- Timestamp:
- Mar 1, 2010, 3:05:48 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/Big500users.html
r368 r411 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 5.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 4. The 500-User Office"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id2571305">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2571350">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2571456">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2571492">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2571695">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2571718">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2572445">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2573010">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2576210">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2576268">Questions and Answers</a></span></dt></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id2565220">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565265">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565371">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565407">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2565610">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565632">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566360">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566924">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2570124">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2570183">Questions and Answers</a></span></dt></dl></div><p> 2 2 The Samba-3 networking you explored in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a> covers the finer points of 3 3 configuration of peripheral services such as DHCP and DNS, and WINS. You experienced … … 7 7 An analysis of the history of postings to the Samba mailing list easily demonstrates 8 8 that the two most prevalent Samba problem areas are 9 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>9 </p><div class="itemizedlist"><ul type="disc"><li><p> 10 10 Defective resolution of a NetBIOS name to its IP address 11 </p></li><li class="listitem"><p>11 </p></li><li><p> 12 12 Printing problems 13 13 </p></li></ul></div><p> … … 18 18 to make printing more complex for the administrator while making it easier for the user. 19 19 </p><p> 20 <a class="indexterm" name="id25 71241"></a>21 <a class="indexterm" name="id25 71248"></a>22 <a class="indexterm" name="id25 71255"></a>20 <a class="indexterm" name="id2565156"></a> 21 <a class="indexterm" name="id2565163"></a> 22 <a class="indexterm" name="id2565169"></a> 23 23 <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a> demonstrates operation of a DHCP server and a DNS server 24 24 as well as a central WINS server. You validated the operation of these services and … … 42 42 You should take the opportunity to innovate and expand on the methods presented 43 43 here and explore them to the fullest. 44 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571305"></a>Introduction</h2></div></div></div><p>44 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565220"></a>Introduction</h2></div></div></div><p> 45 45 Business continues to go well for Abmas. Mr. Meany is driving your success and the 46 46 network continues to grow thanks to the hard work Christine has done. You recently … … 67 67 it is rolled out. Your strategy is to complete the new network so that it 68 68 is ready for operation when the old office moves into the new premises. 69 </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id2571350"></a>Assignment Tasks</h3></div></div></div><p>69 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565265"></a>Assignment Tasks</h3></div></div></div><p> 70 70 The acquired business had 280 network users. The old Abmas building housed 71 71 220 network users in unbelievably cramped conditions. The network that … … 108 108 every four months. They automatically roll that out to each desktop system. 109 109 You must keep DirectPointe informed of all changes. 110 </p><p><a class="indexterm" name="id25 71428"></a>110 </p><p><a class="indexterm" name="id2565342"></a> 111 111 The new network has a single Samba Primary Domain Controller (PDC) located in the 112 112 Network Operation Center (NOC). Buildings 1 and 2 each have a local server … … 116 116 Printing is based on raw pass-through facilities just as it has been used so far. 117 117 All printer drivers are installed on the desktop and notebook computers. 118 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571456"></a>Dissection and Discussion</h2></div></div></div><p>119 <a class="indexterm" name="id25 71464"></a>118 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565371"></a>Dissection and Discussion</h2></div></div></div><p> 119 <a class="indexterm" name="id2565379"></a> 120 120 The example you are building in this chapter is of a network design that works, but this 121 121 does not make it a design that is recommended. As a general rule, there should be at least … … 128 128 controller. This is not a good omen for user satisfaction. You, of course, address this 129 129 very soon (see <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>). 130 </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2571492"></a>Technical Issues</h3></div></div></div><p>130 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565407"></a>Technical Issues</h3></div></div></div><p> 131 131 Stan has talked you into a horrible compromise, but it is addressed. Just make 132 132 certain that the performance of this network is well validated before going live. 133 133 </p><p> 134 134 Design decisions made in this design include the following: 135 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>136 <a class="indexterm" name="id25 71513"></a>137 <a class="indexterm" name="id25 71520"></a>138 <a class="indexterm" name="id25 71527"></a>135 </p><div class="itemizedlist"><ul type="disc"><li><p> 136 <a class="indexterm" name="id2565428"></a> 137 <a class="indexterm" name="id2565435"></a> 138 <a class="indexterm" name="id2565442"></a> 139 139 A single PDC is being implemented. This limitation is based on the choice not to 140 140 use LDAP. Many network administrators fear using LDAP because of the perceived 141 141 complexity of implementation and management of an LDAP-based backend for all user 142 142 identity management as well as to store network access credentials. 143 </p></li><li class="listitem"><p>144 <a class="indexterm" name="id25 71544"></a>145 <a class="indexterm" name="id25 71550"></a>143 </p></li><li><p> 144 <a class="indexterm" name="id2565458"></a> 145 <a class="indexterm" name="id2565465"></a> 146 146 Because of the refusal to use an LDAP (ldapsam) passdb backend at this time, the 147 147 only choice that makes sense with 500 users is to use the tdbsam passwd backend. … … 152 152 machines periodically change the secret machine password. When this happens, there 153 153 is no mechanism to return the changed password to the PDC. 154 </p></li><li class="listitem"><p>154 </p></li><li><p> 155 155 All domain user, group, and machine accounts are managed on the PDC. This makes 156 156 for a simple mode of operation but has to be balanced with network performance and 157 157 integrity of operations considerations. 158 </p></li><li class="listitem"><p>159 <a class="indexterm" name="id25 71591"></a>158 </p></li><li><p> 159 <a class="indexterm" name="id2565506"></a> 160 160 A single central WINS server is being used. The PDC is also the WINS server. 161 161 Any attempt to operate a routed network without a WINS server while using NetBIOS … … 164 164 normally located on the Windows XP Professional client in the 165 165 <code class="filename">C:\WINDOWS\SYSTEM32\ETC\DRIVERS</code> directory. 166 </p></li><li class="listitem"><p>166 </p></li><li><p> 167 167 At this time the Samba WINS database cannot be replicated. That is 168 168 why a single WINS server is being implemented. This should work without a problem. 169 </p></li><li class="listitem"><p>170 <a class="indexterm" name="id25 71628"></a>169 </p></li><li><p> 170 <a class="indexterm" name="id2565543"></a> 171 171 BDCs make use of <code class="literal">winbindd</code> to provide 172 172 access to domain security credentials for file system access and object storage. 173 </p></li><li class="listitem"><p>174 <a class="indexterm" name="id25 71647"></a>175 <a class="indexterm" name="id25 71657"></a>173 </p></li><li><p> 174 <a class="indexterm" name="id2565562"></a> 175 <a class="indexterm" name="id2565571"></a> 176 176 Configuration of Windows XP Professional clients is achieved using DHCP. Each 177 177 subnet has its own DHCP server. Backup DHCP serving is provided by one … … 179 179 all routers. The DHCP Relay agent must be programmed to pass DHCP Requests from the 180 180 network directed at the backup DHCP server. 181 </p></li><li class="listitem"><p>181 </p></li><li><p> 182 182 All network users are granted the ability to print to any printer that is 183 183 network-attached. All printers are available from each server. Print jobs that … … 185 185 routed to the print spooler that is in control of that printer. The specific details 186 186 of how this might be done are demonstrated for one example only. 187 </p></li><li class="listitem"><p>187 </p></li><li><p> 188 188 The network address and subnetmask chosen provide 1022 usable IP addresses in 189 189 each subnet. If in the future more addresses are required, it would make sense 190 190 to add further subnets rather than change addressing. 191 </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2571695"></a>Political Issues</h3></div></div></div><p>191 </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565610"></a>Political Issues</h3></div></div></div><p> 192 192 This case gets close to the real world. You and I know the right way to implement 193 193 domain control. Politically, we have to navigate a minefield. In this case, the need is to … … 195 195 by having the real solution ready before it is needed. That real solution is presented in 196 196 <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>. 197 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2571718"></a>Implementation</h2></div></div></div><p>197 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565632"></a>Implementation</h2></div></div></div><p> 198 198 The following configuration process begins following installation of Red Hat Fedora Core2 on the 199 199 three servers shown in the network topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">“Network Topology 500 User Network Using tdbsam passdb backend.”</a>. You have 200 200 selected hardware that is appropriate to the task. 201 </p><div class="figure"><a name="chap05net"></a><p class="title"><b>Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap5-net.png" width="270" alt="Network Topology 500 User Network Using tdbsam passdb backend."></div></div></div><br class="figure-break"><div class="sect2" title="Installation of DHCP, DNS, and Samba Control Files"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-dnshcp-setup"></a>Installation of DHCP, DNS, and Samba Control Files</h3></div></div></div><p>201 </p><div class="figure"><a name="chap05net"></a><p class="title"><b>Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap5-net.png" width="270" alt="Network Topology 500 User Network Using tdbsam passdb backend."></div></div></div><br class="figure-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-dnshcp-setup"></a>Installation of DHCP, DNS, and Samba Control Files</h3></div></div></div><p> 202 202 Carefully install the configuration files into the correct locations as shown in 203 203 <a class="link" href="Big500users.html#ch5-filelocations" title="Table 4.1. Domain: MEGANET, File Locations for Servers">“Domain: MEGANET, File Locations for Servers”</a>. You should validate that the full file path is … … 206 206 The abbreviation shown in this table as <code class="constant">{VLN}</code> refers to 207 207 the directory location beginning with <code class="filename">/var/lib/named</code>. 208 </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">“Server: MASSIVE (PDC), File: /etc/samba/smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">“Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf”</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">“Common Samba Configuration File: /etc/samba/common.conf”</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">“Server: BLDG1 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">“Server: BLDG2 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">“Common Domain Member Include File: dom-mem.conf”</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">“Server: MASSIVE, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">“Server: BLDG1, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">“Server: BLDG2, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">“Server: MASSIVE, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">“Server: MASSIVE, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">“Server: MASSIVE, File: named.conf, Part: C”</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">“Servers: BLDG1/BLDG2, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">“Servers: BLDG1/BLDG2, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Server Preparation: All Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id2572445"></a>Server Preparation: All Servers</h3></div></div></div><p>208 </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">“Server: MASSIVE (PDC), File: /etc/samba/smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">“Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf”</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">“Common Samba Configuration File: /etc/samba/common.conf”</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">“Server: BLDG1 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">“Server: BLDG2 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">“Common Domain Member Include File: dom-mem.conf”</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">“Server: MASSIVE, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">“Server: BLDG1, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">“Server: BLDG2, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">“Server: MASSIVE, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">“Server: MASSIVE, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">“Server: MASSIVE, File: named.conf, Part: C”</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">“Servers: BLDG1/BLDG2, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">“Servers: BLDG1/BLDG2, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566360"></a>Server Preparation: All Servers</h3></div></div></div><p> 209 209 The following steps apply to all servers. Follow each step carefully. 210 </p><div class="procedure" title="Procedure 4.1. Server Preparation Steps"><a name="id2572456"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>210 </p><div class="procedure"><a name="id2566371"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol type="1"><li><p> 211 211 Using the UNIX/Linux system tools, set the name of the server as shown in the network 212 212 topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">“Network Topology 500 User Network Using tdbsam passdb backend.”</a>. For SUSE Linux products, the tool … … 221 221 <code class="prompt">root# </code> hostname -f 222 222 </pre><p> 223 </p></li><li class="step" title="Step 2"><p>224 <a class="indexterm" name="id25 72520"></a>225 <a class="indexterm" name="id25 72527"></a>223 </p></li><li><p> 224 <a class="indexterm" name="id2566435"></a> 225 <a class="indexterm" name="id2566442"></a> 226 226 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses 227 227 of all network interfaces that are on the host server. This is necessary so that during … … 230 230 CUPS print server is started before the DNS server (<code class="literal">named</code>), you 231 231 should also include an entry for the printers in the <code class="filename">/etc/hosts</code> file. 232 </p></li><li class="step" title="Step 3"><p>233 <a class="indexterm" name="id25 72566"></a>232 </p></li><li><p> 233 <a class="indexterm" name="id2566480"></a> 234 234 All DNS name resolution should be handled locally. To ensure that the server is configured 235 235 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> so it has the following … … 241 241 This instructs the name resolver function (when configured correctly) to ask the DNS server 242 242 that is running locally to resolve names to addresses. 243 </p></li><li class="step" title="Step 4"><p>244 <a class="indexterm" name="id25 72597"></a>245 <a class="indexterm" name="id25 72604"></a>243 </p></li><li><p> 244 <a class="indexterm" name="id2566512"></a> 245 <a class="indexterm" name="id2566519"></a> 246 246 Add the <code class="constant">root</code> user to the password backend: 247 247 </p><pre class="screen"> … … 255 255 deleted. If for any reason the account is deleted, you may not be able to recreate this account 256 256 without considerable trouble. 257 </p></li><li class="step" title="Step 5"><p>258 <a class="indexterm" name="id25 72650"></a>259 <a class="indexterm" name="id25 72656"></a>257 </p></li><li><p> 258 <a class="indexterm" name="id2566564"></a> 259 <a class="indexterm" name="id2566571"></a> 260 260 Create the username map file to permit the <code class="constant">root</code> account to be called 261 261 <code class="constant">Administrator</code> from the Windows network environment. To do this, create … … 283 283 #### 284 284 </pre><p> 285 </p></li><li class="step" title="Step 6"><p>285 </p></li><li><p> 286 286 Configure all network-attached printers to have a fixed IP address. 287 </p></li><li class="step" title="Step 7"><p>287 </p></li><li><p> 288 288 Create an entry in the DNS database on the server <code class="constant">MASSIVE</code> 289 289 in both the forward lookup database for the zone <code class="constant">abmas.biz.hosts</code> … … 291 291 located in. Example configuration files for similar zones were presented in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a>, 292 292 <a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">“DNS Abmas.biz Forward Zone File”</a> and <a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">“DNS 192.168.2 Reverse Zone File”</a>. 293 </p></li><li class="step" title="Step 8"><p>293 </p></li><li><p> 294 294 Follow the instructions in the printer manufacturer's manuals to permit printing 295 295 to port 9100. Use any other port the manufacturer specifies for direct mode, 296 296 raw printing. This allows the CUPS spooler to print using raw mode protocols. 297 <a class="indexterm" name="id25 72748"></a>298 <a class="indexterm" name="id25 72755"></a>299 </p></li><li class="step" title="Step 9"><p>300 <a class="indexterm" name="id25 72768"></a>297 <a class="indexterm" name="id2566663"></a> 298 <a class="indexterm" name="id2566669"></a> 299 </p></li><li><p> 300 <a class="indexterm" name="id2566683"></a> 301 301 Only on the server to which the printer is attached configure the CUPS Print 302 302 Queues as follows: … … 304 304 <code class="prompt">root# </code> lpadmin -p <em class="parameter"><code>printque</code></em> -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E 305 305 </pre><p> 306 <a class="indexterm" name="id25 72803"></a>306 <a class="indexterm" name="id2566718"></a> 307 307 This step creates the necessary print queue to use no assigned print filter. This 308 308 is ideal for raw printing, that is, printing without use of filters. 309 309 The name <em class="parameter"><code>printque</code></em> is the name you have assigned for 310 310 the particular printer. 311 </p></li><li class="step" title="Step 10"><p>311 </p></li><li><p> 312 312 Print queues may not be enabled at creation. Make certain that the queues 313 313 you have just created are enabled by executing the following: … … 315 315 <code class="prompt">root# </code> /usr/bin/enable <em class="parameter"><code>printque</code></em> 316 316 </pre><p> 317 </p></li><li class="step" title="Step 11"><p>317 </p></li><li><p> 318 318 Even though your print queue may be enabled, it is still possible that it 319 319 does not accept print jobs. A print queue services incoming printing … … 323 323 <code class="prompt">root# </code> /usr/bin/accept <em class="parameter"><code>printque</code></em> 324 324 </pre><p> 325 </p></li><li class="step" title="Step 12"><p>326 <a class="indexterm" name="id25 72882"></a>327 <a class="indexterm" name="id25 72889"></a>328 <a class="indexterm" name="id25 72896"></a>325 </p></li><li><p> 326 <a class="indexterm" name="id2566797"></a> 327 <a class="indexterm" name="id2566804"></a> 328 <a class="indexterm" name="id2566811"></a> 329 329 This step, as well as the next one, may be omitted where CUPS version 1.1.18 330 330 or later is in use. Although it does no harm to follow it anyway, and may … … 336 336 application/octet-stream application/vnd.cups-raw 0 - 337 337 </pre><p> 338 </p></li><li class="step" title="Step 13"><p>339 <a class="indexterm" name="id25 72932"></a>338 </p></li><li><p> 339 <a class="indexterm" name="id2566847"></a> 340 340 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line: 341 341 </p><pre class="screen"> 342 342 application/octet-stream 343 343 </pre><p> 344 </p></li><li class="step" title="Step 14"><p>344 </p></li><li><p> 345 345 Refer to the CUPS printing manual for instructions regarding how to configure 346 346 CUPS so that print queues that reside on CUPS servers on remote networks … … 348 348 on your CUPS server may automatically discover remotely installed printers and 349 349 may permit this functionality without requiring specific configuration. 350 </p></li><li class="step" title="Step 15"><p>350 </p></li><li><p> 351 351 As part of the roll-out program, you need to configure the application's 352 352 server shares. This can be done once on the central server and may then be … … 355 355 <a class="link" href="secure.html#ch4appscfg" title="Application Share Configuration">“Application Share Configuration”</a> may help in your decisions to use an application 356 356 server facility. 357 </p></li></ol></div><div class="note" title="Note"style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>357 </p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 358 358 Logon scripts that are run from a domain controller (PDC or BDC) are capable of using semi-intelligent 359 359 processes to automap Windows client drives to an application server that is nearest to the client. This 360 360 is considerably more difficult when a single PDC is used on a routed network. It can be done, but not 361 361 as elegantly as you see in the next chapter. 362 </p></div></div><div class="sect2" title="Server-Specific Preparation"><div class="titlepage"><div><div><h3 class="title"><a name="id2573010"></a>Server-Specific Preparation</h3></div></div></div><p>362 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566924"></a>Server-Specific Preparation</h3></div></div></div><p> 363 363 There are some steps that apply to particular server functionality only. Each step is critical 364 364 to correct server operation. The following step-by-step installation guidance will assist you 365 365 in working through the process of configuring the PDC and then both BDC's. 366 </p><div class="sect3" title="Configuration for Server: MASSIVE"><div class="titlepage"><div><div><h4 class="title"><a name="id2573023"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p>366 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2566938"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p> 367 367 The steps presented here attempt to implement Samba installation in a generic manner. While 368 368 some steps are clearly specific to Linux, it should not be too difficult to apply them to 369 369 your platform of choice. 370 </p><div class="procedure" title="Procedure 4.2. Primary Domain Controller Preparation"><a name="id2573038"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>371 <a class="indexterm" name="id25 73050"></a>372 <a class="indexterm" name="id25 73057"></a>370 </p><div class="procedure"><a name="id2566953"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol type="1"><li><p> 371 <a class="indexterm" name="id2566965"></a> 372 <a class="indexterm" name="id2566972"></a> 373 373 The host server acts as a router between the two internal network segments as well 374 374 as for all Internet access. This necessitates that IP forwarding be enabled. This can be … … 379 379 To ensure that your kernel is capable of IP forwarding during configuration, you may wish to execute 380 380 that command manually also. This setting permits the Linux system to act as a router. 381 </p></li><li class="step" title="Step 2"><p>381 </p></li><li><p> 382 382 This server is dual hosted (i.e., has two network interfaces) one goes to the Internet 383 383 and the other to a local network that has a router that is the gateway to the remote networks. … … 397 397 startup files as follows: (SUSE) <code class="filename">/etc/rc.d/boot.local</code>, (Red Hat) 398 398 <code class="filename">/etc/rc.d/init.d/rc.local</code>. 399 </p></li><li class="step" title="Step 3"><p>400 <a class="indexterm" name="id25 73151"></a>399 </p></li><li><p> 400 <a class="indexterm" name="id2567065"></a> 401 401 The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 402 402 This file controls the operation of the various resolver libraries that are part of the Linux … … 405 405 hosts: files dns wins 406 406 </pre><p> 407 </p></li><li class="step" title="Step 4"><p>408 <a class="indexterm" name="id25 73180"></a>407 </p></li><li><p> 408 <a class="indexterm" name="id2567095"></a> 409 409 Create and map Windows domain groups to UNIX groups. A sample script is provided in 410 410 <a class="link" href="Big500users.html#ch5-initgrps" title="Example 4.17. Initialize Groups Script, File: /etc/samba/initGrps.sh">“Initialize Groups Script, File: /etc/samba/initGrps.sh”</a>. Create a file containing this script. You called yours … … 412 412 and then execute the script. An example of the execution of this script as well as its 413 413 validation are shown in Section 4.3.2, Step 5. 414 </p></li><li class="step" title="Step 5"><p>415 <a class="indexterm" name="id25 73212"></a>416 <a class="indexterm" name="id25 73219"></a>417 <a class="indexterm" name="id25 73228"></a>414 </p></li><li><p> 415 <a class="indexterm" name="id2567127"></a> 416 <a class="indexterm" name="id2567134"></a> 417 <a class="indexterm" name="id2567143"></a> 418 418 For each user who needs to be given a Windows domain account, make an entry in the 419 419 <code class="filename">/etc/passwd</code> file as well as in the Samba password backend. … … 421 421 <code class="literal">smbpasswd</code> to create a domain user account. 422 422 </p><p> 423 <a class="indexterm" name="id25 73255"></a>424 <a class="indexterm" name="id25 73262"></a>425 <a class="indexterm" name="id25 73268"></a>423 <a class="indexterm" name="id2567170"></a> 424 <a class="indexterm" name="id2567176"></a> 425 <a class="indexterm" name="id2567183"></a> 426 426 There are a number of tools for user management under UNIX, such as 427 427 <code class="literal">useradd</code>, <code class="literal">adduser</code>, as well as a plethora of custom 428 428 tools. With the tool of your choice, create a home directory for each user. 429 </p></li><li class="step" title="Step 6"><p>429 </p></li><li><p> 430 430 Using the preferred tool for your UNIX system, add each user to the UNIX groups created 431 431 previously as necessary. File system access control is based on UNIX group membership. 432 </p></li><li class="step" title="Step 7"><p>432 </p></li><li><p> 433 433 Create the directory mount point for the disk subsystem that is to be mounted to provide 434 434 data storage for company files, in this case, the mount point indicated in the <code class="filename">smb.conf</code> 435 435 file is <code class="filename">/data</code>. Format the file system as required and mount the formatted 436 436 file system partition using appropriate system tools. 437 </p></li><li class="step" title="Step 8"><p>438 <a class="indexterm" name="id25 73332"></a>437 </p></li><li><p> 438 <a class="indexterm" name="id2567247"></a> 439 439 Create the top-level file storage directories for data and applications as follows: 440 440 </p><pre class="screen"> … … 454 454 The <code class="filename">/apps</code> directory is the root of the <code class="constant">apps</code> share 455 455 that provides the application server infrastructure. 456 </p></li><li class="step" title="Step 9"><p>456 </p></li><li><p> 457 457 The <code class="filename">smb.conf</code> file specifies an infrastructure to support roaming profiles and network 458 458 logon services. You can now create the file system infrastructure to provide the … … 475 475 <code class="prompt">root# </code> chmod ug+wrx,o+rx,-w /var/lib/samba/profiles/'username' 476 476 </pre><p> 477 </p></li><li class="step" title="Step 10"><p>478 <a class="indexterm" name="id25 73538"></a>479 <a class="indexterm" name="id25 73545"></a>477 </p></li><li><p> 478 <a class="indexterm" name="id2567453"></a> 479 <a class="indexterm" name="id2567459"></a> 480 480 Create a logon script. It is important that each line is correctly terminated with 481 481 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure … … 492 492 > /var/lib/samba/netlogon/scripts/logon.bat 493 493 </pre><p> 494 </p></li><li class="step" title="Step 11"><p>494 </p></li><li><p> 495 495 There is one preparatory step without which you cannot have a working Samba network 496 496 environment. You must add an account for each network user. You can do this by executing … … 509 509 </pre><p> 510 510 You do, of course, use a valid user login ID in place of <em class="parameter"><code>username</code></em>. 511 </p></li><li class="step" title="Step 12"><p>511 </p></li><li><p> 512 512 Follow the processes shown in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">“Process Startup Configuration”</a> to start all services. 513 </p></li><li class="step" title="Step 13"><p>513 </p></li><li><p> 514 514 Your server is ready for validation testing. Do not proceed with the steps in 515 515 <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">“Configuration Specific to Domain Member Servers: BLDG1, BLDG2”</a> until after the operation of the server has been 516 516 validated following the same methods as outlined in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a>, <a class="link" href="secure.html#ch4valid" title="Validation">“Validation”</a>. 517 </p></li></ol></div></div><div class="sect3" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2"><div class="titlepage"><div><div><h4 class="title"><a name="ch5-domsvrspec"></a>Configuration Specific to Domain Member Servers: <code class="constant">BLDG1, BLDG2</code></h4></div></div></div><p>517 </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="ch5-domsvrspec"></a>Configuration Specific to Domain Member Servers: <code class="constant">BLDG1, BLDG2</code></h4></div></div></div><p> 518 518 The following steps will guide you through the nuances of implementing BDCs for the broadcast 519 519 isolated network segments. Remember that if the target installation platform is not Linux, it may 520 520 be necessary to adapt some commands to the equivalent on the target platform. 521 </p><div class="procedure" title="Procedure 4.3. Backup Domain Controller Configuration Steps"><a name="id2573731"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>522 <a class="indexterm" name="id25 73743"></a>521 </p><div class="procedure"><a name="id2567646"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol type="1"><li><p> 522 <a class="indexterm" name="id2567658"></a> 523 523 The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 524 524 This file controls the operation of the various resolver libraries that are part of the Linux … … 529 529 hosts: files dns wins 530 530 </pre><p> 531 </p></li><li class="step" title="Step 2"><p>531 </p></li><li><p> 532 532 Follow the steps outlined in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">“Process Startup Configuration”</a> to start all services. Do not 533 533 start Samba at this time. Samba is controlled by the process called <code class="literal">smb</code>. 534 </p></li><li class="step" title="Step 3"><p>535 <a class="indexterm" name="id25 73795"></a>534 </p></li><li><p> 535 <a class="indexterm" name="id2567710"></a> 536 536 You must now attempt to join the domain member servers to the domain. The following 537 537 instructions should be executed to effect this: … … 539 539 <code class="prompt">root# </code> net rpc join 540 540 </pre><p> 541 </p></li><li class="step" title="Step 4"><p>542 <a class="indexterm" name="id25 73827"></a>541 </p></li><li><p> 542 <a class="indexterm" name="id2567742"></a> 543 543 You now start the Samba services by executing: 544 544 </p><pre class="screen"> 545 545 <code class="prompt">root# </code> service smb start 546 546 </pre><p> 547 </p></li><li class="step" title="Step 5"><p>547 </p></li><li><p> 548 548 Your server is ready for validation testing. Do not proceed with the steps in 549 549 <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">“Configuration Specific to Domain Member Servers: BLDG1, BLDG2”</a> until after the operation of the server has been 550 550 validated following the same methods as outlined in <a class="link" href="secure.html#ch4valid" title="Validation">“Validation”</a>. 551 </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2573912"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2573924"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2573936"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2573948"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2573960"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2573971"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2573983"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2573995"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2574007"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2574020"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2574032"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2574044"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2574057"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574069"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574081"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2574102"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2574113"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2574125"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2574146"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2574157"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2574169"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2574190"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2574202"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2574213"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2574261"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2574273"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2574285"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2574297"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2574309"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2574321"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2574332"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574344"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574356"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2574377"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2574389"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2574400"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2574412"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2574432"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2574444"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2574456"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574468"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2574488"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2574500"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2574512"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2574523"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2574568"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2574580"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2574591"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2574603"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2574614"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2574626"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2574638"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2574650"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574662"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2574673"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2574686"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2574698"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2574710"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574722"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574734"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2574745"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2574757"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id2574769"></a><em class="parameter"><code>include = </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2574794"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2574806"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2574817"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574829"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574840"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574852"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2574864"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2574885"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2574896"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2574908"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id2574920"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2574963"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2574974"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2574986"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2575029"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2575041"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id2575053"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2575096"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2575108"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2575120"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2575132"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2575144"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2575156"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2575168"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen">551 </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2567827"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2567839"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2567851"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2567862"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567874"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2567886"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2567898"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567910"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567922"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2567934"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2567947"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567959"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567972"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567984"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567996"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2568016"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568028"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2568040"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2568060"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568072"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2568084"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2568104"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568116"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2568128"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568176"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2568188"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2568200"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2568212"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2568224"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2568236"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2568247"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568259"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568271"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2568292"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2568303"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2568315"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568327"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2568347"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2568359"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2568371"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568382"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2568403"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2568415"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2568427"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568438"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568483"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2568494"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2568506"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2568517"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2568529"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2568541"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2568553"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2568565"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568576"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2568588"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568600"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2568613"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2568625"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568636"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568648"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2568660"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2568672"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id2568684"></a><em class="parameter"><code>include = </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2568709"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2568720"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2568732"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568744"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568755"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568767"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568779"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2568800"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568811"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2568823"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id2568835"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568877"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2568889"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2568901"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568944"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2568956"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id2568967"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2569011"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2569023"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2569035"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2569047"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2569059"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2569071"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2569082"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen"> 552 552 # Abmas Accounting Inc. 553 553 … … 898 898 net groupmap add ntgroup="Financial Services" unixgroup=finsrvcs type=d 899 899 net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d 900 </pre></div></div><br class="example-break"><div class="sect2" title="Process Startup Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p>901 <a class="indexterm" name="id25 75523"></a>902 <a class="indexterm" name="id25 75530"></a>900 </pre></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p> 901 <a class="indexterm" name="id2569438"></a> 902 <a class="indexterm" name="id2569445"></a> 903 903 There are two essential steps to process startup configuration. A process 904 904 must be configured so that it is automatically restarted each time the server … … 909 909 necessary start or kill script is run. 910 910 </p><p> 911 <a class="indexterm" name="id25 75566"></a>911 <a class="indexterm" name="id2569481"></a> 912 912 In the event that a service is provided not as a daemon but via the internetworking 913 913 super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code> … … 919 919 are for a Red Hat Linux system, please adapt them to suit the target OS platform on which you 920 920 are installing Samba. 921 </p><div class="procedure" title="Procedure 4.4. Process Startup Configuration Steps"><a name="id2575610"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>921 </p><div class="procedure"><a name="id2569525"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol type="1"><li><p> 922 922 Use the standard system tool to configure each service to restart 923 923 automatically at every system reboot. For example, 924 <a class="indexterm" name="id25 75625"></a>924 <a class="indexterm" name="id2569540"></a> 925 925 </p><pre class="screen"> 926 926 <code class="prompt">root# </code> chkconfig dhpc on … … 930 930 <code class="prompt">root# </code> chkconfig swat on 931 931 </pre><p> 932 </p></li><li class="step" title="Step 2"><p>933 <a class="indexterm" name="id25 75674"></a>934 <a class="indexterm" name="id25 75681"></a>935 <a class="indexterm" name="id25 75688"></a>932 </p></li><li><p> 933 <a class="indexterm" name="id2569589"></a> 934 <a class="indexterm" name="id2569596"></a> 935 <a class="indexterm" name="id2569603"></a> 936 936 Now start each service to permit the system to be validated. 937 937 Execute each of the following in the sequence shown: … … 944 944 <code class="prompt">root# </code> service swat restart 945 945 </pre><p> 946 </p></li></ol></div></div><div class="sect2" title="Windows Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch5wincfg"></a>Windows Client Configuration</h3></div></div></div><p>946 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5wincfg"></a>Windows Client Configuration</h3></div></div></div><p> 947 947 The procedure for desktop client configuration for the network in this chapter is similar to 948 948 that used for the previous one. There are a few subtle changes that should be noted. 949 </p><div class="procedure" title="Procedure 4.5. Windows Client Configuration Steps"><a name="id2575754"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>949 </p><div class="procedure"><a name="id2569669"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol type="1"><li><p> 950 950 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 951 951 TCP/IP protocol configuration. 952 <a class="indexterm" name="id25 75768"></a>953 <a class="indexterm" name="id25 75775"></a>952 <a class="indexterm" name="id2569683"></a> 953 <a class="indexterm" name="id2569689"></a> 954 954 DHCP configures all Windows clients to use the WINS Server address that has been defined 955 955 for the local subnet. 956 </p></li><li class="step" title="Step 2"><p>956 </p></li><li><p> 957 957 Join the Windows domain <code class="constant">MEGANET</code>. Use the domain administrator 958 958 username <code class="constant">root</code> and the SMB password you assigned to this account. … … 961 961 Reboot the machine as prompted and then log on using the domain administrator account 962 962 (<code class="constant">root</code>). 963 </p></li><li class="step" title="Step 3"><p>963 </p></li><li><p> 964 964 Verify that the server called <code class="constant">MEGANET</code> is visible in <span class="guimenu">My Network Places</span>, 965 965 that it is possible to connect to it and see the shares <span class="guimenuitem">accounts</span>, 966 966 <span class="guimenuitem">apps</span>, and <span class="guimenuitem">finsvcs</span>, 967 967 and that it is possible to open each share to reveal its contents. 968 </p></li><li class="step" title="Step 4"><p>968 </p></li><li><p> 969 969 Create a drive mapping to the <code class="constant">apps</code> share on a server. At this time, it does 970 970 not particularly matter which application server is used. It is necessary to manually … … 972 972 installation. This step is avoided by the improvements to the design of the network configuration 973 973 in the next chapter. 974 </p></li><li class="step" title="Step 5"><p>974 </p></li><li><p> 975 975 Perform an administrative installation of each application to be used. Select the options 976 976 that you wish to use. Of course, you choose to run applications over the network, correct? 977 </p></li><li class="step" title="Step 6"><p>977 </p></li><li><p> 978 978 Now install all applications to be installed locally. Typical tools include Adobe Acrobat, 979 979 NTP-based time synchronization software, drivers for specific local devices such as fingerprint 980 980 scanners, and the like. Probably the most significant application to be locally installed 981 981 is antivirus software. 982 </p></li><li class="step" title="Step 7"><p>982 </p></li><li><p> 983 983 Now install all four printers onto the staging system. The printers you install 984 984 include the accounting department HP LaserJet 6 and Minolta QMS Magicolor printers, and you … … 986 986 Install printers on each machine using the following steps: 987 987 988 </p><div class="procedure" title="Procedure 4.6. Steps to Install Printer Drivers on Windows Clients"><a name="id2575906"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol class="procedure" type="1"><li class="step" title="Step 7.1"><p>988 </p><div class="procedure"><a name="id2569820"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol type="1"><li><p> 989 989 Click <span class="guimenu">Start</span> → <span class="guimenuitem">Settings</span> → <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>. 990 990 Ensure that <span class="guimenuitem">Local printer</span> is selected. 991 </p></li><li class="step" title="Step 7.2"><p>991 </p></li><li><p> 992 992 Click <span class="guibutton">Next</span>. In the 993 993 <span class="guimenuitem">Manufacturer:</span> panel, select <code class="constant">HP</code>. 994 994 In the <span class="guimenuitem">Printers:</span> panel, select the printer called 995 995 <code class="constant">HP LaserJet 6</code>. Click <span class="guibutton">Next</span>. 996 </p></li><li class="step" title="Step 7.3"><p>996 </p></li><li><p> 997 997 In the <span class="guimenuitem">Available ports:</span> panel, select 998 998 <code class="constant">FILE:</code>. Accept the default printer name by clicking 999 <span class="guibutton">Next</span>. When asked, <span class="quote">“<span class="quote">Would you like to print a1000 test page?</span>” </span>, click <span class="guimenuitem">No</span>. Click999 <span class="guibutton">Next</span>. When asked, “<span class="quote">Would you like to print a 1000 test page?</span>”, click <span class="guimenuitem">No</span>. Click 1001 1001 <span class="guibutton">Finish</span>. 1002 </p></li><li class="step" title="Step 7.4"><p>1002 </p></li><li><p> 1003 1003 You may be prompted for the name of a file to print to. If so, close the 1004 1004 dialog panel. Right-click <span class="guiicon">HP LaserJet 6</span> → <span class="guimenuitem">Properties</span>. 1005 </p></li><li class="step" title="Step 7.5"><p>1005 </p></li><li><p> 1006 1006 In the <span class="guimenuitem">Network</span> panel, enter the name of 1007 1007 the print queue on the Samba server as follows: <code class="constant">\\BLDG1\hplj6a</code>. 1008 1008 Click <span class="guibutton">OK</span>+<span class="guibutton">OK</span> to complete the installation. 1009 </p></li><li class="step" title="Step 7.6"><p>1009 </p></li><li><p> 1010 1010 Repeat the printer installation steps above for both HP LaserJet 6 printers 1011 1011 as well as for both QMS Magicolor laser printers. Remember to install all … … 1019 1019 server on the network segment on which the workstation is to be located. 1020 1020 </p></li></ol></div><p> 1021 </p></li><li class="step" title="Step 8"><p>1021 </p></li><li><p> 1022 1022 When you are satisfied that the staging systems are complete, use the appropriate procedure to 1023 1023 remove the client from the domain. Reboot the system, and then log on as the local administrator 1024 1024 and clean out all temporary files stored on the system. Before shutting down, use the disk 1025 1025 defragmentation tool so that the file system is in optimal condition before replication. 1026 </p></li><li class="step" title="Step 9"><p>1026 </p></li><li><p> 1027 1027 Boot the workstation using the Norton (Symantec) Ghosting disk (or CD-ROM) and image the 1028 1028 machine to a network share on the server. 1029 </p></li><li class="step" title="Step 10"><p>1029 </p></li><li><p> 1030 1030 You may now replicate the image using the appropriate Norton Ghost procedure to the target 1031 1031 machines. Make sure to use the procedure that ensures each machine has a unique 1032 1032 Windows security identifier (SID). When the installation of the disk image is complete, boot the PC. 1033 </p></li><li class="step" title="Step 11"><p>1033 </p></li><li><p> 1034 1034 Log onto the machine as the local Administrator (the only option), and join the machine to 1035 1035 the domain following the procedure set out in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">“A Collection of Useful Tidbits”</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">“Joining a Domain: Windows 200x/XP Professional”</a>. You must now set the … … 1037 1037 ready for the user to log on, provided you have created a network logon account for that 1038 1038 user, of course. 1039 </p></li><li class="step" title="Step 12"><p>1039 </p></li><li><p> 1040 1040 Instruct all users to log onto the workstation using their assigned username and password. 1041 </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id2576210"></a>Key Points Learned</h3></div></div></div><p>1041 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2570124"></a>Key Points Learned</h3></div></div></div><p> 1042 1042 The network you have just deployed has been a valuable exercise in forced constraint. 1043 1043 You have deployed a network that works well, although you may soon start to see 1044 1044 performance problems, at which time the modifications demonstrated in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a> 1045 1045 bring the network to life. The following key learning points were experienced: 1046 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1046 </p><div class="itemizedlist"><ul type="disc"><li><p> 1047 1047 The power of using <code class="filename">smb.conf</code> include files 1048 </p></li><li class="listitem"><p>1048 </p></li><li><p> 1049 1049 Use of a single PDC over a routed network 1050 </p></li><li class="listitem"><p>1050 </p></li><li><p> 1051 1051 Joining a Samba-3 domain member server to a Samba-3 domain 1052 </p></li><li class="listitem"><p>1052 </p></li><li><p> 1053 1053 Configuration of winbind to use domain users and groups for Samba access 1054 1054 to resources on the domain member servers 1055 </p></li><li class="listitem"><p>1055 </p></li><li><p> 1056 1056 The introduction of roaming profiles 1057 </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2576268"></a>Questions and Answers</h2></div></div></div><p>1058 </p><div class="qandaset" title="Frequently Asked Questions"><a name="id2576277"></a><dl><dt> <a href="Big500users.html#id2576284">1057 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2570183"></a>Questions and Answers</h2></div></div></div><p> 1058 </p><div class="qandaset"><dl><dt> <a href="Big500users.html#id2570199"> 1059 1059 The example smb.conf files in this chapter make use of the include facility. 1060 1060 How may I get to see what the actual working smb.conf settings are? 1061 </a></dt><dt> <a href="Big500users.html#id257 6333">1061 </a></dt><dt> <a href="Big500users.html#id2570248"> 1062 1062 Why does the include file common.conf have an empty include statement? 1063 </a></dt><dt> <a href="Big500users.html#id257 6396">1063 </a></dt><dt> <a href="Big500users.html#id2570310"> 1064 1064 I accept that the simplest configuration necessary to do the job is the best. The use of tdbsam 1065 1065 passdb backend is much simpler than having to manage an LDAP-based ldapsam passdb backend. 1066 1066 I tried using rsync to replicate the passdb.tdb, and it seems to work fine! 1067 1067 So what is the problem? 1068 </a></dt><dt> <a href="Big500users.html#id257 6451">1068 </a></dt><dt> <a href="Big500users.html#id2570365"> 1069 1069 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash? 1070 </a></dt><dt> <a href="Big500users.html#id257 6481">1070 </a></dt><dt> <a href="Big500users.html#id2570396"> 1071 1071 How does the Windows client find the PDC? 1072 </a></dt><dt> <a href="Big500users.html#id257 6504">1072 </a></dt><dt> <a href="Big500users.html#id2570418"> 1073 1073 Why did you enable IP forwarding (routing) only on the server called MASSIVE? 1074 </a></dt><dt> <a href="Big500users.html#id257 6534">1074 </a></dt><dt> <a href="Big500users.html#id2570449"> 1075 1075 You did nothing special to implement roaming profiles. Why? 1076 </a></dt><dt> <a href="Big500users.html#id257 6554">1076 </a></dt><dt> <a href="Big500users.html#id2570469"> 1077 1077 On the domain member computers, you configured winbind in the /etc/nsswitch.conf file. 1078 1078 You did not configure any PAM settings. Is this an omission? 1079 </a></dt><dt> <a href="Big500users.html#id257 6586">1079 </a></dt><dt> <a href="Big500users.html#id2570500"> 1080 1080 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this? 1081 </a></dt><dt> <a href="Big500users.html#id257 6627">1081 </a></dt><dt> <a href="Big500users.html#id2570542"> 1082 1082 The domain controller has an auto-shutdown script. Isn't that dangerous? 1083 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id2576284"></a><a name="id2576286"></a></td><td align="left" valign="top"><p>1083 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2570199"></a><a name="id2570201"></a></td><td align="left" valign="top"><p> 1084 1084 The example <code class="filename">smb.conf</code> files in this chapter make use of the <em class="parameter"><code>include</code></em> facility. 1085 1085 How may I get to see what the actual working <code class="filename">smb.conf</code> settings are? … … 1089 1089 <code class="prompt">root# </code> testparm -s | less 1090 1090 </pre><p> 1091 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6333"></a><a name="id2576335"></a></td><td align="left" valign="top"><p>1091 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570248"></a><a name="id2570250"></a></td><td align="left" valign="top"><p> 1092 1092 Why does the include file <code class="filename">common.conf</code> have an empty include statement? 1093 1093 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1102 1102 the include in place, even though the file it points to has already been included. This is a bug 1103 1103 that will be fixed at a future date. 1104 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6396"></a><a name="id2576398"></a></td><td align="left" valign="top"><p>1104 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570310"></a><a name="id2570312"></a></td><td align="left" valign="top"><p> 1105 1105 I accept that the simplest configuration necessary to do the job is the best. The use of <em class="parameter"><code>tdbsam</code></em> 1106 1106 passdb backend is much simpler than having to manage an LDAP-based <em class="parameter"><code>ldapsam</code></em> passdb backend. … … 1112 1112 to log onto the network following a reboot and may have to rejoin the domain to recover network 1113 1113 access capability. 1114 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6451"></a><a name="id2576453"></a></td><td align="left" valign="top"><p>1114 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570365"></a><a name="id2570368"></a></td><td align="left" valign="top"><p> 1115 1115 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash? 1116 1116 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1121 1121 The only exception to this rule is when the client makes a directed request from a specific DHCP server 1122 1122 for renewal of the lease it has. This means that under normal circumstances there is no risk of a clash. 1123 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6481"></a><a name="id2576483"></a></td><td align="left" valign="top"><p>1123 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570396"></a><a name="id2570398"></a></td><td align="left" valign="top"><p> 1124 1124 How does the Windows client find the PDC? 1125 1125 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1128 1128 to register itself with the WINS server and to obtain enumeration of vital network information to 1129 1129 enable it to operate successfully. 1130 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6504"></a><a name="id2576506"></a></td><td align="left" valign="top"><p>1130 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570418"></a><a name="id2570420"></a></td><td align="left" valign="top"><p> 1131 1131 Why did you enable IP forwarding (routing) only on the server called <code class="constant">MASSIVE</code>? 1132 1132 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1135 1135 Route table entries are needed to direct MASSIVE to send all traffic intended for the remote network 1136 1136 segments to the router that is its gateway to them. 1137 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6534"></a><a name="id2576536"></a></td><td align="left" valign="top"><p>1137 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570449"></a><a name="id2570451"></a></td><td align="left" valign="top"><p> 1138 1138 You did nothing special to implement roaming profiles. Why? 1139 1139 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 1140 1140 Unless configured to do otherwise, the default behavior with Samba-3 and Windows XP Professional 1141 1141 clients is to use roaming profiles. 1142 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6554"></a><a name="id2576556"></a></td><td align="left" valign="top"><p>1142 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570469"></a><a name="id2570471"></a></td><td align="left" valign="top"><p> 1143 1143 On the domain member computers, you configured winbind in the <code class="filename">/etc/nsswitch.conf</code> file. 1144 1144 You did not configure any PAM settings. Is this an omission? … … 1149 1149 to enable the use of winbind. Samba makes use only of the identity resolution facilities of the name 1150 1150 service switch (NSS). 1151 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6586"></a><a name="id2576588"></a></td><td align="left" valign="top"><p>1151 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570500"></a><a name="id2570503"></a></td><td align="left" valign="top"><p> 1152 1152 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this? 1153 1153 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1158 1158 file but leaves in place a broken reference to the top-layer include file. SWAT was not designed to 1159 1159 handle this functionality gracefully. 1160 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id257 6627"></a><a name="id2576629"></a></td><td align="left" valign="top"><p>1160 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2570542"></a><a name="id2570544"></a></td><td align="left" valign="top"><p> 1161 1161 The domain controller has an auto-shutdown script. Isn't that dangerous? 1162 1162 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
Note:
See TracChangeset
for help on using the changeset viewer.
