- Timestamp:
- Mar 1, 2010, 3:05:48 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/2000users.html
r368 r411 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. A Distributed 2000-User Network</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 5.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="happy.html" title="Chapter 5. Making Happy Users"><link rel="next" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. A Distributed 2000-User Network</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="happy.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="DMSMig.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 6. A Distributed 2000-User Network"><div class="titlepage"><div><div><h2 class="title"><a name="2000users"></a>Chapter 6. A Distributed 2000-User Network</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="2000users.html#id2589825">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="2000users.html#id2589856">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="2000users.html#id2589924">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="2000users.html#id2590197">Technical Issues</a></span></dt><dt><span class="sect2"><a href="2000users.html#id2591142">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="2000users.html#id2591160">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="2000users.html#id2594319">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="2000users.html#id2594466">Questions and Answers</a></span></dt></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 6. A Distributed 2000-User Network</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="happy.html" title="Chapter 5. Making Happy Users"><link rel="next" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. A Distributed 2000-User Network</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="happy.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="DMSMig.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="2000users"></a>Chapter 6. A Distributed 2000-User Network</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="2000users.html#id2583740">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="2000users.html#id2583770">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="2000users.html#id2583839">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="2000users.html#id2584112">Technical Issues</a></span></dt><dt><span class="sect2"><a href="2000users.html#id2585057">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="2000users.html#id2585074">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="2000users.html#id2588234">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="2000users.html#id2588381">Questions and Answers</a></span></dt></dl></div><p> 2 2 There is something indeed mystical about things that are 3 3 big. Large networks exhibit a certain magnetism and exude a sense of … … 31 31 specifics of implementing LDAP changes, Samba changes, and approach and 32 32 design of the solution and its deployment. 33 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2589825"></a>Introduction</h2></div></div></div><p>33 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583740"></a>Introduction</h2></div></div></div><p> 34 34 Abmas is a miracle company. Most businesses would have collapsed under 35 35 the weight of rapid expansion that this company has experienced. Samba … … 40 40 Samba server just to change the way your network should function. 41 41 </p><p> 42 <a class="indexterm" name="id258 9844"></a>42 <a class="indexterm" name="id2583759"></a> 43 43 Network growth is common to all organizations. In this exercise, 44 44 your preoccupation is with the mechanics of implementing Samba and 45 45 LDAP so that network users on each network segment can work 46 46 without impediment. 47 </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id2589856"></a>Assignment Tasks</h3></div></div></div><p>47 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2583770"></a>Assignment Tasks</h3></div></div></div><p> 48 48 Starting with the configuration files for the server called 49 49 <code class="constant">MASSIVE</code> in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>, you now deal with the … … 52 52 alternatives, and then design and implement a solution. 53 53 </p><p> 54 <a class="indexterm" name="id258 9884"></a>54 <a class="indexterm" name="id2583798"></a> 55 55 Remember, you have users based in London (UK), Los Angeles, 56 56 Washington. DC, and, three buildings in New York. A significant portion … … 73 73 DirectPointe. Your concern is server maintenance and third-level 74 74 support. Build a plan and show what must be done. 75 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2589924"></a>Dissection and Discussion</h2></div></div></div><p>76 <a class="indexterm" name="id258 9932"></a>77 <a class="indexterm" name="id258 9939"></a>75 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2583839"></a>Dissection and Discussion</h2></div></div></div><p> 76 <a class="indexterm" name="id2583847"></a> 77 <a class="indexterm" name="id2583854"></a> 78 78 In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>, you implemented an LDAP server that provided the 79 79 <em class="parameter"><code>passdb backend</code></em> for the Samba servers. You … … 81 81 took control of network performance. 82 82 </p><p> 83 <a class="indexterm" name="id258 9963"></a>84 <a class="indexterm" name="id258 9970"></a>85 <a class="indexterm" name="id258 9977"></a>86 <a class="indexterm" name="id258 9984"></a>83 <a class="indexterm" name="id2583878"></a> 84 <a class="indexterm" name="id2583885"></a> 85 <a class="indexterm" name="id2583892"></a> 86 <a class="indexterm" name="id2583899"></a> 87 87 The implementation of an LDAP-based passdb backend (known as 88 88 <span class="emphasis"><em>ldapsam</em></span> in Samba parlance), or some form of database … … 97 97 managers. 98 98 </p><p> 99 <a class="indexterm" name="id25 90023"></a>100 <a class="indexterm" name="id25 90030"></a>99 <a class="indexterm" name="id2583938"></a> 100 <a class="indexterm" name="id2583945"></a> 101 101 The new <span class="emphasis"><em>tdbsam</em></span> facility supports functionality 102 102 that is similar to an <span class="emphasis"><em>ldapsam</em></span>, but the lack of … … 106 106 backend? Is support for these tools broken? Answers to these 107 107 questions require a bit of background.</p><p> 108 <a class="indexterm" name="id25 90054"></a>109 <a class="indexterm" name="id25 90061"></a>110 <a class="indexterm" name="id25 90068"></a>111 <a class="indexterm" name="id25 90075"></a>108 <a class="indexterm" name="id2583969"></a> 109 <a class="indexterm" name="id2583976"></a> 110 <a class="indexterm" name="id2583982"></a> 111 <a class="indexterm" name="id2583990"></a> 112 112 <span class="emphasis"><em>What is a directory?</em></span> A directory is a 113 113 collection of information regarding objects that can be accessed to … … 117 117 information is organized to facilitate read access rather than to 118 118 support transaction processing.</p><p> 119 <a class="indexterm" name="id25 90095"></a>120 <a class="indexterm" name="id25 90105"></a>121 <a class="indexterm" name="id25 90111"></a>122 <a class="indexterm" name="id25 90118"></a>119 <a class="indexterm" name="id2584010"></a> 120 <a class="indexterm" name="id2584020"></a> 121 <a class="indexterm" name="id2584026"></a> 122 <a class="indexterm" name="id2584033"></a> 123 123 The Lightweight Directory Access Protocol (LDAP) differs 124 124 considerably from a traditional database. It has a simple search … … 127 127 the data repository and for keeping all copies (slaves) in sync with 128 128 the master repository.</p><p> 129 <a class="indexterm" name="id25 90134"></a>130 <a class="indexterm" name="id25 90141"></a>131 <a class="indexterm" name="id25 90148"></a>129 <a class="indexterm" name="id2584049"></a> 130 <a class="indexterm" name="id2584056"></a> 131 <a class="indexterm" name="id2584063"></a> 132 132 Samba is a flexible and powerful file and print sharing 133 133 technology. It can use many external authentication sources and can be … … 137 137 avoid the proprietary implications of Microsoft Active Directory 138 138 naturally gravitate toward OpenLDAP.</p><p> 139 <a class="indexterm" name="id25 90165"></a>139 <a class="indexterm" name="id2584080"></a> 140 140 In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>, you had to deal with a locally routed 141 141 network. All deployment concerns focused around making users happy, … … 148 148 access information globally. And you must make the network robust 149 149 enough so that it can sustain partial breakdown without causing loss of 150 productivity.</p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2590197"></a>Technical Issues</h3></div></div></div><p>150 productivity.</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2584112"></a>Technical Issues</h3></div></div></div><p> 151 151 There are at least three areas that need to be addressed as you 152 152 approach the challenge of designing a network solution for the newly 153 153 expanded business: 154 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="indexterm" name="id2590213"></a>155 User needs such as mobility and data access</p></li><li class="listitem"><p>The nature of Windows networking protocols</p></li><li class="listitem"><p>Identity management infrastructure needs</p></li></ul></div><p>Let's look at each in turn.</p><div class="sect3" title="User Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id2590236"></a>User Needs</h4></div></div></div><p>154 </p><div class="itemizedlist"><ul type="disc"><li><p><a class="indexterm" name="id2584128"></a> 155 User needs such as mobility and data access</p></li><li><p>The nature of Windows networking protocols</p></li><li><p>Identity management infrastructure needs</p></li></ul></div><p>Let's look at each in turn.</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2584151"></a>User Needs</h4></div></div></div><p> 156 156 The new company has three divisions. Staff for each division are spread across 157 157 the company. Some staff are office-bound and some are mobile users. Mobile … … 164 164 off for reasons outside the scope of this discussion. 165 165 </p><p> 166 <a class="indexterm" name="id25 90261"></a>166 <a class="indexterm" name="id2584176"></a> 167 167 Decisions must be made regarding where data is to be stored, how it will be 168 168 replicated (if at all), and what the network bandwidth implications are. For … … 175 175 to the network. 176 176 </p><p> 177 <a class="indexterm" name="id25 90288"></a>178 <a class="indexterm" name="id25 90297"></a>177 <a class="indexterm" name="id2584203"></a> 178 <a class="indexterm" name="id2584212"></a> 179 179 No matter which way you look at this, the bandwidth requirements 180 180 for acceptable performance are substantial even if only 10 percent of … … 189 189 server to and from the client. 190 190 </p><p> 191 <a class="indexterm" name="id25 90318"></a>191 <a class="indexterm" name="id2584233"></a> 192 192 Obviously then, user needs and wide-area practicalities dictate the economic and 193 193 technical aspects of your network design as well as for standard operating procedures. 194 </p></div><div class="sect3" title="The Nature of Windows Networking Protocols"><div class="titlepage"><div><div><h4 class="title"><a name="id2590330"></a>The Nature of Windows Networking Protocols</h4></div></div></div><p>195 <a class="indexterm" name="id25 90339"></a>194 </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2584245"></a>The Nature of Windows Networking Protocols</h4></div></div></div><p> 195 <a class="indexterm" name="id2584254"></a> 196 196 Network logons that include roaming profile handling requires from 140 KB to 2 MB. 197 197 The inclusion of support for a minimal set of common desktop applications can push … … 201 201 part of a total service-level assurance program that might be implemented. 202 202 </p><p> 203 <a class="indexterm" name="id25 90359"></a>204 <a class="indexterm" name="id25 90366"></a>203 <a class="indexterm" name="id2584274"></a> 204 <a class="indexterm" name="id2584281"></a> 205 205 One way to reduce the network bandwidth impact of user logon 206 206 traffic is through folder redirection. In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>, you … … 211 211 logon or logout. Redirected folders are analogous to network drive 212 212 connections. 213 </p><p><a class="indexterm" name="id25 90394"></a>213 </p><p><a class="indexterm" name="id2584309"></a> 214 214 Of course, network applications should only be run off 215 215 local application servers. As a general rule, even with 2 Mb/sec … … 218 218 server that is located in New York. 219 219 </p><p> 220 <a class="indexterm" name="id25 90409"></a>220 <a class="indexterm" name="id2584324"></a> 221 221 When network bandwidth becomes a precious commodity (that is most 222 222 of the time), there is a significant demand to understand network … … 226 226 When a Windows NT4/200x/XP Professional client user logs onto 227 227 the network, several important things must happen. 228 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>229 <a class="indexterm" name="id25 90432"></a>228 </p><div class="itemizedlist"><ul type="disc"><li><p> 229 <a class="indexterm" name="id2584347"></a> 230 230 The client obtains an IP address via DHCP. (DHCP is 231 231 necessary so that users can roam between offices.) 232 </p></li><li class="listitem"><p>233 <a class="indexterm" name="id25 90445"></a>234 <a class="indexterm" name="id25 90452"></a>232 </p></li><li><p> 233 <a class="indexterm" name="id2584360"></a> 234 <a class="indexterm" name="id2584366"></a> 235 235 The client must register itself with the WINS and/or DNS server. 236 </p></li><li class="listitem"><p>237 <a class="indexterm" name="id25 90464"></a>236 </p></li><li><p> 237 <a class="indexterm" name="id2584379"></a> 238 238 The client must locate the closest domain controller. 239 </p></li><li class="listitem"><p>239 </p></li><li><p> 240 240 The client must log onto a domain controller and obtain as part of 241 241 that process the location of the user's profile, load it, connect to 242 242 redirected folders, and establish all network drive and printer connections. 243 </p></li><li class="listitem"><p>243 </p></li><li><p> 244 244 The domain controller must be able to resolve the user's 245 245 credentials before the logon process is fully implemented. … … 257 257 at the WINS server. 258 258 </p><p> 259 <a class="indexterm" name="id25 90511"></a>260 <a class="indexterm" name="id25 90518"></a><a class="indexterm" name="id2590527"></a>259 <a class="indexterm" name="id2584426"></a> 260 <a class="indexterm" name="id2584432"></a><a class="indexterm" name="id2584442"></a> 261 261 Given that the client is already a domain member, it then sends 262 262 a directed (Unicast) request to the WINS server seeking the list of 263 263 IP addresses for domain controllers (NetBIOS name type 0x1C). The 264 264 WINS server replies with the information requested.</p><p> 265 <a class="indexterm" name="id25 90541"></a>266 <a class="indexterm" name="id25 90550"></a>267 <a class="indexterm" name="id25 90557"></a>265 <a class="indexterm" name="id2584456"></a> 266 <a class="indexterm" name="id2584465"></a> 267 <a class="indexterm" name="id2584472"></a> 268 268 The client sends two netlogon mailslot broadcast requests 269 269 to the local network and to each of the IP addresses returned by … … 275 275 domain controllers. 276 276 </p><p> 277 <a class="indexterm" name="id25 90583"></a>278 <a class="indexterm" name="id25 90592"></a>279 <a class="indexterm" name="id25 90599"></a>277 <a class="indexterm" name="id2584498"></a> 278 <a class="indexterm" name="id2584507"></a> 279 <a class="indexterm" name="id2584514"></a> 280 280 The logon process begins with negotiation of the SMB/CIFS 281 281 protocols that are to be used; this is followed by an exchange of … … 288 288 local domain controllers fail or break? 289 289 </p><p> 290 <a class="indexterm" name="id25 90619"></a>291 <a class="indexterm" name="id25 90626"></a>292 <a class="indexterm" name="id25 90632"></a>293 <a class="indexterm" name="id25 90639"></a>290 <a class="indexterm" name="id2584534"></a> 291 <a class="indexterm" name="id2584541"></a> 292 <a class="indexterm" name="id2584547"></a> 293 <a class="indexterm" name="id2584554"></a> 294 294 Under most circumstances, the nearest domain controller 295 295 responds to the netlogon mailslot broadcast. The exception to this … … 300 300 domain controllers are by definition BDCs. 301 301 </p><p> 302 <a class="indexterm" name="id25 90656"></a>303 <a class="indexterm" name="id25 90663"></a>302 <a class="indexterm" name="id2584571"></a> 303 <a class="indexterm" name="id2584578"></a> 304 304 The provision of sufficient servers that are BDCs is an 305 305 important design factor. The second important design factor … … 307 307 data. That is the subject of the next section, which involves key 308 308 decisions regarding Identity Management facilities. 309 </p></div><div class="sect3" title="Identity Management Needs"><div class="titlepage"><div><div><h4 class="title"><a name="id2590677"></a>Identity Management Needs</h4></div></div></div><p>310 <a class="indexterm" name="id25 90685"></a>311 <a class="indexterm" name="id25 90692"></a>312 <a class="indexterm" name="id25 90699"></a>313 <a class="indexterm" name="id25 90706"></a>309 </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2584592"></a>Identity Management Needs</h4></div></div></div><p> 310 <a class="indexterm" name="id2584600"></a> 311 <a class="indexterm" name="id2584607"></a> 312 <a class="indexterm" name="id2584614"></a> 313 <a class="indexterm" name="id2584621"></a> 314 314 Network managers recognize that in large organizations users 315 315 generally need to be given resource access based on needs, while … … 320 320 rights and privileges are allocated. 321 321 </p><p> 322 <a class="indexterm" name="id25 90723"></a>323 <a class="indexterm" name="id25 90730"></a>324 <a class="indexterm" name="id25 90737"></a>322 <a class="indexterm" name="id2584638"></a> 323 <a class="indexterm" name="id2584645"></a> 324 <a class="indexterm" name="id2584652"></a> 325 325 Unfortunately, network resources tend to have their own Identity 326 326 Management facilities, the quality and manageability of which varies … … 334 334 as <code class="constant">Network Information System</code> (NIS). 335 335 </p><p> 336 <a class="indexterm" name="id25 90768"></a>336 <a class="indexterm" name="id2584683"></a> 337 337 NIS gained a strong following throughout the UNIX/VMS space in a short 338 338 period of time and retained that appeal and use for over a decade. … … 344 344 other information systems is catching on. 345 345 </p><p> 346 <a class="indexterm" name="id25 90787"></a>347 <a class="indexterm" name="id25 90793"></a>348 <a class="indexterm" name="id25 90800"></a>346 <a class="indexterm" name="id2584702"></a> 347 <a class="indexterm" name="id2584708"></a> 348 <a class="indexterm" name="id2584715"></a> 349 349 Nevertheless, both NIS and NIS+ continue to hold ground in 350 350 business areas where UNIX still has major sway. Examples of … … 354 354 focus. 355 355 </p><p> 356 <a class="indexterm" name="id25 90816"></a>357 <a class="indexterm" name="id25 90822"></a>356 <a class="indexterm" name="id2584731"></a> 357 <a class="indexterm" name="id2584737"></a> 358 358 Today's networking world needs a scalable, distributed Identity 359 359 Management infrastructure, commonly called a directory. The most … … 361 361 and a number of LDAP implementations. 362 362 </p><p> 363 <a class="indexterm" name="id25 90837"></a>363 <a class="indexterm" name="id2584752"></a> 364 364 The problem of managing multiple directories has become a focal 365 365 point over the past decade, creating a large market for … … 370 370 having to remember and deal with fewer login identities and 371 371 passwords.</p><p> 372 <a class="indexterm" name="id25 90854"></a>372 <a class="indexterm" name="id2584769"></a> 373 373 The challenge of every large network is to find the optimum 374 374 balance of internal systems and facilities for Identity … … 376 376 implemented has potentially significant impact on network bandwidth 377 377 and systems response needs.</p><p> 378 <a class="indexterm" name="id25 90872"></a>379 <a class="indexterm" name="id25 90878"></a>380 <a class="indexterm" name="id25 90888"></a>378 <a class="indexterm" name="id2584786"></a> 379 <a class="indexterm" name="id2584793"></a> 380 <a class="indexterm" name="id2584802"></a> 381 381 In <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>, you implemented a single LDAP server for the 382 382 entire network. This may work for smaller networks, but almost … … 387 387 servers within the context of a distributed 2,000-user network is a 388 388 question that remains to be answered.</p><p> 389 <a class="indexterm" name="id25 90917"></a>390 <a class="indexterm" name="id25 90924"></a>389 <a class="indexterm" name="id2584832"></a> 390 <a class="indexterm" name="id2584838"></a> 391 391 One possibility that has great appeal is to create a single, 392 392 large distributed domain. The practical implications of this … … 399 399 maintenance. 400 400 </p><p> 401 <a class="indexterm" name="id25 90948"></a>401 <a class="indexterm" name="id2584863"></a> 402 402 The network design in <a class="link" href="2000users.html#chap7net2" title="Figure 6.7. Network Topology 2000 User Complex Design B">“Network Topology 2000 User Complex Design B”</a> takes the approach 403 403 that management of networks that are too remote to be managed … … 410 410 in how they may access global resources. 411 411 </p><p> 412 <a class="indexterm" name="id25 90975"></a>412 <a class="indexterm" name="id2584890"></a> 413 413 Desk-bound users need not be negatively affected by this design, since 414 414 the use of interdomain trusts can be used to satisfy the need for global 415 415 data sharing. 416 416 </p><p> 417 <a class="indexterm" name="id25 90987"></a>418 <a class="indexterm" name="id25 90994"></a>419 <a class="indexterm" name="id25 91003"></a>417 <a class="indexterm" name="id2584902"></a> 418 <a class="indexterm" name="id2584909"></a> 419 <a class="indexterm" name="id2584918"></a> 420 420 When Samba-3 is configured to use an LDAP backend, it stores the domain 421 421 account information in a directory entry. This account entry contains the … … 423 423 possible to operate with more than one PDC on a distributed network. 424 424 </p><p> 425 <a class="indexterm" name="id25 91018"></a>426 <a class="indexterm" name="id25 91025"></a>427 <a class="indexterm" name="id25 91032"></a>425 <a class="indexterm" name="id2584933"></a> 426 <a class="indexterm" name="id2584940"></a> 427 <a class="indexterm" name="id2584947"></a> 428 428 How might this peculiar feature be exploited? The answer is simple. It is 429 429 imperative that each network segment have its own WINS server. Major … … 435 435 single LDAP backend, users have unfettered ability to roam. 436 436 </p><p> 437 <a class="indexterm" name="id25 91057"></a>438 <a class="indexterm" name="id25 91066"></a>437 <a class="indexterm" name="id2584972"></a> 438 <a class="indexterm" name="id2584981"></a> 439 439 This concept has not been exhaustively validated, though we can see no reason 440 440 why this should not work. The important facets are the following: The name of … … 447 447 that are in fact slave LDAP servers on the local segments. 448 448 </p><p> 449 <a class="indexterm" name="id25 91088"></a>450 <a class="indexterm" name="id25 91097"></a>451 <a class="indexterm" name="id25 91104"></a>452 <a class="indexterm" name="id25 91113"></a>449 <a class="indexterm" name="id2585003"></a> 450 <a class="indexterm" name="id2585012"></a> 451 <a class="indexterm" name="id2585019"></a> 452 <a class="indexterm" name="id2585028"></a> 453 453 With a single master LDAP server, all network updates are effected on a single 454 454 server. In the event that this should become excessively fragile or network … … 464 464 procedures for managing the directory, because retroactive correction of 465 465 inconsistent directory information can be exceedingly difficult. 466 </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2591142"></a>Political Issues</h3></div></div></div><p>466 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2585057"></a>Political Issues</h3></div></div></div><p> 467 467 As organizations grow, the number of points of control increases 468 468 also. In a large distributed organization, it is important that the … … 472 472 minutes rather than days (the old limitation of highly manual 473 473 systems). 474 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2591160"></a>Implementation</h2></div></div></div><p>475 <a class="indexterm" name="id25 91167"></a>476 <a class="indexterm" name="id25 91174"></a>477 <a class="indexterm" name="id25 91181"></a>478 <a class="indexterm" name="id25 91188"></a>474 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2585074"></a>Implementation</h2></div></div></div><p> 475 <a class="indexterm" name="id2585082"></a> 476 <a class="indexterm" name="id2585089"></a> 477 <a class="indexterm" name="id2585096"></a> 478 <a class="indexterm" name="id2585102"></a> 479 479 Samba-3 has the ability to use multiple password (authentication and 480 480 identity resolution) backends. The diagram in <a class="link" href="2000users.html#chap7idres" title="Figure 6.1. Samba and Authentication Backend Search Pathways">“Samba and Authentication Backend Search Pathways”</a> … … 484 484 using the specific systems shown. 485 485 </p><div class="figure"><a name="chap7idres"></a><p class="title"><b>Figure 6.1. Samba and Authentication Backend Search Pathways</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-idresol.png" width="297" alt="Samba and Authentication Backend Search Pathways"></div></div></div><br class="figure-break"><p> 486 <a class="indexterm" name="id25 91252"></a>487 <a class="indexterm" name="id25 91259"></a>488 <a class="indexterm" name="id25 91266"></a>489 <a class="indexterm" name="id25 91273"></a>490 <a class="indexterm" name="id25 91279"></a>491 <a class="indexterm" name="id25 91286"></a>492 <a class="indexterm" name="id25 91293"></a>486 <a class="indexterm" name="id2585167"></a> 487 <a class="indexterm" name="id2585174"></a> 488 <a class="indexterm" name="id2585181"></a> 489 <a class="indexterm" name="id2585188"></a> 490 <a class="indexterm" name="id2585194"></a> 491 <a class="indexterm" name="id2585201"></a> 492 <a class="indexterm" name="id2585208"></a> 493 493 Samba is capable of using the <code class="constant">smbpasswd</code>, 494 494 <code class="constant">tdbsam</code>, <code class="constant">xmlsam</code>, … … 498 498 operations. 499 499 </p><p> 500 <a class="indexterm" name="id25 91321"></a>500 <a class="indexterm" name="id2585236"></a> 501 501 Additionally, it is possible to use multiple passdb backends 502 502 concurrently as well as have multiple LDAP backends. As a result, you … … 510 510 This configuration tells Samba to use a single LDAP server, as shown in <a class="link" href="2000users.html#ch7singleLDAP" title="Figure 6.2. Samba Configuration to Use a Single LDAP Server">“Samba Configuration to Use a Single LDAP Server”</a>. 511 511 </p><div class="figure"><a name="ch7singleLDAP"></a><p class="title"><b>Figure 6.2. Samba Configuration to Use a Single LDAP Server</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch7-singleLDAP.png" width="351" alt="Samba Configuration to Use a Single LDAP Server"></div></div></div><p><br class="figure-break"> 512 <a class="indexterm" name="id25 91394"></a>513 <a class="indexterm" name="id25 91404"></a>512 <a class="indexterm" name="id2585309"></a> 513 <a class="indexterm" name="id2585318"></a> 514 514 The addition of a failover LDAP server can simply be done by adding a 515 515 second entry for the failover server to the single <em class="parameter"><code>ldapsam</code></em> … … 533 533 ... 534 534 </pre><p> 535 <a class="indexterm" name="id25 91490"></a>535 <a class="indexterm" name="id2585405"></a> 536 536 The effect of this style of entry is that Samba lists the users 537 537 that are in both LDAP databases. If both contain the same information, … … 544 544 into one seemingly contiguous directory. Only the first database will be updated. 545 545 An example of this configuration is shown in <a class="link" href="2000users.html#ch7dualok" title="Figure 6.5. Samba Configuration to Use Two LDAP Databases - The result is additive.">“Samba Configuration to Use Two LDAP Databases - The result is additive.”</a>. 546 </p><div class="figure"><a name="ch7dualok"></a><p class="title"><b>Figure 6.5. Samba Configuration to Use Two LDAP Databases - The result is additive.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch7-dual-additive-LDAP-Ok.png" width="297" alt="Samba Configuration to Use Two LDAP Databases - The result is additive."></div></div></div><br class="figure-break"><div class="note" title="Note"style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>546 </p><div class="figure"><a name="ch7dualok"></a><p class="title"><b>Figure 6.5. Samba Configuration to Use Two LDAP Databases - The result is additive.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/ch7-dual-additive-LDAP-Ok.png" width="297" alt="Samba Configuration to Use Two LDAP Databases - The result is additive."></div></div></div><br class="figure-break"><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 547 547 When the use of ldapsam is specified twice, as shown here, it is imperative 548 548 that the two LDAP directories must be disjoint. If the entries are for a … … 554 554 pattern similar to what was covered in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>. The following steps 555 555 permit the operation of a master/slave OpenLDAP arrangement. 556 </p><div class="procedure" title="Procedure 6.1. Implementation Steps for an LDAP Slave Server"><a name="id2591632"></a><p class="title"><b>Procedure 6.1. Implementation Steps for an LDAP Slave Server</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>557 <a class="indexterm" name="id25 91644"></a>558 <a class="indexterm" name="id25 91651"></a>556 </p><div class="procedure"><a name="id2585547"></a><p class="title"><b>Procedure 6.1. Implementation Steps for an LDAP Slave Server</b></p><ol type="1"><li><p> 557 <a class="indexterm" name="id2585559"></a> 558 <a class="indexterm" name="id2585566"></a> 559 559 Log onto the master LDAP server as <code class="constant">root</code>. 560 560 You are about to change the configuration of the LDAP server, so it … … 568 568 <code class="prompt">root# </code> service ldap stop 569 569 </pre><p> 570 </p></li><li class="step" title="Step 2"><p>571 <a class="indexterm" name="id25 91696"></a>570 </p></li><li><p> 571 <a class="indexterm" name="id2585611"></a> 572 572 Edit the <code class="filename">/etc/openldap/slapd.conf</code> file so it 573 573 matches the content of <a class="link" href="2000users.html#ch7-LDAP-master" title="Example 6.1. LDAP Master Server Configuration File /etc/openldap/slapd.conf">“LDAP Master Server Configuration File /etc/openldap/slapd.conf”</a>. 574 </p></li><li class="step" title="Step 3"><p>574 </p></li><li><p> 575 575 Create a file called <code class="filename">admin-accts.ldif</code> with the following contents: 576 576 </p><pre class="screen"> … … 587 587 userPassword: buttercup 588 588 </pre><p> 589 </p></li><li class="step" title="Step 4"><p>590 Add an account called <span class="quote">“<span class="quote">updateuser</span>”</span>to the master LDAP server as shown here:589 </p></li><li><p> 590 Add an account called “<span class="quote">updateuser</span>” to the master LDAP server as shown here: 591 591 </p><pre class="screen"> 592 592 <code class="prompt">root# </code> slapadd -v -l admin-accts.ldif 593 593 </pre><p> 594 </p></li><li class="step" title="Step 5"><p>595 <a class="indexterm" name="id25 91769"></a>596 <a class="indexterm" name="id25 91776"></a>594 </p></li><li><p> 595 <a class="indexterm" name="id2585684"></a> 596 <a class="indexterm" name="id2585691"></a> 597 597 Change directory to a suitable place to dump the contents of the 598 598 LDAP server. The dump file (and LDIF file) is used to preload … … 602 602 </pre><p> 603 603 Each record is written to the file. 604 </p></li><li class="step" title="Step 6"><p>605 <a class="indexterm" name="id25 91808"></a>604 </p></li><li><p> 605 <a class="indexterm" name="id2585723"></a> 606 606 Copy the file <code class="filename">LDAP-transfer-LDIF.txt</code> to the intended 607 607 slave LDAP server. A good location could be in the directory 608 608 <code class="filename">/etc/openldap/preload</code>. 609 </p></li><li class="step" title="Step 7"><p>609 </p></li><li><p> 610 610 Log onto the slave LDAP server as <code class="constant">root</code>. You can 611 611 now configure this server so the <code class="filename">/etc/openldap/slapd.conf</code> 612 612 file matches the content of <a class="link" href="2000users.html#ch7-LDAP-slave" title="Example 6.2. LDAP Slave Configuration File /etc/openldap/slapd.conf">“LDAP Slave Configuration File /etc/openldap/slapd.conf”</a>. 613 </p></li><li class="step" title="Step 8"><p>613 </p></li><li><p> 614 614 Change directory to the location in which you stored the 615 615 <code class="filename">LDAP-transfer-LDIF.txt</code> file (<code class="filename">/etc/openldap/preload</code>). … … 641 641 added: "cn=PIOps,ou=Groups,dc=abmas,dc=biz" (00000013) 642 642 </pre><p> 643 </p></li><li class="step" title="Step 9"><p>643 </p></li><li><p> 644 644 Now start the LDAP server and set it to run automatically on system reboot by executing: 645 645 </p><pre class="screen"> … … 652 652 <code class="prompt">root# </code> chkconfig ldap on 653 653 </pre><p> 654 </p></li><li class="step" title="Step 10"><p>655 <a class="indexterm" name="id25 91981"></a>656 <a class="indexterm" name="id25 91988"></a>657 <a class="indexterm" name="id25 91995"></a>654 </p></li><li><p> 655 <a class="indexterm" name="id2585896"></a> 656 <a class="indexterm" name="id2585903"></a> 657 <a class="indexterm" name="id2585910"></a> 658 658 Go back to the master LDAP server. Execute the following to start LDAP as well 659 659 as <code class="literal">slurpd</code>, the synchronization daemon, as shown here: … … 664 664 <code class="prompt">root# </code> chkconfig slurpd on 665 665 </pre><p> 666 <a class="indexterm" name="id25 92040"></a>666 <a class="indexterm" name="id2585955"></a> 667 667 On Red Hat Linux, check the equivalent command to start <code class="literal">slurpd</code>. 668 </p></li><li class="step" title="Step 11"><p>669 <a class="indexterm" name="id25 92061"></a>668 </p></li><li><p> 669 <a class="indexterm" name="id2585976"></a> 670 670 On the master LDAP server you may now add an account to validate that replication 671 671 is working. Assuming the configuration shown in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>, execute: … … 673 673 <code class="prompt">root# </code> /var/lib/samba/sbin/smbldap-useradd -a fruitloop 674 674 </pre><p> 675 </p></li><li class="step" title="Step 12"><p>675 </p></li><li><p> 676 676 On the slave LDAP server, change to the directory <code class="filename">/var/lib/ldap</code>. 677 677 There should now be a file called <code class="filename">replogfile</code>. If replication worked … … 697 697 - 698 698 </pre><p> 699 </p></li><li class="step" title="Step 13"><p>699 </p></li><li><p> 700 700 Given that this first slave LDAP server is now working correctly, you may now 701 701 implement additional slave LDAP servers as required. 702 </p></li><li class="step" title="Step 14"><p>702 </p></li><li><p> 703 703 On each machine (PDC and BDCs) after the respective <code class="filename">smb.conf</code> files have been created as shown in 704 704 <a class="link" href="2000users.html#ch7-massmbconfA" title="Example 6.3. Primary Domain Controller smb.conf File Part A">Primary Domain Controller <code class="filename">smb.conf</code> File Part A + B + C</a> and … … 792 792 index sambaDomainName eq 793 793 index default sub 794 </pre></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfA"></a><p class="title"><b>Example 6.3. Primary Domain Controller <code class="filename">smb.conf</code> File Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2592324"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2592336"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2592348"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2592360"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2592372"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2592384"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2592395"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2592407"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2592419"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2592431"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2592443"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2592454"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2592466"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592479"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592491"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2592504"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2592516"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592529"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592542"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592555"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2592567"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2592580"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2592592"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2592604"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2592616"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2592627"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2592639"></a><em class="parameter"><code>domain master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2592651"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2592663"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2592674"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2592686"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2592698"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2592710"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2592722"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2592735"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2592747"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2592759"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2592770"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id2592782"></a><em class="parameter"><code>printing = cups</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfB"></a><p class="title"><b>Example 6.4. Primary Domain Controller <code class="filename">smb.conf</code> File Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[IPC$]</code></em></td></tr><tr><td><a class="indexterm" name="id2592828"></a><em class="parameter"><code>path = /tmp</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2592848"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2592860"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2592872"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2592892"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2592904"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2592916"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2592936"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2592948"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2592960"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2592980"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2592992"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2593004"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2593015"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2593036"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2593047"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2593059"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2593071"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2593082"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfC"></a><p class="title"><b>Example 6.5. Primary Domain Controller <code class="filename">smb.conf</code> File Part C</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2593128"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2593140"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2593151"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id2593163"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2593183"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2593195"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2593207"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id2593219"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2593231"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2593251"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2593263"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2593275"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2593286"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2593307"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2593319"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2593331"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2593342"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2593363"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2593375"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2593387"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id2593398"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfA"></a><p class="title"><b>Example 6.6. Backup Domain Controller <code class="filename">smb.conf</code> File Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># # Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2593448"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2593459"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2593471"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2593483"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2593495"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2593507"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2593519"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2593530"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2593542"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2593554"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2593565"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2593577"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2593589"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2593601"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2593613"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2593625"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2593637"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2593649"></a><em class="parameter"><code>os level = 63</code></em></td></tr><tr><td><a class="indexterm" name="id2593660"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2593672"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id2593684"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2593696"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2593708"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2593720"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2593732"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2593744"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2593756"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2593767"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2593779"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2593791"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2593803"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2593823"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2593835"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2593847"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2593867"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2593879"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2593891"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfB"></a><p class="title"><b>Example 6.7. Backup Domain Controller <code class="filename">smb.conf</code> File Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2593937"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2593949"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2593960"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2593980"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2593992"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2594004"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2594015"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2594036"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2594048"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2594059"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2594071"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2594083"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2594103"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2594115"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2594126"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id2594138"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2594159"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2594171"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2594182"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2594194"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2594215"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2594226"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2594238"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2594250"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2594270"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2594282"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2594294"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2594306"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id2594319"></a>Key Points Learned</h3></div></div></div><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>795 <a class="indexterm" name="id25 94330"></a><a class="indexterm" name="id2594335"></a>794 </pre></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfA"></a><p class="title"><b>Example 6.3. Primary Domain Controller <code class="filename">smb.conf</code> File Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2586239"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2586251"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2586263"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586275"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2586287"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2586299"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2586310"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2586322"></a><em class="parameter"><code>max log size = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2586334"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2586346"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2586358"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586369"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2586381"></a><em class="parameter"><code>add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586394"></a><em class="parameter"><code>delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586406"></a><em class="parameter"><code>add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2586418"></a><em class="parameter"><code>delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2586431"></a><em class="parameter"><code>add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586444"></a><em class="parameter"><code>delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586457"></a><em class="parameter"><code>set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586470"></a><em class="parameter"><code>add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2586482"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2586495"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2586507"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2586519"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2586531"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2586542"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586554"></a><em class="parameter"><code>domain master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586566"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586578"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586589"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2586601"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2586613"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2586625"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2586637"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586650"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2586662"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2586674"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2586685"></a><em class="parameter"><code>printer admin = root</code></em></td></tr><tr><td><a class="indexterm" name="id2586697"></a><em class="parameter"><code>printing = cups</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfB"></a><p class="title"><b>Example 6.4. Primary Domain Controller <code class="filename">smb.conf</code> File Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[IPC$]</code></em></td></tr><tr><td><a class="indexterm" name="id2586743"></a><em class="parameter"><code>path = /tmp</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2586763"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586775"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2586787"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2586807"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586819"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2586831"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2586851"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2586863"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2586875"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2586895"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2586907"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2586918"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2586930"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2586951"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2586962"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2586974"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586986"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2586997"></a><em class="parameter"><code>browseable = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-massmbconfC"></a><p class="title"><b>Example 6.5. Primary Domain Controller <code class="filename">smb.conf</code> File Part C</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2587043"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587055"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2587066"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id2587078"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2587098"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2587110"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2587122"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr><tr><td><a class="indexterm" name="id2587134"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587146"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2587166"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2587178"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2587190"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587201"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2587222"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2587234"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2587246"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587257"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[print$]</code></em></td></tr><tr><td><a class="indexterm" name="id2587278"></a><em class="parameter"><code>comment = Printer Drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2587290"></a><em class="parameter"><code>path = /var/lib/samba/drivers</code></em></td></tr><tr><td><a class="indexterm" name="id2587302"></a><em class="parameter"><code>write list = root</code></em></td></tr><tr><td><a class="indexterm" name="id2587313"></a><em class="parameter"><code>admin users = root, Administrator</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfA"></a><p class="title"><b>Example 6.6. Backup Domain Controller <code class="filename">smb.conf</code> File Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># # Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2587363"></a><em class="parameter"><code>unix charset = LOCALE</code></em></td></tr><tr><td><a class="indexterm" name="id2587374"></a><em class="parameter"><code>workgroup = MEGANET2</code></em></td></tr><tr><td><a class="indexterm" name="id2587386"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2587398"></a><em class="parameter"><code>passdb backend = ldapsam:ldap://lapdc.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587410"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2587422"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2587434"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2587445"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2587457"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2587469"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2587480"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2587492"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2587504"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587516"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2587528"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2587540"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2587552"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587564"></a><em class="parameter"><code>os level = 63</code></em></td></tr><tr><td><a class="indexterm" name="id2587575"></a><em class="parameter"><code>domain master = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587587"></a><em class="parameter"><code>wins server = 192.168.2.1</code></em></td></tr><tr><td><a class="indexterm" name="id2587599"></a><em class="parameter"><code>ldap suffix = dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587610"></a><em class="parameter"><code>ldap machine suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2587622"></a><em class="parameter"><code>ldap user suffix = ou=People</code></em></td></tr><tr><td><a class="indexterm" name="id2587634"></a><em class="parameter"><code>ldap group suffix = ou=Groups</code></em></td></tr><tr><td><a class="indexterm" name="id2587646"></a><em class="parameter"><code>ldap idmap suffix = ou=Idmap</code></em></td></tr><tr><td><a class="indexterm" name="id2587658"></a><em class="parameter"><code>ldap admin dn = cn=sambaadmin,dc=abmas,dc=biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587671"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587682"></a><em class="parameter"><code>idmap backend = ldap://massive.abmas.biz</code></em></td></tr><tr><td><a class="indexterm" name="id2587694"></a><em class="parameter"><code>idmap uid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2587706"></a><em class="parameter"><code>idmap gid = 10000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2587718"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2587738"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587750"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2587762"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2587782"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587794"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2587806"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch7-slvsmbocnfB"></a><p class="title"><b>Example 6.7. Backup Domain Controller <code class="filename">smb.conf</code> File Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2587852"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2587864"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2587875"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2587895"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2587907"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2587919"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2587930"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2587951"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2587963"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2587974"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587986"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2587998"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2588018"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2588030"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2588041"></a><em class="parameter"><code>admin users = bjones</code></em></td></tr><tr><td><a class="indexterm" name="id2588053"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2588074"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2588086"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2588097"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2588109"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2588130"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2588141"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2588153"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2588165"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profdata]</code></em></td></tr><tr><td><a class="indexterm" name="id2588185"></a><em class="parameter"><code>comment = Profile Data Share</code></em></td></tr><tr><td><a class="indexterm" name="id2588197"></a><em class="parameter"><code>path = /var/lib/samba/profdata</code></em></td></tr><tr><td><a class="indexterm" name="id2588209"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2588221"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2588234"></a>Key Points Learned</h3></div></div></div><div class="itemizedlist"><ul type="disc"><li><p> 795 <a class="indexterm" name="id2588245"></a><a class="indexterm" name="id2588250"></a> 796 796 Where Samba-3 is used as a domain controller, the use of LDAP is an 797 797 essential component to permit the use of BDCs. 798 </p></li><li class="listitem"><p>799 <a class="indexterm" name="id25 94348"></a>798 </p></li><li><p> 799 <a class="indexterm" name="id2588263"></a> 800 800 Replication of the LDAP master server to create a network of BDCs 801 801 is an important mechanism for limiting WAN traffic. 802 </p></li><li class="listitem"><p>802 </p></li><li><p> 803 803 Network administration presents many complex challenges, most of which 804 804 can be satisfied by good design but that also require sound communication 805 805 and unification of management practices. This can be highly challenging in 806 806 a large, globally distributed network. 807 </p></li><li class="listitem"><p>807 </p></li><li><p> 808 808 Roaming profiles must be contained to the local network segment. Any 809 809 departure from this may clog wide-area arteries and slow legitimate network 810 810 traffic to a crawl. 811 </p></li></ul></div></div><div class="figure"><a name="chap7net"></a><p class="title"><b>Figure 6.6. Network Topology 2000 User Complex Design A</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net-Ar.png" width="432" alt="Network Topology 2000 User Complex Design A"></div></div></div><br class="figure-break"><div class="figure"><a name="chap7net2"></a><p class="title"><b>Figure 6.7. Network Topology 2000 User Complex Design B</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net2-Br.png" width="432" alt="Network Topology 2000 User Complex Design B"></div></div></div><br class="figure-break"></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2594466"></a>Questions and Answers</h2></div></div></div><p>811 </p></li></ul></div></div><div class="figure"><a name="chap7net"></a><p class="title"><b>Figure 6.6. Network Topology 2000 User Complex Design A</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net-Ar.png" width="432" alt="Network Topology 2000 User Complex Design A"></div></div></div><br class="figure-break"><div class="figure"><a name="chap7net2"></a><p class="title"><b>Figure 6.7. Network Topology 2000 User Complex Design B</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap7-net2-Br.png" width="432" alt="Network Topology 2000 User Complex Design B"></div></div></div><br class="figure-break"></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2588381"></a>Questions and Answers</h2></div></div></div><p> 812 812 There is much rumor and misinformation regarding the use of MS Windows networking protocols. 813 813 These questions are just a few of those frequently asked. 814 </p><div class="qandaset" title="Frequently Asked Questions"><a name="id2594478"></a><dl><dt> <a href="2000users.html#id2594484">814 </p><div class="qandaset"><dl><dt> <a href="2000users.html#id2588399"> 815 815 816 816 817 817 Is it true that DHCP uses lots of WAN bandwidth? 818 </a></dt><dt> <a href="2000users.html#id25 94619">818 </a></dt><dt> <a href="2000users.html#id2588534"> 819 819 820 820 821 821 How much background communication takes place between a master LDAP server and its slave LDAP servers? 822 </a></dt><dt> <a href="2000users.html#id25 94680">822 </a></dt><dt> <a href="2000users.html#id2588595"> 823 823 LDAP has a database. Is LDAP not just a fancy database front end? 824 </a></dt><dt> <a href="2000users.html#id25 94744">824 </a></dt><dt> <a href="2000users.html#id2588659"> 825 825 826 826 Can Active Directory obtain account information from an OpenLDAP server? 827 </a></dt><dt> <a href="2000users.html#id25 94779">827 </a></dt><dt> <a href="2000users.html#id2588694"> 828 828 What are the parts of a roaming profile? How large is each part? 829 </a></dt><dt> <a href="2000users.html#id25 94928">829 </a></dt><dt> <a href="2000users.html#id2588842"> 830 830 Can the My Documents folder be stored on a network drive? 831 </a></dt><dt> <a href="2000users.html#id25 94976">831 </a></dt><dt> <a href="2000users.html#id2588890"> 832 832 833 833 834 834 835 835 How much WAN bandwidth does WINS consume? 836 </a></dt><dt> <a href="2000users.html#id25 95060">836 </a></dt><dt> <a href="2000users.html#id2588975"> 837 837 How many BDCs should I have? What is the right number of Windows clients per server? 838 </a></dt><dt> <a href="2000users.html#id25 95096">838 </a></dt><dt> <a href="2000users.html#id2589011"> 839 839 840 840 I've heard that you can store NIS accounts in LDAP. Is LDAP not just a smarter way to 841 841 run an NIS server? 842 </a></dt><dt> <a href="2000users.html#id25 95130">842 </a></dt><dt> <a href="2000users.html#id2589044"> 843 843 Can I use NIS in place of LDAP? 844 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id2594484"></a><a name="id2594486"></a></td><td align="left" valign="top"><p>845 <a class="indexterm" name="id25 94491"></a>846 <a class="indexterm" name="id25 94497"></a>844 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2588399"></a><a name="id2588401"></a></td><td align="left" valign="top"><p> 845 <a class="indexterm" name="id2588406"></a> 846 <a class="indexterm" name="id2588412"></a> 847 847 Is it true that DHCP uses lots of WAN bandwidth? 848 848 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 849 <a class="indexterm" name="id25 94514"></a>850 <a class="indexterm" name="id25 94523"></a>851 <a class="indexterm" name="id25 94530"></a>849 <a class="indexterm" name="id2588429"></a> 850 <a class="indexterm" name="id2588438"></a> 851 <a class="indexterm" name="id2588445"></a> 852 852 It is a smart practice to localize DHCP servers on each network segment. As a 853 853 rule, there should be two DHCP servers per network segment. This means that if … … 856 856 routers. This makes it possible to run fewer DHCP servers. 857 857 </p><p> 858 <a class="indexterm" name="id25 94549"></a>859 <a class="indexterm" name="id25 94558"></a>858 <a class="indexterm" name="id2588464"></a> 859 <a class="indexterm" name="id2588473"></a> 860 860 A DHCP network address request and confirmation usually results in about six UDP packets. 861 861 The packets are from 60 to 568 bytes in length. Let us consider a site that has 300 DHCP … … 875 875 From this can be seen that the traffic impact would be minimal. 876 876 </p><p> 877 <a class="indexterm" name="id25 94596"></a>878 <a class="indexterm" name="id25 94605"></a>877 <a class="indexterm" name="id2588511"></a> 878 <a class="indexterm" name="id2588520"></a> 879 879 Even when DHCP is configured to do DNS update (dynamic DNS) over a wide-area link, 880 880 the impact of the update is no more than the DHCP IP address renewal traffic and thus 881 881 still insignificant for most practical purposes. 882 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 94619"></a><a name="id2594621"></a></td><td align="left" valign="top"><p>883 <a class="indexterm" name="id25 94625"></a>884 <a class="indexterm" name="id25 94632"></a>882 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588534"></a><a name="id2588536"></a></td><td align="left" valign="top"><p> 883 <a class="indexterm" name="id2588540"></a> 884 <a class="indexterm" name="id2588547"></a> 885 885 How much background communication takes place between a master LDAP server and its slave LDAP servers? 886 886 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 887 <a class="indexterm" name="id25 94653"></a>887 <a class="indexterm" name="id2588568"></a> 888 888 The process that controls the replication of data from the master LDAP server to the slave LDAP 889 889 servers is called <code class="literal">slurpd</code>. The <code class="literal">slurpd</code> remains nascent (quiet) 890 890 until an update must be propagated. The propagation traffic per LDAP slave to update (add/modify/delete) 891 891 two user accounts requires less than 10KB traffic. 892 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 94680"></a><a name="id2594682"></a></td><td align="left" valign="top"><p>892 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588595"></a><a name="id2588597"></a></td><td align="left" valign="top"><p> 893 893 LDAP has a database. Is LDAP not just a fancy database front end? 894 894 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 895 <a class="indexterm" name="id25 94694"></a>896 <a class="indexterm" name="id25 94701"></a>897 <a class="indexterm" name="id25 94710"></a>898 <a class="indexterm" name="id25 94716"></a>895 <a class="indexterm" name="id2588609"></a> 896 <a class="indexterm" name="id2588616"></a> 897 <a class="indexterm" name="id2588625"></a> 898 <a class="indexterm" name="id2588631"></a> 899 899 LDAP does store its data in a database of sorts. In fact, the LDAP backend is an application-specific 900 900 data storage system. This type of database is indexed so that records can be rapidly located, but the … … 905 905 An LDAP front end is a purpose-built tool that has a search orientation that is designed around specific 906 906 simple queries. The term <code class="constant">database</code> is heavily overloaded and thus much misunderstood. 907 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 94744"></a><a name="id2594746"></a></td><td align="left" valign="top"><p>908 <a class="indexterm" name="id25 94750"></a>907 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588659"></a><a name="id2588661"></a></td><td align="left" valign="top"><p> 908 <a class="indexterm" name="id2588665"></a> 909 909 Can Active Directory obtain account information from an OpenLDAP server? 910 910 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 911 <a class="indexterm" name="id25 94765"></a>911 <a class="indexterm" name="id2588680"></a> 912 912 No, at least not directly. It is possible to provision Active Directory from and/or to an OpenLDAP 913 913 database through use of a metadirectory server. Microsoft MMS (now called MIIS) can interface 914 914 to OpenLDAP using standard LDAP queries and updates. 915 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 94779"></a><a name="id2594781"></a></td><td align="left" valign="top"><p>915 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588694"></a><a name="id2588696"></a></td><td align="left" valign="top"><p> 916 916 What are the parts of a roaming profile? How large is each part? 917 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id25 94792"></a>917 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p><a class="indexterm" name="id2588707"></a> 918 918 A roaming profile consists of 919 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>919 </p><div class="itemizedlist"><ul type="disc"><li><p> 920 920 Desktop folders such as <code class="constant">Desktop</code>, <code class="constant">My Documents</code>, 921 921 <code class="constant">My Pictures</code>, <code class="constant">My Music</code>, <code class="constant">Internet Files</code>, … … 923 923 <code class="constant">Local Settings,</code> and more. See <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>, <a class="link" href="happy.html#XP-screen001" title="Figure 5.3. Windows XP Professional User Shared Folders">“Windows XP Professional User Shared Folders”</a>. 924 924 </p><p> 925 <a class="indexterm" name="id25 94853"></a>925 <a class="indexterm" name="id2588768"></a> 926 926 Each of these can be anywhere from a few bytes to gigabytes in capacity. Fortunately, all 927 927 such folders can be redirected to network drive resources. See <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">“Configuration of Default Profile with Folder Redirection”</a> 928 928 for more information regarding folder redirection. 929 </p></li><li class="listitem"><p>929 </p></li><li><p> 930 930 A static or rewritable portion that is typically only a few files (2-5 KB of information). 931 </p></li><li class="listitem"><p>932 <a class="indexterm" name="id25 94880"></a>933 <a class="indexterm" name="id25 94886"></a>931 </p></li><li><p> 932 <a class="indexterm" name="id2588795"></a> 933 <a class="indexterm" name="id2588801"></a> 934 934 The registry load file that modifies the <code class="constant">HKEY_LOCAL_USER</code> hive. This is 935 935 the <code class="filename">NTUSER.DAT</code> file. It can be from 0.4 to 1.5 MB. 936 936 </p></li></ul></div><p> 937 <a class="indexterm" name="id25 94909"></a>937 <a class="indexterm" name="id2588824"></a> 938 938 Microsoft Outlook PST files may be stored in the <code class="constant">Local Settings\Application Data</code> 939 939 folder. It can be up to 2 GB in size per PST file. 940 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 94928"></a><a name="id2594930"></a></td><td align="left" valign="top"><p>940 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588842"></a><a name="id2588845"></a></td><td align="left" valign="top"><p> 941 941 Can the <code class="constant">My Documents</code> folder be stored on a network drive? 942 942 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 943 <a class="indexterm" name="id25 94945"></a>944 <a class="indexterm" name="id25 94952"></a>943 <a class="indexterm" name="id2588860"></a> 944 <a class="indexterm" name="id2588867"></a> 945 945 Yes. More correctly, such folders can be redirected to network shares. No specific network drive 946 946 connection is required. Registry settings permit this to be redirected directly to a UNC (Universal 947 947 Naming Convention) resource, though it is possible to specify a network drive letter instead of a 948 948 UNC name. See <a class="link" href="happy.html#redirfold" title="Configuration of Default Profile with Folder Redirection">“Configuration of Default Profile with Folder Redirection”</a>. 949 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 94976"></a><a name="id2594978"></a></td><td align="left" valign="top"><p>950 <a class="indexterm" name="id25 94982"></a>951 <a class="indexterm" name="id25 94989"></a>952 <a class="indexterm" name="id25 94998"></a>949 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588890"></a><a name="id2588893"></a></td><td align="left" valign="top"><p> 950 <a class="indexterm" name="id2588897"></a> 951 <a class="indexterm" name="id2588904"></a> 952 <a class="indexterm" name="id2588913"></a> 953 953 How much WAN bandwidth does WINS consume? 954 954 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 955 <a class="indexterm" name="id25 95012"></a>956 <a class="indexterm" name="id25 95021"></a>957 <a class="indexterm" name="id25 95028"></a>955 <a class="indexterm" name="id2588927"></a> 956 <a class="indexterm" name="id2588936"></a> 957 <a class="indexterm" name="id2588943"></a> 958 958 MS Windows clients cache information obtained from WINS lookups in a local NetBIOS name cache. 959 959 This keeps WINS lookups to a minimum. On a network with 3500 MS Windows clients and a central WINS … … 967 967 In conclusion, the total load afforded through WINS traffic is again marginal to total operational 968 968 usage as it should be. 969 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 95060"></a><a name="id2595062"></a></td><td align="left" valign="top"><p>969 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2588975"></a><a name="id2588977"></a></td><td align="left" valign="top"><p> 970 970 How many BDCs should I have? What is the right number of Windows clients per server? 971 971 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 981 981 As unsatisfactory as the answer might sound, it all depends on network and server load 982 982 characteristics. 983 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 95096"></a><a name="id2595098"></a></td><td align="left" valign="top"><p>984 <a class="indexterm" name="id25 95102"></a><a class="indexterm" name="id2595108"></a>983 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589011"></a><a name="id2589013"></a></td><td align="left" valign="top"><p> 984 <a class="indexterm" name="id2589017"></a><a class="indexterm" name="id2589023"></a> 985 985 I've heard that you can store NIS accounts in LDAP. Is LDAP not just a smarter way to 986 986 run an NIS server? … … 989 989 a configurable schema that can store far more information for many more purposes than 990 990 just NIS. 991 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id25 95130"></a><a name="id2595132"></a></td><td align="left" valign="top"><p>991 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2589044"></a><a name="id2589047"></a></td><td align="left" valign="top"><p> 992 992 Can I use NIS in place of LDAP? 993 993 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 994 <a class="indexterm" name="id25 95143"></a>995 <a class="indexterm" name="id25 95150"></a>994 <a class="indexterm" name="id2589058"></a> 995 <a class="indexterm" name="id2589065"></a> 996 996 No. The NIS database does not have provision to store Microsoft encrypted passwords and does not deal 997 997 with the types of data necessary for interoperability with Microsoft Windows networking. The use
Note:
See TracChangeset
for help on using the changeset viewer.
