109 1109 There are two essential steps to process startup configuration. First, the process 1110 1110 must be configured so that it automatically restarts each time the server … … 1115 1115 necessary start or kill script is run. 1116 1116 </p><p> 1117 <a class="indexterm" name="id3 28611"></a>1118 <a class="indexterm" name="id3 28618"></a>1119 <a class="indexterm" name="id3 28625"></a>1120 <a class="indexterm" name="id3 28631"></a>1121 <a class="indexterm" name="id3 28638"></a>1117 <a class="indexterm" name="id351513"></a> 1118 <a class="indexterm" name="id351520"></a> 1119 <a class="indexterm" name="id351527"></a> 1120 <a class="indexterm" name="id351534"></a> 1121 <a class="indexterm" name="id351540"></a> 1122 1122 In the event that a service is not run as a daemon, but via the internetworking 1123 1123 super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code> … … 1130 1130 Use the standard system tool to configure each service to restart 1131 1131 automatically at every system reboot. For example, 1132 <a class="indexterm" name="id3 28685"></a>1132 <a class="indexterm" name="id351587"></a> 1133 1133 </p><pre class="screen"> 1134 1134 <code class="prompt">root# </code> chkconfig dhpcd on … … 1138 1138 </pre><p> 1139 1139 </p></li><li><p> 1140 <a class="indexterm" name="id3 28728"></a>1141 <a class="indexterm" name="id3 28735"></a>1142 <a class="indexterm" name="id3 28742"></a>1140 <a class="indexterm" name="id351630"></a> 1141 <a class="indexterm" name="id351637"></a> 1142 <a class="indexterm" name="id351644"></a> 1143 1143 Now start each service to permit the system to be validated. 1144 1144 Execute each of the following in the sequence shown: … … 1151 1151 </pre><p> 1152 1152 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4valid"></a>Validation</h3></div></div></div><p> 1153 <a class="indexterm" name="id3 28794"></a>1153 <a class="indexterm" name="id351696"></a> 1154 1154 Complex networking problems are most often caused by simple things that are poorly or incorrectly 1155 1155 configured. The validation process adopted here should be followed carefully; it is the result of the … … 1161 1161 Later in this book you learn how to make users happier. For now, it is enough to learn to 1162 1162 validate. Let's get on with it. 1163 </p><div class="procedure"><a name="id3 28809"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol type="1"><li><p>1164 <a class="indexterm" name="id3 28820"></a>1163 </p><div class="procedure"><a name="id351711"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol type="1"><li><p> 1164 <a class="indexterm" name="id351722"></a> 1165 1165 One of the most important facets of Samba configuration is to ensure that 1166 1166 name resolution functions correctly. You can check name resolution … … 1188 1188 is working. 1189 1189 </p></li><li><p> 1190 <a class="indexterm" name="id3 28885"></a>1190 <a class="indexterm" name="id351783"></a> 1191 1191 So far, your installation is going particularly well. In this step we validate 1192 1192 DNS server and name resolution operation. Using your favorite UNIX system editor, … … 1197 1197 </pre><p> 1198 1198 </p></li><li><p> 1199 <a class="indexterm" name="id3 28915"></a>1199 <a class="indexterm" name="id351813"></a> 1200 1200 Before you test DNS operation, it is a good idea to verify that the DNS server 1201 1201 is running by executing the following: … … 1211 1211 </pre><p> 1212 1212 This means that we are ready to check DNS operation. Do so by executing: 1213 <a class="indexterm" name="id3 28939"></a>1213 <a class="indexterm" name="id351837"></a> 1214 1214 </p><pre class="screen"> 1215 1215 <code class="prompt">root# </code> ping diamond … … 1227 1227 sleeth1.abmas.biz has address 192.168.1.1 1228 1228 </pre><p> 1229 <a class="indexterm" name="id3 28973"></a>1229 <a class="indexterm" name="id351871"></a> 1230 1230 You may now remove the entry called <code class="constant">diamond</code> from the 1231 1231 <code class="filename">/etc/hosts</code> file. It does not hurt to leave it there, 1232 1232 but its removal reduces the number of administrative steps for this name. 1233 1233 </p></li><li><p> 1234 <a class="indexterm" name="id3 28998"></a>1234 <a class="indexterm" name="id351896"></a> 1235 1235 WINS is a great way to resolve NetBIOS names to their IP address. You can test 1236 1236 the operation of WINS by starting <code class="literal">nmbd</code> (manually or by way 1237 of the Samba startup method shown in <a href="secure.html#procstart" title="Process Startup Configuration">???</a>). You must edit1237 of the Samba startup method shown in <a class="link" href="secure.html#procstart" title="Process Startup Configuration">“Process Startup Configuration”</a>). You must edit 1238 1238 the <code class="filename">/etc/nsswitch.conf</code> file so that the <code class="constant">hosts</code> 1239 1239 entry is as follows: … … 1243 1243 The next step is to make certain that Samba is running using <code class="literal">ps ax | grep mbd</code>. 1244 1244 The <code class="literal">nmbd</code> daemon will provide the WINS name resolution service when the 1245 <code class="filename">smb.conf</code> file <em class="parameter"><code></code></em> parameter <a class=" indexterm" name="id329058"></a>wins support = Yeshas been specified. Having validated that Samba is operational,1245 <code class="filename">smb.conf</code> file <em class="parameter"><code></code></em> parameter <a class="link" href="smb.conf.5.html#WINSSUPPORT">wins support = Yes</a> has been specified. Having validated that Samba is operational, 1246 1246 excute the following: 1247 1247 </p><pre class="screen"> … … 1251 1251 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.479 ms 1252 1252 </pre><p> 1253 <a class="indexterm" name="id3 29078"></a>1253 <a class="indexterm" name="id351980"></a> 1254 1254 Now that you can relax with the knowledge that all three major forms of name 1255 1255 resolution to IP address resolution are working, edit the <code class="filename">/etc/nsswitch.conf</code> … … 1272 1272 comes when you try to add the first DHCP client to the network. 1273 1273 </p></li><li><p> 1274 <a class="indexterm" name="id3 29131"></a>1274 <a class="indexterm" name="id352033"></a> 1275 1275 This is a good point at which to start validating Samba operation. You are 1276 1276 content that name resolution is working for basic TCP/IP needs. Let's move on. … … 1344 1344 Clear away all errors before proceeding. 1345 1345 </p></li><li><p> 1346 <a class="indexterm" name="id3 29182"></a>1347 <a class="indexterm" name="id3 29188"></a>1348 <a class="indexterm" name="id3 29195"></a>1349 <a class="indexterm" name="id3 29202"></a>1346 <a class="indexterm" name="id352099"></a> 1347 <a class="indexterm" name="id352106"></a> 1348 <a class="indexterm" name="id352112"></a> 1349 <a class="indexterm" name="id352119"></a> 1350 1350 Check that the Samba server is running: 1351 1351 </p><pre class="screen"> … … 1360 1360 </pre><p> 1361 1361 The <code class="literal">winbindd</code> daemon is running in split mode (normal), so there are also 1362 two instances<sup>[<a name="id3 29230" href="#ftn.id329230">7</a>]</sup> of it.1362 two instances<sup>[<a name="id352147" href="#ftn.id352147" class="footnote">7</a>]</sup> of it. 1363 1363 </p></li><li><p> 1364 <a class="indexterm" name="id3 29258"></a>1365 <a class="indexterm" name="id3 29265"></a>1364 <a class="indexterm" name="id352175"></a> 1365 <a class="indexterm" name="id352182"></a> 1366 1366 Check that an anonymous connection can be made to the Samba server: 1367 1367 </p><pre class="screen"> … … 1395 1395 a <code class="constant">NULL</code> password. 1396 1396 </p></li><li><p> 1397 <a class="indexterm" name="id3 29313"></a>1398 <a class="indexterm" name="id3 29319"></a>1399 <a class="indexterm" name="id3 29326"></a>1397 <a class="indexterm" name="id352230"></a> 1398 <a class="indexterm" name="id352237"></a> 1399 <a class="indexterm" name="id352244"></a> 1400 1400 Verify that each printer has the IP address assigned in the DHCP server configuration file. 1401 1401 The easiest way to do this is to ping the printer name. Immediately after the ping response … … 1412 1412 hplj6a (192.168.1.30) at 00:03:47:CB:81:E0 [ether] on eth0 1413 1413 </pre><p> 1414 <a class="indexterm" name="id3 29367"></a>1414 <a class="indexterm" name="id352285"></a> 1415 1415 The MAC address <code class="constant">00:03:47:CB:81:E0</code> matches that specified for the 1416 1416 IP address from which the printer has responded and with the entry for it in the 1417 1417 <code class="filename">/etc/dhcpd.conf</code> file. Repeat this for each printer configured. 1418 1418 </p></li><li><p> 1419 <a class="indexterm" name="id3 29394"></a>1419 <a class="indexterm" name="id352311"></a> 1420 1420 Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool: 1421 1421 </p><pre class="screen"> … … 1436 1436 </pre><p> 1437 1437 </p></li><li><p> 1438 <a class="indexterm" name="id3 29438"></a>1438 <a class="indexterm" name="id352355"></a> 1439 1439 Your new server is connected to an Internet-accessible connection. Before you start 1440 1440 your firewall, you should run a port scanner against your system. You should repeat that 1441 1441 after the firewall has been started. This helps you understand to what extent the 1442 1442 server may be vulnerable to external attack. One way you can do this is by using an 1443 external service, such as the <a href="http://www.dslreports.com/scan" target="_top">DSL Reports</a>1443 external service, such as the <a class="ulink" href="http://www.dslreports.com/scan" target="_top">DSL Reports</a> 1444 1444 tools. Alternately, if you can gain root-level access to a remote 1445 1445 UNIX/Linux system that has the <code class="literal">nmap</code> tool, you can run the following: … … 1511 1511 </pre><p> 1512 1512 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4appscfg"></a>Application Share Configuration</h3></div></div></div><p> 1513 <a class="indexterm" name="id3 29522"></a>1514 <a class="indexterm" name="id3 29529"></a>1513 <a class="indexterm" name="id352434"></a> 1514 <a class="indexterm" name="id352441"></a> 1515 1515 The use of an application server is a key mechanism by which desktop administration overheads 1516 1516 can be reduced. Check the application manual for your software to identify how best to … … 1533 1533 of work files on the local workstation. 1534 1534 </p></li></ul></div><p> 1535 <a class="indexterm" name="id3 29572"></a>1535 <a class="indexterm" name="id352484"></a> 1536 1536 A common application deployed in this environment is an office suite. 1537 1537 Enterprise editions of Microsoft Office XP Professional can be administratively installed … … 1550 1550 local disk space. In the latter case, when the applications are used, they load over the network. 1551 1551 </p><p> 1552 <a class="indexterm" name="id3 29600"></a>1553 <a class="indexterm" name="id3 29606"></a>1552 <a class="indexterm" name="id352512"></a> 1553 <a class="indexterm" name="id352518"></a> 1554 1554 Microsoft Office Service Packs can be unpacked to update an administrative share. This makes 1555 1555 it possible to update MS Office XP Professional for all users from a single installation … … 1560 1560 editing or by way of configuration options inside each Office XP Professional application. 1561 1561 </p><p> 1562 <a class="indexterm" name="id3 29624"></a>1562 <a class="indexterm" name="id352536"></a> 1563 1563 OpenOffice.Org OpenOffice Version 1.1.0 can be installed locally. It can also 1564 1564 be installed to run off a network share. The latter is a most desirable solution for office-bound … … 1573 1573 share point. The full administrative OpenOffice share takes approximately 150 MB of disk 1574 1574 space. 1575 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id3 29651"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p>1575 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id352560"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p> 1576 1576 Many single-user products can be installed into an administrative share, but 1577 1577 personal versions of products such as Microsoft Office XP Professional do not permit this. … … 1597 1597 please do not use the software. 1598 1598 </p><p> 1599 <a class="indexterm" name="id3 29686"></a>1599 <a class="indexterm" name="id352595"></a> 1600 1600 Samba is provided under the terms of the GNU GPL Version 2, a copy of which is provided 1601 1601 with the source code. … … 1608 1608 be done with notebook computers as long as they are identical or sufficiently similar. 1609 1609 </p><div class="procedure"><a name="sbewinclntprep"></a><p class="title"><b>Procedure 3.6. Windows Client Configuration Procedure</b></p><ol type="1"><li><p> 1610 <a class="indexterm" name="id3 29729"></a>1611 <a class="indexterm" name="id3 29736"></a>1610 <a class="indexterm" name="id352638"></a> 1611 <a class="indexterm" name="id352645"></a> 1612 1612 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 1613 1613 TCP/IP protocol configuration. DHCP configures all Windows clients to use the WINS Server … … 1617 1617 username <code class="constant">root</code> and the SMB password you assigned to this account. 1618 1618 A detailed step-by-step procedure for joining a Windows 200x/XP Professional client to 1619 a Windows Domain is given in <a href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">???</a>, <a href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">???</a>.1619 a Windows Domain is given in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">“A Collection of Useful Tidbits”</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">“Joining a Domain: Windows 200x/XP Professional”</a>. 1620 1620 Reboot the machine as prompted and then log on using the Domain Administrator account 1621 1621 (<code class="constant">root</code>). … … 1642 1642 preparation procedure below. 1643 1643 </p></li><li><p> 1644 <a class="indexterm" name="id3 29860"></a>1644 <a class="indexterm" name="id352769"></a> 1645 1645 When you are satisfied that the staging systems are complete, use the appropriate procedure to 1646 1646 remove the client from the domain. Reboot the system and then log on as the local administrator … … 1651 1651 machine to a network share on the server. 1652 1652 </p></li><li><p> 1653 <a class="indexterm" name="id3 29885"></a>1654 <a class="indexterm" name="id3 29894"></a>1653 <a class="indexterm" name="id352794"></a> 1654 <a class="indexterm" name="id352803"></a> 1655 1655 You may now replicate the image to the target machines using the appropriate Norton Ghost 1656 1656 procedure. Make sure to use the procedure that ensures each machine has a unique … … 1658 1658 </p></li><li><p> 1659 1659 Log on to the machine as the local Administrator (the only option), and join the machine to 1660 the Domain, following the procedure set out in <a href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">???</a>, <a href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">???</a>. The system is now1660 the Domain, following the procedure set out in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">“A Collection of Useful Tidbits”</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">“Joining a Domain: Windows 200x/XP Professional”</a>. The system is now 1661 1661 ready for the user to log on, provided you have created a network logon account for that 1662 1662 user, of course. … … 1687 1687 Repeat the printer installation steps above for both HP LaserJet 6 printers 1688 1688 as well as for both QMS Magicolor laser printers. 1689 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3 30151"></a>Key Points Learned</h3></div></div></div><p>1689 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id353060"></a>Key Points Learned</h3></div></div></div><p> 1690 1690 How do you feel? You have built a capable network, a truly ambitious project. 1691 1691 Future network updates can be handled by … … 1710 1710 client in order to effect improved standardization of desktops and to reduce 1711 1711 the costs of network management. 1712 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3 30204"></a>Questions and Answers</h2></div></div></div><p>1713 </p><div class="qandaset"><dl><dt>1. <a href="secure.html#id3 30220">1712 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id353113"></a>Questions and Answers</h2></div></div></div><p> 1713 </p><div class="qandaset"><dl><dt>1. <a href="secure.html#id353129"> 1714 1714 What is the maximum number of account entries that the tdbsam 1715 1715 passdb backend can handle? 1716 </a></dt><dt>2. <a href="secure.html#id3 30273">1716 </a></dt><dt>2. <a href="secure.html#id353182"> 1717 1717 Would Samba operate any better if the OS level is set to a value higher than 35? 1718 </a></dt><dt>3. <a href="secure.html#id3 30292">1718 </a></dt><dt>3. <a href="secure.html#id353201"> 1719 1719 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups? 1720 </a></dt><dt>4. <a href="secure.html#id3 30312">1720 </a></dt><dt>4. <a href="secure.html#id353221"> 1721 1721 Why has a path been specified in the IPC$ share? 1722 </a></dt><dt>5. <a href="secure.html#id3 30337">1722 </a></dt><dt>5. <a href="secure.html#id353246"> 1723 1723 Why does the smb.conf file in this exercise include an entry for smb ports? 1724 </a></dt><dt>6. <a href="secure.html#id3 30378">1724 </a></dt><dt>6. <a href="secure.html#id353286"> 1725 1725 What is the difference between a print queue and a printer? 1726 </a></dt><dt>7. <a href="secure.html#id3 30405">1726 </a></dt><dt>7. <a href="secure.html#id353314"> 1727 1727 Can all MS Windows application software be installed onto an application server share? 1728 </a></dt><dt>8. <a href="secure.html#id3 30426">1728 </a></dt><dt>8. <a href="secure.html#id353334"> 1729 1729 Why use dynamic DNS (DDNS)? 1730 </a></dt><dt>9. <a href="secure.html#id3 30444">1730 </a></dt><dt>9. <a href="secure.html#id353352"> 1731 1731 Why would you use WINS as well as DNS-based name resolution? 1732 </a></dt><dt>10. <a href="secure.html#id3 30514">1732 </a></dt><dt>10. <a href="secure.html#id353422"> 1733 1733 What are the major benefits of using an application server? 1734 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id3 30220"></a><a name="id330222"></a><b>1.</b></td><td align="left" valign="top"><p>1734 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id353129"></a><a name="id353131"></a><p><b>1.</b></p></td><td align="left" valign="top"><p> 1735 1735 What is the maximum number of account entries that the <em class="parameter"><code>tdbsam</code></em> 1736 1736 passdb backend can handle? … … 1758 1758 not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The 1759 1759 limitation of 250 users per tdbsam is predicated only on the need for replication, 1760 not on the limits<sup>[<a name="id3 30264" href="#ftn.id330264">8</a>]</sup> of the tdbsam backend itself.1761 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30273"></a><a name="id330275"></a><b>2.</b></td><td align="left" valign="top"><p>1760 not on the limits<sup>[<a name="id353173" href="#ftn.id353173" class="footnote">8</a>]</sup> of the tdbsam backend itself. 1761 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353182"></a><a name="id353184"></a><p><b>2.</b></p></td><td align="left" valign="top"><p> 1762 1762 Would Samba operate any better if the OS level is set to a value higher than 35? 1763 1763 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1765 1765 of 35 already assures Samba of precedence over MS Windows products in browser elections. There is 1766 1766 no gain to be had from setting this higher. 1767 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30292"></a><a name="id330294"></a><b>3.</b></td><td align="left" valign="top"><p>1767 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353201"></a><a name="id353203"></a><p><b>3.</b></p></td><td align="left" valign="top"><p> 1768 1768 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups? 1769 1769 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1771 1771 a later date Samba may make use of Windows Local Groups, as well as of the Active Directory special 1772 1772 Groups. Proper operation requires Domain Groups to be mapped to valid UNIX groups. 1773 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30312"></a><a name="id330314"></a><b>4.</b></td><td align="left" valign="top"><p>1773 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353221"></a><a name="id353223"></a><p><b>4.</b></p></td><td align="left" valign="top"><p> 1774 1774 Why has a path been specified in the <em class="parameter"><code>IPC$</code></em> share? 1775 1775 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1777 1777 obtain access to the file system, it does so at a location that presents least risk. Under normal operation 1778 1778 this type of paranoid step should not be necessary. The use of this parameter should not be necessary. 1779 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30337"></a><a name="id330339"></a><b>5.</b></td><td align="left" valign="top"><p>1780 Why does the <code class="filename">smb.conf</code> file in this exercise include an entry for <a class=" indexterm" name="id330350"></a>smb ports?1779 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353246"></a><a name="id353248"></a><p><b>5.</b></p></td><td align="left" valign="top"><p> 1780 Why does the <code class="filename">smb.conf</code> file in this exercise include an entry for <a class="link" href="smb.conf.5.html#SMBPORTS">smb ports</a>? 1781 1781 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 1782 1782 The default order by which Samba-3 attempts to communicate with MS Windows clients is via port 445 (the TCP port … … 1786 1786 The result of this is improved network performance. Where Samba-3 is installed as an Active Directory Domain 1787 1787 member, the default behavior is highly beneficial and should not be changed. 1788 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30378"></a><a name="id330380"></a><b>6.</b></td><td align="left" valign="top"><p>1788 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353286"></a><a name="id353288"></a><p><b>6.</b></p></td><td align="left" valign="top"><p> 1789 1789 What is the difference between a print queue and a printer? 1790 1790 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1800 1800 and the job is then submitted to a sequential print queue where the job is stored until 1801 1801 the printer is ready to receive the job. 1802 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30405"></a><a name="id330408"></a><b>7.</b></td><td align="left" valign="top"><p>1802 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353314"></a><a name="id353316"></a><p><b>7.</b></p></td><td align="left" valign="top"><p> 1803 1803 Can all MS Windows application software be installed onto an application server share? 1804 1804 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1808 1808 Professional do not permit installation to an application server share and can be installed 1809 1809 and used only to/from a local workstation hard disk. 1810 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30426"></a><a name="id330428"></a><b>8.</b></td><td align="left" valign="top"><p>1810 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353334"></a><a name="id353336"></a><p><b>8.</b></p></td><td align="left" valign="top"><p> 1811 1811 Why use dynamic DNS (DDNS)? 1812 1812 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1814 1814 network clients that are not NetBIOS-enabled, and thus cannot use WINS, to locate 1815 1815 Windows clients via DNS. 1816 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30444"></a><a name="id330446"></a><b>9.</b></td><td align="left" valign="top"><p>1816 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353352"></a><a name="id353354"></a><p><b>9.</b></p></td><td align="left" valign="top"><p> 1817 1817 Why would you use WINS as well as DNS-based name resolution? 1818 1818 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1822 1822 expression that may be up to 1024 characters in length and that represents an IP address. 1823 1823 A NetBIOS name is always 16 characters long. The 16<sup>th</sup> character 1824 is a name type indicator. A specific name type is registered<sup>[<a name="id3 30478" href="#ftn.id330478">9</a>]</sup> for each1824 is a name type indicator. A specific name type is registered<sup>[<a name="id353386" href="#ftn.id353386" class="footnote">9</a>]</sup> for each 1825 1825 type of service that is provided by the Windows server or client and that may be registered 1826 1826 where a WINS server is in use. … … 1837 1837 </p><p> 1838 1838 Windows 200x Active Directory requires the registration in the DNS zone for the domain it 1839 controls of service locator<sup>[<a name="id3 30504" href="#ftn.id330504">10</a>]</sup> records1839 controls of service locator<sup>[<a name="id353412" href="#ftn.id353412" class="footnote">10</a>]</sup> records 1840 1840 that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also 1841 1841 requires the registration of special records that are called global catalog (GC) entries 1842 1842 and site entries by which domain controllers and other essential ADS servers may be located. 1843 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id3 30514"></a><a name="id330516"></a><b>10.</b></td><td align="left" valign="top"><p>1843 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id353422"></a><a name="id353425"></a><p><b>10.</b></p></td><td align="left" valign="top"><p> 1844 1844 What are the major benefits of using an application server? 1845 1845 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1848 1848 one location for all major applications used. This results in faster update roll-outs and 1849 1849 significantly better application usage control. 1850 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id3 25335" href="#id325335">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3.1850 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id348612" href="#id348612" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3. 1851 1851 This is necessary so that Samba can act as a Domain Controller (PDC); see 1852 <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id3 25710" href="#id325710">6</a>] </sup>You may want to do the echo command last and include1853 "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id3 29230" href="#id329230">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>,1852 <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id348957" href="#id348957" class="para">6</a>] </sup>You may want to do the echo command last and include 1853 "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id352147" href="#id352147" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>, 1854 1854 Chapter 23, Section 23.3. The single instance of <code class="literal">smbd</code> is normal. One additional 1855 1855 <code class="literal">smbd</code> slave process is spawned for each SMB/CIFS client 1856 connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id3 30264" href="#id330264">8</a>] </sup>Bench tests have shown that tdbsam is a very1856 connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id353173" href="#id353173" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very 1857 1857 effective database technology. There is surprisingly little performance loss even 1858 with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id3 30478" href="#id330478">9</a>] </sup>1859 See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id3 30504" href="#id330504">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>1858 with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id353386" href="#id353386" class="para">9</a>] </sup> 1859 See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id353412" href="#id353412" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>
Note:
See TracChangeset
for help on using the changeset viewer.
