- Timestamp:
- May 20, 2009, 6:46:53 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/docs/htmldocs/Samba3-ByExample/secure.html
r149 r204 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.1"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id25513 73">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2551425">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2551674">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2551690">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id2552142">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2552183">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2553120">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2557755">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2557817">Questions and Answers</a></span></dt></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.1"><link rel="start" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id2551387">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2551439">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2551688">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2551704">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id2552156">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2552197">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2553134">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2557769">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2557831">Questions and Answers</a></span></dt></dl></div><p> 2 2 Congratulations, your Samba networking skills are developing nicely. You started out 3 3 with three simple networks in <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">“No-Frills Samba Servers”</a>, and then in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a> … … 12 12 To avoid confusion, this book is all about Samba-3. Let's get the exercises in this 13 13 chapter underway. 14 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id25513 73"></a>Introduction</h2></div></div></div><p>14 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2551387"></a>Introduction</h2></div></div></div><p> 15 15 You have made Mr. Meany a very happy man. Recently he paid you a fat bonus for work 16 16 well done. It is one year since the last network upgrade. You have been quite busy. … … 41 41 about your move, she almost resigned, although she was reassured that a new manager would 42 42 be hired to run Information Technology, and she would be responsible only for operations. 43 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25514 25"></a>Assignment Tasks</h3></div></div></div><p>43 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551439"></a>Assignment Tasks</h3></div></div></div><p> 44 44 You promised the staff Internet services including Web browsing, electronic mail, virus 45 45 protection, and a company Web site. Christine is eager to help turn the vision into … … 84 84 some problems with desktop computers and software installation into the new users' 85 85 desktop profiles. 86 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id25516 74"></a>Dissection and Discussion</h2></div></div></div><p>86 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2551688"></a>Dissection and Discussion</h2></div></div></div><p> 87 87 Many of the conclusions you draw here are obvious. Some requirements are not very clear 88 88 or may simply be your means of drawing the most out of Samba-3. Much can be done more simply … … 90 90 users. This means that some functionality will be overdesigned for the current 130-user 91 91 environment. 92 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551 690"></a>Technical Issues</h3></div></div></div><p>92 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2551704"></a>Technical Issues</h3></div></div></div><p> 93 93 In this exercise we use a 24-bit subnet mask for the two local networks. This, 94 94 of course, limits our network to a maximum of 253 usable IP addresses. The network … … 98 98 in the 172.16.0.0/16 range. This is done in subsequent chapters. 99 99 </p><p> 100 <a class="indexterm" name="id25517 09"></a>101 <a class="indexterm" name="id25517 16"></a>100 <a class="indexterm" name="id2551723"></a> 101 <a class="indexterm" name="id2551730"></a> 102 102 The high growth rates projected are a good reason to use the <code class="constant">tdbsam</code> 103 103 passdb backend. The use of <code class="constant">smbpasswd</code> for the backend may result in … … 105 105 are not available with the older, flat ASCII-based <code class="constant">smbpasswd</code> database. 106 106 </p><p> 107 <a class="indexterm" name="id25517 44"></a>107 <a class="indexterm" name="id2551758"></a> 108 108 The proposed network design uses a single server to act as an Internet services host for 109 109 electronic mail, Web serving, remote administrative access via SSH, … … 118 118 directly connected to the Internet. 119 119 </p><p> 120 <a class="indexterm" name="id2551770"></a>121 <a class="indexterm" name="id2551777"></a>122 120 <a class="indexterm" name="id2551784"></a> 123 <a class="indexterm" name="id2551793"></a> 121 <a class="indexterm" name="id2551791"></a> 122 <a class="indexterm" name="id2551798"></a> 123 <a class="indexterm" name="id2551807"></a> 124 124 You know that your ISP is providing full firewall services, but you cannot rely on that. 125 125 Always assume that human error will occur, so be prepared by using Linux firewall facilities … … 132 132 covered except insofar as this affects Samba-3. 133 133 </p><p> 134 <a class="indexterm" name="id25518 23"></a>134 <a class="indexterm" name="id2551837"></a> 135 135 Notebook computers are configured to use a network login when in the office and a 136 136 local account to log in while away from the office. Users store all work done in … … 142 142 records. 143 143 </p><p> 144 <a class="indexterm" name="id25518 54"></a>144 <a class="indexterm" name="id2551868"></a> 145 145 All applications are served from the central server from a share called <code class="constant">apps</code>. 146 146 Microsoft Office XP Professional and OpenOffice 1.1.0 will be installed using a network … … 149 149 locally installed applications on a need-to-have basis only. 150 150 </p><p> 151 <a class="indexterm" name="id25518 75"></a>151 <a class="indexterm" name="id2551889"></a> 152 152 The introduction of roaming profiles support means that users can move between 153 153 desktop computer systems without constraint while retaining full access to their data. 154 154 The desktop travels with them as they move. 155 155 </p><p> 156 <a class="indexterm" name="id2551 889"></a>156 <a class="indexterm" name="id2551903"></a> 157 157 The DNS server implementation must now address both internal and external 158 158 needs. You forward DNS lookups to your ISP-provided server as well as the 159 159 <code class="constant">abmas.us</code> external secondary DNS server. 160 160 </p><p> 161 <a class="indexterm" name="id25519 05"></a>162 <a class="indexterm" name="id25519 12"></a>163 <a class="indexterm" name="id25519 21"></a>161 <a class="indexterm" name="id2551919"></a> 162 <a class="indexterm" name="id2551926"></a> 163 <a class="indexterm" name="id2551935"></a> 164 164 Compared with the DHCP server configuration in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a>, <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">“Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf”</a>, the 165 165 configuration used in this example has to deal with the presence of an Internet connection. … … 185 185 then clone that configuration, using Norton Ghost, to all workstations. Each machine is 186 186 identical, so this should pose no problem. 187 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id25519 76"></a>Hardware Requirements</h4></div></div></div><p>188 <a class="indexterm" name="id25519 84"></a>187 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2551990"></a>Hardware Requirements</h4></div></div></div><p> 188 <a class="indexterm" name="id2551998"></a> 189 189 This server runs a considerable number of services. From similarly configured Linux 190 190 installations, the approximate calculated memory requirements are as shown in … … 214 214 compromise in this area. 215 215 </p><p> 216 <a class="indexterm" name="id25520 41"></a>216 <a class="indexterm" name="id2552055"></a> 217 217 Aggregate input/output loads should be considered for sizing network configuration as 218 218 well as disk subsystems. For network bandwidth calculations, one would typically use an … … 223 223 switched ports. 224 224 </p><p> 225 <a class="indexterm" name="id25520 60"></a>226 <a class="indexterm" name="id25520 67"></a>225 <a class="indexterm" name="id2552074"></a> 226 <a class="indexterm" name="id2552081"></a> 227 227 Considering the choice of 1 Gb Ethernet interfaces for the two local network segments, 228 228 the aggregate network I/O capacity will be 2100 Mb/sec (about 230 MB/sec), an I/O … … 256 256 Recommended Storage: 908 GBytes 257 257 </pre></div></div><p><br class="example-break"> 258 <a class="indexterm" name="id25521 29"></a>258 <a class="indexterm" name="id2552143"></a> 259 259 The preferred storage capacity should be approximately 1 Terabyte. Use of RAID level 5 260 260 with two hot spare drives would require an 8-drive by 200 GB capacity per drive array. 261 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25521 42"></a>Political Issues</h3></div></div></div><p>261 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2552156"></a>Political Issues</h3></div></div></div><p> 262 262 Your industry is coming under increasing accountability pressures. Increased paranoia 263 263 is necessary so you can demonstrate that you have acted with due diligence. You must … … 268 268 gives you greater control over software licensing. 269 269 </p><p> 270 <a class="indexterm" name="id25521 64"></a>270 <a class="indexterm" name="id2552178"></a> 271 271 You are well aware that the current configuration results in some performance issues 272 272 as the size of the desktop profile grows. Given that users use Microsoft Outlook 273 273 Express, you know that the storage implications of the <code class="constant">.PST</code> file 274 274 is something that needs to be addressed later. 275 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id25521 83"></a>Implementation</h2></div></div></div><p>275 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2552197"></a>Implementation</h2></div></div></div><p> 276 276 <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">“Abmas Network Topology 130 Users”</a> demonstrates the overall design of the network that you will implement. 277 277 </p><p> … … 289 289 The Domain name is set to <code class="constant">PROMISES</code>. 290 290 </p></li><li><p> 291 <a class="indexterm" name="id2552244"></a>292 <a class="indexterm" name="id2552251"></a>293 291 <a class="indexterm" name="id2552258"></a> 292 <a class="indexterm" name="id2552265"></a> 293 <a class="indexterm" name="id2552272"></a> 294 294 Ethernet interface <code class="constant">eth0</code> is attached to the Internet connection 295 295 and is externally exposed. This interface is explicitly not available for Samba to use. … … 299 299 <em class="parameter"><code>bind interfaces only</code></em> entry. 300 300 </p></li><li><p> 301 <a class="indexterm" name="id2552294"></a>302 <a class="indexterm" name="id2552301"></a>303 301 <a class="indexterm" name="id2552308"></a> 302 <a class="indexterm" name="id2552315"></a> 303 <a class="indexterm" name="id2552322"></a> 304 304 The <em class="parameter"><code>passdb backend</code></em> parameter specifies the creation and use 305 305 of the <code class="constant">tdbsam</code> password backend. This is a binary database that 306 306 has excellent scalability for a large number of user account entries. 307 307 </p></li><li><p> 308 <a class="indexterm" name="id2552332"></a>309 <a class="indexterm" name="id2552339"></a>310 308 <a class="indexterm" name="id2552346"></a> 309 <a class="indexterm" name="id2552353"></a> 310 <a class="indexterm" name="id2552360"></a> 311 311 WINS serving is enabled by the <a class="link" href="smb.conf.5.html#WINSSUPPORT">wins support = Yes</a>, 312 312 and name resolution is set to use it by means of the 313 313 <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER">name resolve order = wins bcast hosts</a> entry. 314 314 </p></li><li><p> 315 <a class="indexterm" name="id25523 85"></a>315 <a class="indexterm" name="id2552399"></a> 316 316 The Samba server is configured for use by Windows clients as a time server. 317 317 </p></li><li><p> 318 <a class="indexterm" name="id2552397"></a>319 <a class="indexterm" name="id2552404"></a>320 318 <a class="indexterm" name="id2552411"></a> 319 <a class="indexterm" name="id2552418"></a> 320 <a class="indexterm" name="id2552425"></a> 321 321 Samba is configured to directly interface with CUPS via the direct internal interface 322 322 that is provided by CUPS libraries. This is achieved with the … … 324 324 <a class="link" href="smb.conf.5.html#PRINTCAPNAME">printcap name = CUPS</a> entries. 325 325 </p></li><li><p> 326 <a class="indexterm" name="id2552450"></a>327 <a class="indexterm" name="id2552457"></a>328 326 <a class="indexterm" name="id2552464"></a> 327 <a class="indexterm" name="id2552471"></a> 328 <a class="indexterm" name="id2552478"></a> 329 329 External interface scripts are provided to enable Samba to interface smoothly to 330 330 essential operating system functions for user and group management. This is important … … 335 335 <a class="ulink" href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">site</a>. 336 336 </p></li><li><p> 337 <a class="indexterm" name="id2552 495"></a>337 <a class="indexterm" name="id2552508"></a> 338 338 The <code class="filename">smb.conf</code> file specifies that the Samba server will operate in (default) <em class="parameter"><code> 339 security = user</code></em> mode<sup>[<a name="id25525 15" href="#ftn.id2552515" class="footnote">5</a>]</sup>339 security = user</code></em> mode<sup>[<a name="id2552528" href="#ftn.id2552528" class="footnote">5</a>]</sup> 340 340 (User Mode). 341 341 </p></li><li><p> 342 <a class="indexterm" name="id25525 33"></a>343 <a class="indexterm" name="id25525 40"></a>342 <a class="indexterm" name="id2552547"></a> 343 <a class="indexterm" name="id2552554"></a> 344 344 Domain logon services as well as a Domain logon script are specified. The logon script 345 345 will be used to add robustness to the overall network configuration. 346 346 </p></li><li><p> 347 <a class="indexterm" name="id2552554"></a>348 <a class="indexterm" name="id2552561"></a>349 347 <a class="indexterm" name="id2552568"></a> 348 <a class="indexterm" name="id2552575"></a> 349 <a class="indexterm" name="id2552582"></a> 350 350 Roaming profiles are enabled through the specification of the parameter, 351 351 <a class="link" href="smb.conf.5.html#LOGONPATH">logon path = \\%L\profiles\%U</a>. The value of this parameter translates the … … 357 357 requirement is when a profile is created for group use. 358 358 </p></li><li><p> 359 <a class="indexterm" name="id25526 12"></a>360 <a class="indexterm" name="id25526 19"></a>359 <a class="indexterm" name="id2552626"></a> 360 <a class="indexterm" name="id2552633"></a> 361 361 Precautionary veto is effected for particular Windows file names that have been targeted by 362 362 virus-related activity. Additionally, Microsoft Office files are vetoed from opportunistic locking … … 386 386 The following sections cover each step in logical and defined detail. 387 387 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4bsc"></a>Basic System Configuration</h3></div></div></div><p> 388 <a class="indexterm" name="id25527 10"></a>388 <a class="indexterm" name="id2552724"></a> 389 389 The preparation in this section assumes that your SUSE Enterprise Linux Server 8.0 system has been 390 390 freshly installed. It prepares basic files so that the system is ready for comprehensive 391 391 operation in line with the network diagram shown in <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">“Abmas Network Topology 130 Users”</a>. 392 </p><div class="procedure"><a name="id25527 28"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol type="1"><li><p>393 <a class="indexterm" name="id25527 39"></a>392 </p><div class="procedure"><a name="id2552742"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol type="1"><li><p> 393 <a class="indexterm" name="id2552753"></a> 394 394 Using the UNIX/Linux system tools, name the server <code class="constant">server.abmas.us</code>. 395 395 Verify that your hostname is correctly set by running: … … 404 404 </pre><p> 405 405 </p></li><li><p> 406 <a class="indexterm" name="id25527 83"></a>407 <a class="indexterm" name="id2552 790"></a>406 <a class="indexterm" name="id2552797"></a> 407 <a class="indexterm" name="id2552804"></a> 408 408 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses 409 409 of all network interfaces that are on the host server. This is necessary so that during … … 426 426 192.168.2.30 hplj6f.abmas.biz hplj6f 427 427 </pre><p> 428 <a class="indexterm" name="id25528 45"></a>429 <a class="indexterm" name="id25528 52"></a>430 <a class="indexterm" name="id25528 59"></a>428 <a class="indexterm" name="id2552860"></a> 429 <a class="indexterm" name="id2552866"></a> 430 <a class="indexterm" name="id2552873"></a> 431 431 The printer entries are not necessary if <code class="literal">named</code> is started prior to 432 432 startup of <code class="literal">cupsd</code>, the CUPS daemon. 433 433 </p></li><li><p> 434 <a class="indexterm" name="id2552886"></a>435 <a class="indexterm" name="id2552893"></a>436 434 <a class="indexterm" name="id2552900"></a> 435 <a class="indexterm" name="id2552907"></a> 436 <a class="indexterm" name="id2552914"></a> 437 437 The host server is acting as a router between the two internal network segments as well 438 438 as for all Internet access. This necessitates that IP forwarding be enabled. This can be … … 443 443 To ensure that your kernel is capable of IP forwarding during configuration, you may 444 444 wish to execute that command manually also. This setting permits the Linux system to 445 act as a router.<sup>[<a name="id25529 28" href="#ftn.id2552928" class="footnote">6</a>]</sup>446 </p></li><li><p> 447 <a class="indexterm" name="id25529 41"></a>448 <a class="indexterm" name="id25529 48"></a>445 act as a router.<sup>[<a name="id2552942" href="#ftn.id2552942" class="footnote">6</a>]</sup> 446 </p></li><li><p> 447 <a class="indexterm" name="id2552955"></a> 448 <a class="indexterm" name="id2552962"></a> 449 449 Installation of a basic firewall and NAT facility is necessary. 450 450 The following script can be installed in the <code class="filename">/usr/local/sbin</code> … … 525 525 </pre><p> 526 526 </p></li></ol></div><p> 527 <a class="indexterm" name="id2553 097"></a>527 <a class="indexterm" name="id2553111"></a> 528 528 The server is now ready for Samba configuration. During the validation step, you remove 529 529 the entry for the Samba server <code class="constant">diamond</code> from the <code class="filename">/etc/hosts</code> 530 530 file. This is done after you are satisfied that DNS-based name resolution is functioning correctly. 531 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25531 20"></a>Samba Configuration</h3></div></div></div><p>531 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2553134"></a>Samba Configuration</h3></div></div></div><p> 532 532 When you have completed this section, the Samba server is ready for testing and validation; 533 533 however, testing and validation have to wait until DHCP, DNS, and printing (CUPS) services have 534 534 been configured. 535 </p><div class="procedure"><a name="id25531 32"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol type="1"><li><p>535 </p><div class="procedure"><a name="id2553146"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol type="1"><li><p> 536 536 Install the Samba-3 binary RPM from the Samba-Team FTP site. Assuming that the binary 537 537 RPM file is called <code class="filename">samba-3.0.20-1.i386.rpm</code>, one way to install this … … 548 548 file. The final, fully qualified path for this file should be <code class="filename">/etc/samba/smb.conf</code>. 549 549 550 </p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id25532 54"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id2553266"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id2553278"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2553289"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553301"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2553313"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553325"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id2553337"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id2553350"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2553362"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553374"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2553385"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2553397"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2553409"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2553420"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2553432"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2553444"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553456"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2553468"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2553480"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553492"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553504"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2553516"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2553528"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553541"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553554"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2553566"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2553578"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2553590"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2553602"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2553614"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2553625"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553637"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553649"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553661"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553672"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553684"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2553696"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2553707"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2553719"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break">551 552 </p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id25537 63"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2553775"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2553786"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2553798"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2553818"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2553830"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2553842"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553853"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553865"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553877"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553888"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2553909"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2553921"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2553933"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553944"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2553965"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2553977"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2553988"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2554000"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2554021"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554032"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2554044"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break">553 554 </p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2554 087"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554099"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2554111"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2554131"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554143"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2554155"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2554175"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554187"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2554198"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2554210"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break">555 </p></li><li><p> 556 <a class="indexterm" name="id25542 29"></a><a class="indexterm" name="id2554235"></a>550 </p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2553268"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id2553280"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id2553292"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2553304"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553316"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2553327"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553339"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id2553351"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id2553364"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2553376"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553388"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2553399"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2553411"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2553423"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2553434"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2553446"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2553458"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553470"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2553482"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2553494"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553506"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553518"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2553530"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2553543"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553555"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2553568"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2553580"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2553592"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2553604"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2553616"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2553628"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2553640"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553651"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553663"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553675"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553686"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553698"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2553710"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2553722"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2553733"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break"> 551 552 </p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2553777"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2553789"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2553800"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2553812"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2553832"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2553844"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2553856"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553867"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553879"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553891"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553903"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2553923"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2553935"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2553947"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2553958"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2553979"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2553991"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2554003"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2554014"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2554035"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554047"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2554058"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break"> 553 554 </p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2554102"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554113"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2554125"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2554145"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554157"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2554169"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2554189"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2554201"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2554213"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2554224"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break"> 555 </p></li><li><p> 556 <a class="indexterm" name="id2554244"></a><a class="indexterm" name="id2554249"></a> 557 557 Add the <code class="constant">root</code> user to the password backend as follows: 558 558 </p><pre class="screen"> … … 567 567 without considerable trouble. 568 568 </p></li><li><p> 569 <a class="indexterm" name="id25542 83"></a>569 <a class="indexterm" name="id2554297"></a> 570 570 Create the username map file to permit the <code class="constant">root</code> account to be called 571 571 <code class="constant">Administrator</code> from the Windows network environment. To do this, create … … 594 594 </pre><p> 595 595 </p></li><li><p> 596 <a class="indexterm" name="id25543 27"></a>597 <a class="indexterm" name="id25543 34"></a>598 <a class="indexterm" name="id25543 45"></a>599 <a class="indexterm" name="id25543 57"></a>596 <a class="indexterm" name="id2554341"></a> 597 <a class="indexterm" name="id2554348"></a> 598 <a class="indexterm" name="id2554359"></a> 599 <a class="indexterm" name="id2554371"></a> 600 600 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a>, 601 601 <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">“Script to Map Windows NT Groups to UNIX Groups”</a>. Create a file containing this script. We called ours … … 603 603 and then execute the script. Sample output should be as follows: 604 604 605 </p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id25544 00"></a><pre class="screen">605 </p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id2554414"></a><pre class="screen"> 606 606 #!/bin/bash 607 607 # … … 656 656 </pre><p> 657 657 </p></li><li><p> 658 <a class="indexterm" name="id2554477"></a> 659 <a class="indexterm" name="id2554483"></a> 660 <a class="indexterm" name="id2554490"></a> 661 <a class="indexterm" name="id2554497"></a> 658 <a class="indexterm" name="id2554491"></a> 659 <a class="indexterm" name="id2554498"></a> 662 660 <a class="indexterm" name="id2554504"></a> 663 661 <a class="indexterm" name="id2554511"></a> 664 <a class="indexterm" name="id2554520"></a> 662 <a class="indexterm" name="id2554518"></a> 663 <a class="indexterm" name="id2554525"></a> 664 <a class="indexterm" name="id2554534"></a> 665 665 There is one preparatory step without which you will not have a working Samba 666 666 network environment. You must add an account for each network user. … … 687 687 You do of course use a valid user login ID in place of <em class="parameter"><code>username</code></em>. 688 688 </p></li><li><p> 689 <a class="indexterm" name="id25546 35"></a>690 <a class="indexterm" name="id25546 44"></a>691 <a class="indexterm" name="id25546 53"></a>689 <a class="indexterm" name="id2554649"></a> 690 <a class="indexterm" name="id2554658"></a> 691 <a class="indexterm" name="id2554667"></a> 692 692 Using the preferred tool for your UNIX system, add each user to the UNIX groups created 693 693 previously as necessary. File system access control will be based on UNIX group membership. … … 698 698 file system partition using appropriate system tools. 699 699 </p></li><li><p> 700 <a class="indexterm" name="id2554 695"></a>700 <a class="indexterm" name="id2554709"></a> 701 701 Create the top-level file storage directories for data and applications as follows: 702 702 </p><pre class="screen"> … … 739 739 </pre><p> 740 740 </p></li><li><p> 741 <a class="indexterm" name="id25549 08"></a>742 <a class="indexterm" name="id25549 14"></a>743 <a class="indexterm" name="id25549 21"></a>741 <a class="indexterm" name="id2554922"></a> 742 <a class="indexterm" name="id2554928"></a> 743 <a class="indexterm" name="id2554935"></a> 744 744 Create a logon script. It is important that each line is correctly terminated with 745 745 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure … … 761 761 foundational to Internet access as well as to trouble-free operation of local networking. When 762 762 you have completed this section, the server should be ready for solid duty operation. 763 </p><div class="procedure"><a name="id255 4996"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol type="1"><li><p>764 <a class="indexterm" name="id25550 08"></a>763 </p><div class="procedure"><a name="id2555010"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol type="1"><li><p> 764 <a class="indexterm" name="id2555022"></a> 765 765 Create a file called <code class="filename">/etc/dhcpd.conf</code> with the contents as 766 766 shown in <a class="link" href="secure.html#prom-dhcp" title="Example 3.8. DHCP Server Configuration File /etc/dhcpd.conf">“DHCP Server Configuration File /etc/dhcpd.conf”</a>. … … 813 813 </pre></div></div><p><br class="example-break"> 814 814 </p></li><li><p> 815 <a class="indexterm" name="id25550 82"></a>815 <a class="indexterm" name="id2555097"></a> 816 816 Create a file called <code class="filename">/etc/named.conf</code> that has the combined contents 817 817 of the <a class="link" href="secure.html#ch4namedcfg" title="Example 3.9. DNS Master Configuration File /etc/named.conf Master Section">“DNS Master Configuration File /etc/named.conf Master Section”</a>, <a class="link" href="secure.html#ch4namedvarfwd" title="Example 3.10. DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section">“DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section”</a>, and … … 824 824 </p><div class="table"><a name="namedrscfiles"></a><p class="title"><b>Table 3.2. DNS (named) Resource Files</b></p><div class="table-contents"><table summary="DNS (named) Resource Files" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Reference</th><th align="left">File Location</th></tr></thead><tbody><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left">/var/lib/named/localhost.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left">/var/lib/named/127.0.0.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left">/var/lib/named/root.hint</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">“DNS Abmas.biz Forward Zone File”</a></td><td align="left">/var/lib/named/master/abmas.biz.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasus" title="Example 3.15. DNS Abmas.us Forward Zone File">“DNS Abmas.us Forward Zone File”</a></td><td align="left">/var/lib/named/abmas.us.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#eth1zone" title="Example 3.12. DNS 192.168.1 Reverse Zone File">“DNS 192.168.1 Reverse Zone File”</a></td><td align="left">/var/lib/named/192.168.1.0.rev</td></tr><tr><td align="left"><a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">“DNS 192.168.2 Reverse Zone File”</a></td><td align="left">/var/lib/named/192.168.2.0.rev</td></tr></tbody></table></div></div><p><br class="table-break"> 825 825 826 </p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id2555 294"></a><pre class="screen">826 </p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id2555308"></a><pre class="screen"> 827 827 ### 828 828 # Abmas Biz DNS Control File … … 1009 1009 1010 1010 </p></li><li><p> 1011 <a class="indexterm" name="id25555 08"></a><a class="indexterm" name="id2555514"></a>1011 <a class="indexterm" name="id2555522"></a><a class="indexterm" name="id2555528"></a> 1012 1012 All DNS name resolution should be handled locally. To ensure that the server is configured 1013 1013 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> to have the following … … 1018 1018 nameserver 123.45.54.23 1019 1019 </pre><p> 1020 <a class="indexterm" name="id25555 38"></a>1020 <a class="indexterm" name="id2555553"></a> 1021 1021 This instructs the name resolver function (when configured correctly) to ask the DNS server 1022 1022 that is running locally to resolve names to addresses. In the event that the local name server … … 1024 1024 purely local names to IP addresses. 1025 1025 </p></li><li><p> 1026 <a class="indexterm" name="id25555 60"></a>1026 <a class="indexterm" name="id2555574"></a> 1027 1027 The final step is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 1028 1028 This file controls the operation of the various resolver libraries that are part of the Linux … … 1043 1043 submitted to it. In other words, our configuration turns CUPS into a raw-mode print queue. This means that 1044 1044 the correct printer driver must be installed on all clients. 1045 </p><div class="procedure"><a name="id25556 18"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol type="1"><li><p>1045 </p><div class="procedure"><a name="id2555632"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol type="1"><li><p> 1046 1046 Configure each printer to be a DHCP client, carefully following the manufacturer's guidelines. 1047 1047 </p></li><li><p> … … 1050 1050 port as necessary in the following example commands. 1051 1051 This allows the CUPS spooler to print using raw mode protocols. 1052 <a class="indexterm" name="id25556 44"></a>1053 <a class="indexterm" name="id25556 51"></a>1052 <a class="indexterm" name="id2555658"></a> 1053 <a class="indexterm" name="id2555665"></a> 1054 1054 </p></li><li><p> 1055 <a class="indexterm" name="id25556 64"></a><a class="indexterm" name="id2555672"></a>1055 <a class="indexterm" name="id2555678"></a><a class="indexterm" name="id2555686"></a> 1056 1056 Configure the CUPS Print Queues as follows: 1057 1057 </p><pre class="screen"> … … 1061 1061 <code class="prompt">root# </code> lpadmin -p hplj6f -v socket://hplj6f.abmas.biz:9100 -E 1062 1062 </pre><p> 1063 <a class="indexterm" name="id25557 15"></a>1063 <a class="indexterm" name="id2555729"></a> 1064 1064 This creates the necessary print queues with no assigned print filter. 1065 </p></li><li><p><a class="indexterm" name="id25557 29"></a>1065 </p></li><li><p><a class="indexterm" name="id2555744"></a> 1066 1066 Print queues may not be enabled at creation. Use <code class="literal">lpc stat</code> to check 1067 1067 the status of the print queues and, if necessary, make certain that the queues you have … … 1073 1073 <code class="prompt">root# </code> /usr/bin/enable hplj6f 1074 1074 </pre><p> 1075 </p></li><li><p><a class="indexterm" name="id25557 84"></a>1075 </p></li><li><p><a class="indexterm" name="id2555798"></a> 1076 1076 Even though your print queues may be enabled, it is still possible that they 1077 1077 are not accepting print jobs. A print queue services incoming printing … … 1085 1085 </pre><p> 1086 1086 </p></li><li><p> 1087 <a class="indexterm" name="id2555835"></a>1088 <a class="indexterm" name="id2555842"></a>1089 1087 <a class="indexterm" name="id2555849"></a> 1088 <a class="indexterm" name="id2555856"></a> 1089 <a class="indexterm" name="id2555863"></a> 1090 1090 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line: 1091 1091 </p><pre class="screen"> … … 1093 1093 </pre><p> 1094 1094 </p></li><li><p> 1095 <a class="indexterm" name="id25558 77"></a>1095 <a class="indexterm" name="id2555891"></a> 1096 1096 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line: 1097 1097 </p><pre class="screen"> … … 1106 1106 The UNIX system print queues have been configured and are ready for validation testing. 1107 1107 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="procstart"></a>Process Startup Configuration</h3></div></div></div><p> 1108 <a class="indexterm" name="id25559 42"></a>1108 <a class="indexterm" name="id2555956"></a> 1109 1109 There are two essential steps to process startup configuration. First, the process 1110 1110 must be configured so that it automatically restarts each time the server … … 1115 1115 necessary start or kill script is run. 1116 1116 </p><p> 1117 <a class="indexterm" name="id2555977"></a> 1118 <a class="indexterm" name="id2555984"></a> 1119 <a class="indexterm" name="id2555991"></a> 1117 <a class="indexterm" name="id2555992"></a> 1120 1118 <a class="indexterm" name="id2555998"></a> 1121 1119 <a class="indexterm" name="id2556005"></a> 1120 <a class="indexterm" name="id2556012"></a> 1121 <a class="indexterm" name="id2556019"></a> 1122 1122 In the event that a service is not run as a daemon, but via the internetworking 1123 1123 super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code> … … 1130 1130 Use the standard system tool to configure each service to restart 1131 1131 automatically at every system reboot. For example, 1132 <a class="indexterm" name="id25560 56"></a>1132 <a class="indexterm" name="id2556070"></a> 1133 1133 </p><pre class="screen"> 1134 1134 <code class="prompt">root# </code> chkconfig dhpcd on … … 1138 1138 </pre><p> 1139 1139 </p></li><li><p> 1140 <a class="indexterm" name="id2556100"></a>1141 <a class="indexterm" name="id2556107"></a>1142 1140 <a class="indexterm" name="id2556114"></a> 1141 <a class="indexterm" name="id2556121"></a> 1142 <a class="indexterm" name="id2556128"></a> 1143 1143 Now start each service to permit the system to be validated. 1144 1144 Execute each of the following in the sequence shown: … … 1151 1151 </pre><p> 1152 1152 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4valid"></a>Validation</h3></div></div></div><p> 1153 <a class="indexterm" name="id25561 69"></a>1153 <a class="indexterm" name="id2556183"></a> 1154 1154 Complex networking problems are most often caused by simple things that are poorly or incorrectly 1155 1155 configured. The validation process adopted here should be followed carefully; it is the result of the … … 1161 1161 Later in this book you learn how to make users happier. For now, it is enough to learn to 1162 1162 validate. Let's get on with it. 1163 </p><div class="procedure"><a name="id2556 191"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol type="1"><li><p>1164 <a class="indexterm" name="id25562 02"></a>1163 </p><div class="procedure"><a name="id2556205"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol type="1"><li><p> 1164 <a class="indexterm" name="id2556216"></a> 1165 1165 One of the most important facets of Samba configuration is to ensure that 1166 1166 name resolution functions correctly. You can check name resolution … … 1188 1188 is working. 1189 1189 </p></li><li><p> 1190 <a class="indexterm" name="id25562 72"></a>1190 <a class="indexterm" name="id2556286"></a> 1191 1191 So far, your installation is going particularly well. In this step we validate 1192 1192 DNS server and name resolution operation. Using your favorite UNIX system editor, … … 1197 1197 </pre><p> 1198 1198 </p></li><li><p> 1199 <a class="indexterm" name="id25563 05"></a>1199 <a class="indexterm" name="id2556319"></a> 1200 1200 Before you test DNS operation, it is a good idea to verify that the DNS server 1201 1201 is running by executing the following: … … 1211 1211 </pre><p> 1212 1212 This means that we are ready to check DNS operation. Do so by executing: 1213 <a class="indexterm" name="id25563 34"></a>1213 <a class="indexterm" name="id2556349"></a> 1214 1214 </p><pre class="screen"> 1215 1215 <code class="prompt">root# </code> ping diamond … … 1227 1227 sleeth1.abmas.biz has address 192.168.1.1 1228 1228 </pre><p> 1229 <a class="indexterm" name="id25563 73"></a>1229 <a class="indexterm" name="id2556387"></a> 1230 1230 You may now remove the entry called <code class="constant">diamond</code> from the 1231 1231 <code class="filename">/etc/hosts</code> file. It does not hurt to leave it there, 1232 1232 but its removal reduces the number of administrative steps for this name. 1233 1233 </p></li><li><p> 1234 <a class="indexterm" name="id2556 399"></a>1234 <a class="indexterm" name="id2556413"></a> 1235 1235 WINS is a great way to resolve NetBIOS names to their IP address. You can test 1236 1236 the operation of WINS by starting <code class="literal">nmbd</code> (manually or by way … … 1251 1251 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.479 ms 1252 1252 </pre><p> 1253 <a class="indexterm" name="id2556 490"></a>1253 <a class="indexterm" name="id2556505"></a> 1254 1254 Now that you can relax with the knowledge that all three major forms of name 1255 1255 resolution to IP address resolution are working, edit the <code class="filename">/etc/nsswitch.conf</code> … … 1272 1272 comes when you try to add the first DHCP client to the network. 1273 1273 </p></li><li><p> 1274 <a class="indexterm" name="id25565 50"></a>1274 <a class="indexterm" name="id2556565"></a> 1275 1275 This is a good point at which to start validating Samba operation. You are 1276 1276 content that name resolution is working for basic TCP/IP needs. Let's move on. … … 1344 1344 Clear away all errors before proceeding. 1345 1345 </p></li><li><p> 1346 <a class="indexterm" name="id2556652"></a> 1347 <a class="indexterm" name="id2556658"></a> 1348 <a class="indexterm" name="id2556665"></a> 1346 <a class="indexterm" name="id2556666"></a> 1349 1347 <a class="indexterm" name="id2556672"></a> 1348 <a class="indexterm" name="id2556679"></a> 1349 <a class="indexterm" name="id2556686"></a> 1350 1350 Check that the Samba server is running: 1351 1351 </p><pre class="screen"> … … 1360 1360 </pre><p> 1361 1361 The <code class="literal">winbindd</code> daemon is running in split mode (normal), so there are also 1362 two instances<sup>[<a name="id25567 03" href="#ftn.id2556703" class="footnote">7</a>]</sup> of it.1362 two instances<sup>[<a name="id2556717" href="#ftn.id2556717" class="footnote">7</a>]</sup> of it. 1363 1363 </p></li><li><p> 1364 <a class="indexterm" name="id25567 33"></a>1365 <a class="indexterm" name="id25567 40"></a>1364 <a class="indexterm" name="id2556747"></a> 1365 <a class="indexterm" name="id2556754"></a> 1366 1366 Check that an anonymous connection can be made to the Samba server: 1367 1367 </p><pre class="screen"> … … 1395 1395 a <code class="constant">NULL</code> password. 1396 1396 </p></li><li><p> 1397 <a class="indexterm" name="id2556798"></a>1398 <a class="indexterm" name="id2556805"></a>1399 1397 <a class="indexterm" name="id2556812"></a> 1398 <a class="indexterm" name="id2556819"></a> 1399 <a class="indexterm" name="id2556826"></a> 1400 1400 Verify that each printer has the IP address assigned in the DHCP server configuration file. 1401 1401 The easiest way to do this is to ping the printer name. Immediately after the ping response … … 1412 1412 hplj6a (192.168.1.30) at 00:03:47:CB:81:E0 [ether] on eth0 1413 1413 </pre><p> 1414 <a class="indexterm" name="id25568 59"></a>1414 <a class="indexterm" name="id2556873"></a> 1415 1415 The MAC address <code class="constant">00:03:47:CB:81:E0</code> matches that specified for the 1416 1416 IP address from which the printer has responded and with the entry for it in the 1417 1417 <code class="filename">/etc/dhcpd.conf</code> file. Repeat this for each printer configured. 1418 1418 </p></li><li><p> 1419 <a class="indexterm" name="id2556 887"></a>1419 <a class="indexterm" name="id2556902"></a> 1420 1420 Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool: 1421 1421 </p><pre class="screen"> … … 1436 1436 </pre><p> 1437 1437 </p></li><li><p> 1438 <a class="indexterm" name="id25569 44"></a>1438 <a class="indexterm" name="id2556958"></a> 1439 1439 Your new server is connected to an Internet-accessible connection. Before you start 1440 1440 your firewall, you should run a port scanner against your system. You should repeat that … … 1511 1511 </pre><p> 1512 1512 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4appscfg"></a>Application Share Configuration</h3></div></div></div><p> 1513 <a class="indexterm" name="id25570 48"></a>1514 <a class="indexterm" name="id25570 54"></a>1513 <a class="indexterm" name="id2557062"></a> 1514 <a class="indexterm" name="id2557068"></a> 1515 1515 The use of an application server is a key mechanism by which desktop administration overheads 1516 1516 can be reduced. Check the application manual for your software to identify how best to … … 1533 1533 of work files on the local workstation. 1534 1534 </p></li></ul></div><p> 1535 <a class="indexterm" name="id25571 06"></a>1535 <a class="indexterm" name="id2557120"></a> 1536 1536 A common application deployed in this environment is an office suite. 1537 1537 Enterprise editions of Microsoft Office XP Professional can be administratively installed … … 1550 1550 local disk space. In the latter case, when the applications are used, they load over the network. 1551 1551 </p><p> 1552 <a class="indexterm" name="id25571 44"></a>1553 <a class="indexterm" name="id25571 50"></a>1552 <a class="indexterm" name="id2557158"></a> 1553 <a class="indexterm" name="id2557165"></a> 1554 1554 Microsoft Office Service Packs can be unpacked to update an administrative share. This makes 1555 1555 it possible to update MS Office XP Professional for all users from a single installation … … 1560 1560 editing or by way of configuration options inside each Office XP Professional application. 1561 1561 </p><p> 1562 <a class="indexterm" name="id25571 72"></a>1562 <a class="indexterm" name="id2557186"></a> 1563 1563 OpenOffice.Org OpenOffice Version 1.1.0 can be installed locally. It can also 1564 1564 be installed to run off a network share. The latter is a most desirable solution for office-bound … … 1573 1573 share point. The full administrative OpenOffice share takes approximately 150 MB of disk 1574 1574 space. 1575 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id25572 04"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p>1575 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2557218"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p> 1576 1576 Many single-user products can be installed into an administrative share, but 1577 1577 personal versions of products such as Microsoft Office XP Professional do not permit this. … … 1597 1597 please do not use the software. 1598 1598 </p><p> 1599 <a class="indexterm" name="id25572 52"></a>1599 <a class="indexterm" name="id2557266"></a> 1600 1600 Samba is provided under the terms of the GNU GPL Version 2, a copy of which is provided 1601 1601 with the source code. … … 1608 1608 be done with notebook computers as long as they are identical or sufficiently similar. 1609 1609 </p><div class="procedure"><a name="sbewinclntprep"></a><p class="title"><b>Procedure 3.6. Windows Client Configuration Procedure</b></p><ol type="1"><li><p> 1610 <a class="indexterm" name="id25573 02"></a>1611 <a class="indexterm" name="id25573 09"></a>1610 <a class="indexterm" name="id2557316"></a> 1611 <a class="indexterm" name="id2557323"></a> 1612 1612 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 1613 1613 TCP/IP protocol configuration. DHCP configures all Windows clients to use the WINS Server … … 1642 1642 preparation procedure below. 1643 1643 </p></li><li><p> 1644 <a class="indexterm" name="id25574 47"></a>1644 <a class="indexterm" name="id2557461"></a> 1645 1645 When you are satisfied that the staging systems are complete, use the appropriate procedure to 1646 1646 remove the client from the domain. Reboot the system and then log on as the local administrator … … 1651 1651 machine to a network share on the server. 1652 1652 </p></li><li><p> 1653 <a class="indexterm" name="id25574 76"></a>1654 <a class="indexterm" name="id25574 85"></a>1653 <a class="indexterm" name="id2557490"></a> 1654 <a class="indexterm" name="id2557499"></a> 1655 1655 You may now replicate the image to the target machines using the appropriate Norton Ghost 1656 1656 procedure. Make sure to use the procedure that ensures each machine has a unique … … 1687 1687 Repeat the printer installation steps above for both HP LaserJet 6 printers 1688 1688 as well as for both QMS Magicolor laser printers. 1689 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id25577 55"></a>Key Points Learned</h3></div></div></div><p>1689 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2557769"></a>Key Points Learned</h3></div></div></div><p> 1690 1690 How do you feel? You have built a capable network, a truly ambitious project. 1691 1691 Future network updates can be handled by … … 1710 1710 client in order to effect improved standardization of desktops and to reduce 1711 1711 the costs of network management. 1712 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id25578 17"></a>Questions and Answers</h2></div></div></div><p>1713 </p><div class="qandaset"><dl><dt>1. <a href="secure.html#id25578 33">1712 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2557831"></a>Questions and Answers</h2></div></div></div><p> 1713 </p><div class="qandaset"><dl><dt>1. <a href="secure.html#id2557847"> 1714 1714 What is the maximum number of account entries that the tdbsam 1715 1715 passdb backend can handle? 1716 </a></dt><dt>2. <a href="secure.html#id25579 01">1716 </a></dt><dt>2. <a href="secure.html#id2557916"> 1717 1717 Would Samba operate any better if the OS level is set to a value higher than 35? 1718 </a></dt><dt>3. <a href="secure.html#id25579 23">1718 </a></dt><dt>3. <a href="secure.html#id2557937"> 1719 1719 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups? 1720 </a></dt><dt>4. <a href="secure.html#id25579 46">1720 </a></dt><dt>4. <a href="secure.html#id2557960"> 1721 1721 Why has a path been specified in the IPC$ share? 1722 </a></dt><dt>5. <a href="secure.html#id25579 74">1722 </a></dt><dt>5. <a href="secure.html#id2557989"> 1723 1723 Why does the smb.conf file in this exercise include an entry for smb ports? 1724 </a></dt><dt>6. <a href="secure.html#id25580 21">1724 </a></dt><dt>6. <a href="secure.html#id2558035"> 1725 1725 What is the difference between a print queue and a printer? 1726 </a></dt><dt>7. <a href="secure.html#id25580 57">1726 </a></dt><dt>7. <a href="secure.html#id2558071"> 1727 1727 Can all MS Windows application software be installed onto an application server share? 1728 </a></dt><dt>8. <a href="secure.html#id25580 82">1728 </a></dt><dt>8. <a href="secure.html#id2558096"> 1729 1729 Why use dynamic DNS (DDNS)? 1730 </a></dt><dt>9. <a href="secure.html#id25581 01">1730 </a></dt><dt>9. <a href="secure.html#id2558115"> 1731 1731 Why would you use WINS as well as DNS-based name resolution? 1732 </a></dt><dt>10. <a href="secure.html#id2558 186">1732 </a></dt><dt>10. <a href="secure.html#id2558200"> 1733 1733 What are the major benefits of using an application server? 1734 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id25578 33"></a><a name="id2557835"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>1734 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2557847"></a><a name="id2557849"></a><p><b>1.</b></p></td><td align="left" valign="top"><p> 1735 1735 What is the maximum number of account entries that the <em class="parameter"><code>tdbsam</code></em> 1736 1736 passdb backend can handle? … … 1758 1758 not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The 1759 1759 limitation of 250 users per tdbsam is predicated only on the need for replication, 1760 not on the limits<sup>[<a name="id2557 891" href="#ftn.id2557891" class="footnote">8</a>]</sup> of the tdbsam backend itself.1761 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25579 01"></a><a name="id2557904"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>1760 not on the limits<sup>[<a name="id2557905" href="#ftn.id2557905" class="footnote">8</a>]</sup> of the tdbsam backend itself. 1761 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2557916"></a><a name="id2557918"></a><p><b>2.</b></p></td><td align="left" valign="top"><p> 1762 1762 Would Samba operate any better if the OS level is set to a value higher than 35? 1763 1763 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1765 1765 of 35 already assures Samba of precedence over MS Windows products in browser elections. There is 1766 1766 no gain to be had from setting this higher. 1767 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25579 23"></a><a name="id2557925"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>1767 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2557937"></a><a name="id2557940"></a><p><b>3.</b></p></td><td align="left" valign="top"><p> 1768 1768 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups? 1769 1769 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1771 1771 a later date Samba may make use of Windows Local Groups, as well as of the Active Directory special 1772 1772 Groups. Proper operation requires Domain Groups to be mapped to valid UNIX groups. 1773 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25579 46"></a><a name="id2557948"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>1773 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2557960"></a><a name="id2557962"></a><p><b>4.</b></p></td><td align="left" valign="top"><p> 1774 1774 Why has a path been specified in the <em class="parameter"><code>IPC$</code></em> share? 1775 1775 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1777 1777 obtain access to the file system, it does so at a location that presents least risk. Under normal operation 1778 1778 this type of paranoid step should not be necessary. The use of this parameter should not be necessary. 1779 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25579 74"></a><a name="id2557977"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>1779 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2557989"></a><a name="id2557991"></a><p><b>5.</b></p></td><td align="left" valign="top"><p> 1780 1780 Why does the <code class="filename">smb.conf</code> file in this exercise include an entry for <a class="link" href="smb.conf.5.html#SMBPORTS">smb ports</a>? 1781 1781 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1786 1786 The result of this is improved network performance. Where Samba-3 is installed as an Active Directory Domain 1787 1787 member, the default behavior is highly beneficial and should not be changed. 1788 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25580 21"></a><a name="id2558023"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>1788 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558035"></a><a name="id2558037"></a><p><b>6.</b></p></td><td align="left" valign="top"><p> 1789 1789 What is the difference between a print queue and a printer? 1790 1790 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1800 1800 and the job is then submitted to a sequential print queue where the job is stored until 1801 1801 the printer is ready to receive the job. 1802 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25580 57"></a><a name="id2558059"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>1802 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558071"></a><a name="id2558073"></a><p><b>7.</b></p></td><td align="left" valign="top"><p> 1803 1803 Can all MS Windows application software be installed onto an application server share? 1804 1804 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1808 1808 Professional do not permit installation to an application server share and can be installed 1809 1809 and used only to/from a local workstation hard disk. 1810 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25580 82"></a><a name="id2558084"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>1810 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558096"></a><a name="id2558098"></a><p><b>8.</b></p></td><td align="left" valign="top"><p> 1811 1811 Why use dynamic DNS (DDNS)? 1812 1812 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1814 1814 network clients that are not NetBIOS-enabled, and thus cannot use WINS, to locate 1815 1815 Windows clients via DNS. 1816 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25581 01"></a><a name="id2558103"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>1816 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558115"></a><a name="id2558118"></a><p><b>9.</b></p></td><td align="left" valign="top"><p> 1817 1817 Why would you use WINS as well as DNS-based name resolution? 1818 1818 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1822 1822 expression that may be up to 1024 characters in length and that represents an IP address. 1823 1823 A NetBIOS name is always 16 characters long. The 16<sup>th</sup> character 1824 is a name type indicator. A specific name type is registered<sup>[<a name="id25581 39" href="#ftn.id2558139" class="footnote">9</a>]</sup> for each1824 is a name type indicator. A specific name type is registered<sup>[<a name="id2558153" href="#ftn.id2558153" class="footnote">9</a>]</sup> for each 1825 1825 type of service that is provided by the Windows server or client and that may be registered 1826 1826 where a WINS server is in use. … … 1837 1837 </p><p> 1838 1838 Windows 200x Active Directory requires the registration in the DNS zone for the domain it 1839 controls of service locator<sup>[<a name="id25581 73" href="#ftn.id2558173" class="footnote">10</a>]</sup> records1839 controls of service locator<sup>[<a name="id2558187" href="#ftn.id2558187" class="footnote">10</a>]</sup> records 1840 1840 that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also 1841 1841 requires the registration of special records that are called global catalog (GC) entries 1842 1842 and site entries by which domain controllers and other essential ADS servers may be located. 1843 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558 186"></a><a name="id2558188"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>1843 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2558200"></a><a name="id2558202"></a><p><b>10.</b></p></td><td align="left" valign="top"><p> 1844 1844 What are the major benefits of using an application server? 1845 1845 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1848 1848 one location for all major applications used. This results in faster update roll-outs and 1849 1849 significantly better application usage control. 1850 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id25525 15" href="#id2552515" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3.1850 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2552528" href="#id2552528" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3. 1851 1851 This is necessary so that Samba can act as a Domain Controller (PDC); see 1852 <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25529 28" href="#id2552928" class="para">6</a>] </sup>You may want to do the echo command last and include1853 "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25567 03" href="#id2556703" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>,1852 <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2552942" href="#id2552942" class="para">6</a>] </sup>You may want to do the echo command last and include 1853 "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2556717" href="#id2556717" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>, 1854 1854 Chapter 23, Section 23.3. The single instance of <code class="literal">smbd</code> is normal. One additional 1855 1855 <code class="literal">smbd</code> slave process is spawned for each SMB/CIFS client 1856 connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2557 891" href="#id2557891" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very1856 connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2557905" href="#id2557905" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very 1857 1857 effective database technology. There is surprisingly little performance loss even 1858 with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25581 39" href="#id2558139" class="para">9</a>] </sup>1859 See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25581 73" href="#id2558173" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>1858 with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2558153" href="#id2558153" class="para">9</a>] </sup> 1859 See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2558187" href="#id2558187" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>
Note:
See TracChangeset
for help on using the changeset viewer.
