- Timestamp:
- Mar 1, 2010, 3:05:48 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/secure.html
r368 r411 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 5.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 3. Secure Office Networking"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id2564639">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2564691">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2564924">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2564939">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id2565367">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2565406">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2566260">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2570721">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2570783">Questions and Answers</a></span></dt></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 3. Secure Office Networking</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="small.html" title="Chapter 2. Small Office Networking"><link rel="next" href="Big500users.html" title="Chapter 4. The 500-User Office"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 3. Secure Office Networking</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="secure"></a>Chapter 3. Secure Office Networking</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="secure.html#id2558556">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558607">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2558840">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#id2558856">Technical Issues</a></span></dt><dt><span class="sect2"><a href="secure.html#id2559282">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2559322">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="secure.html#ch4bsc">Basic System Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2560176">Samba Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4dhcpdns">Configuration of DHCP and DNS Servers</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4ptrcfg">Printer Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4valid">Validation</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4appscfg">Application Share Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#ch4wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="secure.html#id2564636">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="secure.html#id2564698">Questions and Answers</a></span></dt></dl></div><p> 2 2 Congratulations, your Samba networking skills are developing nicely. You started out 3 3 with three simple networks in <a class="link" href="simple.html" title="Chapter 1. No-Frills Samba Servers">“No-Frills Samba Servers”</a>, and then in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a> … … 12 12 To avoid confusion, this book is all about Samba-3. Let's get the exercises in this 13 13 chapter underway. 14 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2564639"></a>Introduction</h2></div></div></div><p>14 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2558556"></a>Introduction</h2></div></div></div><p> 15 15 You have made Mr. Meany a very happy man. Recently he paid you a fat bonus for work 16 16 well done. It is one year since the last network upgrade. You have been quite busy. … … 41 41 about your move, she almost resigned, although she was reassured that a new manager would 42 42 be hired to run Information Technology, and she would be responsible only for operations. 43 </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id2564691"></a>Assignment Tasks</h3></div></div></div><p>43 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558607"></a>Assignment Tasks</h3></div></div></div><p> 44 44 You promised the staff Internet services including Web browsing, electronic mail, virus 45 45 protection, and a company Web site. Christine is eager to help turn the vision into … … 84 84 some problems with desktop computers and software installation into the new users' 85 85 desktop profiles. 86 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2564924"></a>Dissection and Discussion</h2></div></div></div><p>86 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2558840"></a>Dissection and Discussion</h2></div></div></div><p> 87 87 Many of the conclusions you draw here are obvious. Some requirements are not very clear 88 88 or may simply be your means of drawing the most out of Samba-3. Much can be done more simply … … 90 90 users. This means that some functionality will be overdesigned for the current 130-user 91 91 environment. 92 </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2564939"></a>Technical Issues</h3></div></div></div><p>92 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2558856"></a>Technical Issues</h3></div></div></div><p> 93 93 In this exercise we use a 24-bit subnet mask for the two local networks. This, 94 94 of course, limits our network to a maximum of 253 usable IP addresses. The network … … 98 98 in the 172.16.0.0/16 range. This is done in subsequent chapters. 99 99 </p><p> 100 <a class="indexterm" name="id25 64958"></a>101 <a class="indexterm" name="id25 64964"></a>100 <a class="indexterm" name="id2558874"></a> 101 <a class="indexterm" name="id2558880"></a> 102 102 The high growth rates projected are a good reason to use the <code class="constant">tdbsam</code> 103 103 passdb backend. The use of <code class="constant">smbpasswd</code> for the backend may result in … … 105 105 are not available with the older, flat ASCII-based <code class="constant">smbpasswd</code> database. 106 106 </p><p> 107 <a class="indexterm" name="id25 64991"></a>107 <a class="indexterm" name="id2558907"></a> 108 108 The proposed network design uses a single server to act as an Internet services host for 109 109 electronic mail, Web serving, remote administrative access via SSH, … … 118 118 directly connected to the Internet. 119 119 </p><p> 120 <a class="indexterm" name="id25 65016"></a>121 <a class="indexterm" name="id25 65023"></a>122 <a class="indexterm" name="id25 65029"></a>123 <a class="indexterm" name="id25 65037"></a>120 <a class="indexterm" name="id2558932"></a> 121 <a class="indexterm" name="id2558938"></a> 122 <a class="indexterm" name="id2558945"></a> 123 <a class="indexterm" name="id2558953"></a> 124 124 You know that your ISP is providing full firewall services, but you cannot rely on that. 125 125 Always assume that human error will occur, so be prepared by using Linux firewall facilities … … 132 132 covered except insofar as this affects Samba-3. 133 133 </p><p> 134 <a class="indexterm" name="id25 65066"></a>134 <a class="indexterm" name="id2558982"></a> 135 135 Notebook computers are configured to use a network login when in the office and a 136 136 local account to log in while away from the office. Users store all work done in … … 142 142 records. 143 143 </p><p> 144 <a class="indexterm" name="id25 65097"></a>144 <a class="indexterm" name="id2559012"></a> 145 145 All applications are served from the central server from a share called <code class="constant">apps</code>. 146 146 Microsoft Office XP Professional and OpenOffice 1.1.0 will be installed using a network … … 149 149 locally installed applications on a need-to-have basis only. 150 150 </p><p> 151 <a class="indexterm" name="id25 65117"></a>151 <a class="indexterm" name="id2559032"></a> 152 152 The introduction of roaming profiles support means that users can move between 153 153 desktop computer systems without constraint while retaining full access to their data. 154 154 The desktop travels with them as they move. 155 155 </p><p> 156 <a class="indexterm" name="id25 65130"></a>156 <a class="indexterm" name="id2559045"></a> 157 157 The DNS server implementation must now address both internal and external 158 158 needs. You forward DNS lookups to your ISP-provided server as well as the 159 159 <code class="constant">abmas.us</code> external secondary DNS server. 160 160 </p><p> 161 <a class="indexterm" name="id25 65146"></a>162 <a class="indexterm" name="id25 65152"></a>163 <a class="indexterm" name="id25 65161"></a>161 <a class="indexterm" name="id2559062"></a> 162 <a class="indexterm" name="id2559068"></a> 163 <a class="indexterm" name="id2559076"></a> 164 164 Compared with the DHCP server configuration in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a>, <a class="link" href="small.html#dhcp01" title="Example 2.2. Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf">“Abmas Accounting DHCP Server Configuration File /etc/dhcpd.conf”</a>, the 165 165 configuration used in this example has to deal with the presence of an Internet connection. … … 185 185 then clone that configuration, using Norton Ghost, to all workstations. Each machine is 186 186 identical, so this should pose no problem. 187 </p><div class="sect3" title="Hardware Requirements"><div class="titlepage"><div><div><h4 class="title"><a name="id2565213"></a>Hardware Requirements</h4></div></div></div><p>188 <a class="indexterm" name="id25 65220"></a>187 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2559128"></a>Hardware Requirements</h4></div></div></div><p> 188 <a class="indexterm" name="id2559136"></a> 189 189 This server runs a considerable number of services. From similarly configured Linux 190 190 installations, the approximate calculated memory requirements are as shown in … … 214 214 compromise in this area. 215 215 </p><p> 216 <a class="indexterm" name="id25 65272"></a>216 <a class="indexterm" name="id2559187"></a> 217 217 Aggregate input/output loads should be considered for sizing network configuration as 218 218 well as disk subsystems. For network bandwidth calculations, one would typically use an … … 223 223 switched ports. 224 224 </p><p> 225 <a class="indexterm" name="id25 65290"></a>226 <a class="indexterm" name="id25 65297"></a>225 <a class="indexterm" name="id2559206"></a> 226 <a class="indexterm" name="id2559212"></a> 227 227 Considering the choice of 1 Gb Ethernet interfaces for the two local network segments, 228 228 the aggregate network I/O capacity will be 2100 Mb/sec (about 230 MB/sec), an I/O … … 256 256 Recommended Storage: 908 GBytes 257 257 </pre></div></div><p><br class="example-break"> 258 <a class="indexterm" name="id25 65354"></a>258 <a class="indexterm" name="id2559270"></a> 259 259 The preferred storage capacity should be approximately 1 Terabyte. Use of RAID level 5 260 260 with two hot spare drives would require an 8-drive by 200 GB capacity per drive array. 261 </p></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id2565367"></a>Political Issues</h3></div></div></div><p>261 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2559282"></a>Political Issues</h3></div></div></div><p> 262 262 Your industry is coming under increasing accountability pressures. Increased paranoia 263 263 is necessary so you can demonstrate that you have acted with due diligence. You must … … 268 268 gives you greater control over software licensing. 269 269 </p><p> 270 <a class="indexterm" name="id25 65388"></a>270 <a class="indexterm" name="id2559304"></a> 271 271 You are well aware that the current configuration results in some performance issues 272 272 as the size of the desktop profile grows. Given that users use Microsoft Outlook 273 273 Express, you know that the storage implications of the <code class="constant">.PST</code> file 274 274 is something that needs to be addressed later. 275 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565406"></a>Implementation</h2></div></div></div><p>275 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2559322"></a>Implementation</h2></div></div></div><p> 276 276 <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">“Abmas Network Topology 130 Users”</a> demonstrates the overall design of the network that you will implement. 277 277 </p><p> … … 284 284 </p><p> 285 285 The <code class="filename">smb.conf</code> file has the following noteworthy features: 286 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>286 </p><div class="itemizedlist"><ul type="disc"><li><p> 287 287 The NetBIOS name of the Samba server is set to <code class="constant">DIAMOND</code>. 288 </p></li><li class="listitem"><p>288 </p></li><li><p> 289 289 The Domain name is set to <code class="constant">PROMISES</code>. 290 </p></li><li class="listitem"><p>291 <a class="indexterm" name="id25 65463"></a>292 <a class="indexterm" name="id25 65470"></a>293 <a class="indexterm" name="id25 65476"></a>290 </p></li><li><p> 291 <a class="indexterm" name="id2559379"></a> 292 <a class="indexterm" name="id2559385"></a> 293 <a class="indexterm" name="id2559391"></a> 294 294 Ethernet interface <code class="constant">eth0</code> is attached to the Internet connection 295 295 and is externally exposed. This interface is explicitly not available for Samba to use. … … 298 298 This is achieved by way of the <em class="parameter"><code>interfaces</code></em> parameter and the 299 299 <em class="parameter"><code>bind interfaces only</code></em> entry. 300 </p></li><li class="listitem"><p>301 <a class="indexterm" name="id25 65509"></a>302 <a class="indexterm" name="id25 65515"></a>303 <a class="indexterm" name="id25 65521"></a>300 </p></li><li><p> 301 <a class="indexterm" name="id2559424"></a> 302 <a class="indexterm" name="id2559430"></a> 303 <a class="indexterm" name="id2559437"></a> 304 304 The <em class="parameter"><code>passdb backend</code></em> parameter specifies the creation and use 305 305 of the <code class="constant">tdbsam</code> password backend. This is a binary database that 306 306 has excellent scalability for a large number of user account entries. 307 </p></li><li class="listitem"><p>308 <a class="indexterm" name="id25 65543"></a>309 <a class="indexterm" name="id25 65550"></a>310 <a class="indexterm" name="id25 65556"></a>307 </p></li><li><p> 308 <a class="indexterm" name="id2559459"></a> 309 <a class="indexterm" name="id2559465"></a> 310 <a class="indexterm" name="id2559471"></a> 311 311 WINS serving is enabled by the <a class="link" href="smb.conf.5.html#WINSSUPPORT" target="_top">wins support = Yes</a>, 312 312 and name resolution is set to use it by means of the 313 313 <a class="link" href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">name resolve order = wins bcast hosts</a> entry. 314 </p></li><li class="listitem"><p>315 <a class="indexterm" name="id25 65585"></a>314 </p></li><li><p> 315 <a class="indexterm" name="id2559501"></a> 316 316 The Samba server is configured for use by Windows clients as a time server. 317 </p></li><li class="listitem"><p>318 <a class="indexterm" name="id25 65597"></a>319 <a class="indexterm" name="id25 65604"></a>320 <a class="indexterm" name="id25 65610"></a>317 </p></li><li><p> 318 <a class="indexterm" name="id2559513"></a> 319 <a class="indexterm" name="id2559519"></a> 320 <a class="indexterm" name="id2559525"></a> 321 321 Samba is configured to directly interface with CUPS via the direct internal interface 322 322 that is provided by CUPS libraries. This is achieved with the 323 323 <a class="link" href="smb.conf.5.html#PRINTING" target="_top">printing = CUPS</a> as well as the 324 324 <a class="link" href="smb.conf.5.html#PRINTCAPNAME" target="_top">printcap name = CUPS</a> entries. 325 </p></li><li class="listitem"><p>326 <a class="indexterm" name="id25 65640"></a>327 <a class="indexterm" name="id25 65647"></a>328 <a class="indexterm" name="id25 65653"></a>325 </p></li><li><p> 326 <a class="indexterm" name="id2559556"></a> 327 <a class="indexterm" name="id2559562"></a> 328 <a class="indexterm" name="id2559568"></a> 329 329 External interface scripts are provided to enable Samba to interface smoothly to 330 330 essential operating system functions for user and group management. This is important … … 334 334 downloaded from the Microsoft FTP 335 335 <a class="ulink" href="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" target="_top">site</a>. 336 </p></li><li class="listitem"><p>337 <a class="indexterm" name="id25 65682"></a>336 </p></li><li><p> 337 <a class="indexterm" name="id2559598"></a> 338 338 The <code class="filename">smb.conf</code> file specifies that the Samba server will operate in (default) <em class="parameter"><code> 339 security = user</code></em> mode<sup>[<a name="id25 65700" href="#ftn.id2565700" class="footnote">5</a>]</sup>339 security = user</code></em> mode<sup>[<a name="id2559616" href="#ftn.id2559616" class="footnote">5</a>]</sup> 340 340 (User Mode). 341 </p></li><li class="listitem"><p>342 <a class="indexterm" name="id25 65717"></a>343 <a class="indexterm" name="id25 65723"></a>341 </p></li><li><p> 342 <a class="indexterm" name="id2559632"></a> 343 <a class="indexterm" name="id2559639"></a> 344 344 Domain logon services as well as a Domain logon script are specified. The logon script 345 345 will be used to add robustness to the overall network configuration. 346 </p></li><li class="listitem"><p>347 <a class="indexterm" name="id25 65736"></a>348 <a class="indexterm" name="id25 65743"></a>349 <a class="indexterm" name="id25 65749"></a>346 </p></li><li><p> 347 <a class="indexterm" name="id2559652"></a> 348 <a class="indexterm" name="id2559658"></a> 349 <a class="indexterm" name="id2559665"></a> 350 350 Roaming profiles are enabled through the specification of the parameter, 351 351 <a class="link" href="smb.conf.5.html#LOGONPATH" target="_top">logon path = \\%L\profiles\%U</a>. The value of this parameter translates the … … 356 356 profile share for each user. This directory must be owned by the user also. An exception to this 357 357 requirement is when a profile is created for group use. 358 </p></li><li class="listitem"><p>359 <a class="indexterm" name="id25 65789"></a>360 <a class="indexterm" name="id25 65795"></a>358 </p></li><li><p> 359 <a class="indexterm" name="id2559705"></a> 360 <a class="indexterm" name="id2559711"></a> 361 361 Precautionary veto is effected for particular Windows file names that have been targeted by 362 362 virus-related activity. Additionally, Microsoft Office files are vetoed from opportunistic locking 363 363 controls. This should help to prevent lock contention-related file access problems. 364 </p></li><li class="listitem"><p>364 </p></li><li><p> 365 365 Every user has a private home directory on the UNIX/Linux host. This is mapped to 366 366 a network drive that is the same for all users. 367 367 </p></li></ul></div><p> 368 368 The configuration of the server is the most complex so far. The following steps are used: 369 </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>369 </p><div class="orderedlist"><ol type="1"><li><p> 370 370 Basic System Configuration 371 </p></li><li class="listitem"><p>371 </p></li><li><p> 372 372 Samba Configuration 373 </p></li><li class="listitem"><p>373 </p></li><li><p> 374 374 DHCP and DNS Server Configuration 375 </p></li><li class="listitem"><p>375 </p></li><li><p> 376 376 Printer Configuration 377 </p></li><li class="listitem"><p>377 </p></li><li><p> 378 378 Process Start-up Configuration 379 </p></li><li class="listitem"><p>379 </p></li><li><p> 380 380 Validation 381 </p></li><li class="listitem"><p>381 </p></li><li><p> 382 382 Application Share Configuration 383 </p></li><li class="listitem"><p>383 </p></li><li><p> 384 384 Windows Client Configuration 385 385 </p></li></ol></div><p> 386 386 The following sections cover each step in logical and defined detail. 387 </p><div class="sect2" title="Basic System Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4bsc"></a>Basic System Configuration</h3></div></div></div><p>388 <a class="indexterm" name="id25 65881"></a>387 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4bsc"></a>Basic System Configuration</h3></div></div></div><p> 388 <a class="indexterm" name="id2559796"></a> 389 389 The preparation in this section assumes that your SUSE Enterprise Linux Server 8.0 system has been 390 390 freshly installed. It prepares basic files so that the system is ready for comprehensive 391 391 operation in line with the network diagram shown in <a class="link" href="secure.html#ch04net" title="Figure 3.1. Abmas Network Topology 130 Users">“Abmas Network Topology 130 Users”</a>. 392 </p><div class="procedure" title="Procedure 3.1. Server Configuration Steps"><a name="id2565897"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>393 <a class="indexterm" name="id25 65908"></a>392 </p><div class="procedure"><a name="id2559813"></a><p class="title"><b>Procedure 3.1. Server Configuration Steps</b></p><ol type="1"><li><p> 393 <a class="indexterm" name="id2559823"></a> 394 394 Using the UNIX/Linux system tools, name the server <code class="constant">server.abmas.us</code>. 395 395 Verify that your hostname is correctly set by running: … … 403 403 server.abmas.us 404 404 </pre><p> 405 </p></li><li class="step" title="Step 2"><p>406 <a class="indexterm" name="id25 65948"></a>407 <a class="indexterm" name="id25 65954"></a>405 </p></li><li><p> 406 <a class="indexterm" name="id2559863"></a> 407 <a class="indexterm" name="id2559870"></a> 408 408 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses 409 409 of all network interfaces that are on the host server. This is necessary so that during … … 426 426 192.168.2.30 hplj6f.abmas.biz hplj6f 427 427 </pre><p> 428 <a class="indexterm" name="id25 66005"></a>429 <a class="indexterm" name="id25 66012"></a>430 <a class="indexterm" name="id25 66018"></a>428 <a class="indexterm" name="id2559921"></a> 429 <a class="indexterm" name="id2559927"></a> 430 <a class="indexterm" name="id2559933"></a> 431 431 The printer entries are not necessary if <code class="literal">named</code> is started prior to 432 432 startup of <code class="literal">cupsd</code>, the CUPS daemon. 433 </p></li><li class="step" title="Step 3"><p>434 <a class="indexterm" name="id25 66042"></a>435 <a class="indexterm" name="id25 66049"></a>436 <a class="indexterm" name="id25 66055"></a>433 </p></li><li><p> 434 <a class="indexterm" name="id2559958"></a> 435 <a class="indexterm" name="id2559964"></a> 436 <a class="indexterm" name="id2559970"></a> 437 437 The host server is acting as a router between the two internal network segments as well 438 438 as for all Internet access. This necessitates that IP forwarding be enabled. This can be … … 443 443 To ensure that your kernel is capable of IP forwarding during configuration, you may 444 444 wish to execute that command manually also. This setting permits the Linux system to 445 act as a router.<sup>[<a name="id25 66081" href="#ftn.id2566081" class="footnote">6</a>]</sup>446 </p></li><li class="step" title="Step 4"><p>447 <a class="indexterm" name="id256 6094"></a>448 <a class="indexterm" name="id256 6100"></a>445 act as a router.<sup>[<a name="id2559997" href="#ftn.id2559997" class="footnote">6</a>]</sup> 446 </p></li><li><p> 447 <a class="indexterm" name="id2560009"></a> 448 <a class="indexterm" name="id2560016"></a> 449 449 Installation of a basic firewall and NAT facility is necessary. 450 450 The following script can be installed in the <code class="filename">/usr/local/sbin</code> … … 498 498 echo -e "\nNAT firewall done.\n" 499 499 </pre></div></div><p><br class="example-break"> 500 </p></li><li class="step" title="Step 5"><p>500 </p></li><li><p> 501 501 Execute the following to make the script executable: 502 502 </p><pre class="screen"> … … 525 525 </pre><p> 526 526 </p></li></ol></div><p> 527 <a class="indexterm" name="id256 6239"></a>527 <a class="indexterm" name="id2560155"></a> 528 528 The server is now ready for Samba configuration. During the validation step, you remove 529 529 the entry for the Samba server <code class="constant">diamond</code> from the <code class="filename">/etc/hosts</code> 530 530 file. This is done after you are satisfied that DNS-based name resolution is functioning correctly. 531 </p></div><div class="sect2" title="Samba Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="id2566260"></a>Samba Configuration</h3></div></div></div><p>531 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2560176"></a>Samba Configuration</h3></div></div></div><p> 532 532 When you have completed this section, the Samba server is ready for testing and validation; 533 533 however, testing and validation have to wait until DHCP, DNS, and printing (CUPS) services have 534 534 been configured. 535 </p><div class="procedure" title="Procedure 3.2. Samba Configuration Steps"><a name="id2566272"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>535 </p><div class="procedure"><a name="id2560188"></a><p class="title"><b>Procedure 3.2. Samba Configuration Steps</b></p><ol type="1"><li><p> 536 536 Install the Samba-3 binary RPM from the Samba-Team FTP site. Assuming that the binary 537 537 RPM file is called <code class="filename">samba-3.0.20-1.i386.rpm</code>, one way to install this … … 543 543 Successful operation is clearly indicated. If this installation should fail for any reason, 544 544 refer to the operating system manufacturer's documentation for guidance. 545 </p></li><li class="step" title="Step 2"><p>545 </p></li><li><p> 546 546 Install the <code class="filename">smb.conf</code> file shown in <a class="link" href="secure.html#promisnet" title="Example 3.4. 130 User Network with tdbsam [globals] Section">“130 User Network with tdbsam [globals] Section”</a>, <a class="link" href="secure.html#promisnetsvca" title="Example 3.5. 130 User Network with tdbsam Services Section Part A">“130 User Network with tdbsam Services Section Part A”</a>, 547 547 and <a class="link" href="secure.html#promisnetsvcb" title="Example 3.6. 130 User Network with tdbsam Services Section Part B">“130 User Network with tdbsam Services Section Part B”</a>. Concatenate (join) all three files to make a single <code class="filename">smb.conf</code> 548 548 file. The final, fully qualified path for this file should be <code class="filename">/etc/samba/smb.conf</code>. 549 549 550 </p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> [globals] Section</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2566378"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id2566388"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id2566399"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2566409"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566420"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2566430"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566440"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id2566451"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id2566463"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2566474"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566484"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2566495"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2566505"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2566516"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2566526"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2566537"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2566548"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566558"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2566569"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2566580"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2566591"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2566602"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2566614"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2566625"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2566636"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2566648"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2566660"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2566671"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2566682"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2566693"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2566703"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2566714"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566724"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566734"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566745"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566755"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566766"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2566776"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2566786"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2566798"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break">551 552 </p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part A</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2566837"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2566847"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2566858"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2566868"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2566887"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2566897"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2566908"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566918"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566928"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566939"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2566949"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2566968"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2566978"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2566989"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567000"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2567019"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2567029"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2567040"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2567050"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2567069"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2567080"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2567090"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break">553 554 </p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part B</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2567128"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2567139"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2567149"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2567168"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2567179"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2567190"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2567208"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2567219"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2567229"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567240"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break">555 </p></li><li class="step" title="Step 3"><p>556 <a class="indexterm" name="id256 7257"></a><a class="indexterm" name="id2567262"></a>550 </p><div class="example"><a name="promisnet"></a><p class="title"><b>Example 3.4. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> [globals] Section</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2560294"></a><em class="parameter"><code>workgroup = PROMISES</code></em></td></tr><tr><td><a class="indexterm" name="id2560304"></a><em class="parameter"><code>netbios name = DIAMOND</code></em></td></tr><tr><td><a class="indexterm" name="id2560314"></a><em class="parameter"><code>interfaces = eth1, eth2, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2560325"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560335"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2560346"></a><em class="parameter"><code>pam password change = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560356"></a><em class="parameter"><code>passwd program = /usr/bin/passwd %u</code></em></td></tr><tr><td><a class="indexterm" name="id2560366"></a><em class="parameter"><code>passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed*</code></em></td></tr><tr><td><a class="indexterm" name="id2560378"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2560389"></a><em class="parameter"><code>unix password sync = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560400"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2560410"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2560421"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2560432"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2560442"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2560452"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2560464"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560474"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2560484"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2560496"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560507"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560518"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2560529"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2560541"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560552"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2560564"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2560575"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2560586"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2560597"></a><em class="parameter"><code>logon path = \\%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2560608"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2560619"></a><em class="parameter"><code>logon home = \\%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2560629"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560640"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560650"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560660"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560671"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560681"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2560692"></a><em class="parameter"><code>cups options = Raw</code></em></td></tr><tr><td><a class="indexterm" name="id2560702"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2560713"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr></table></div></div><p><br class="example-break"> 551 552 </p><div class="example"><a name="promisnetsvca"></a><p class="title"><b>Example 3.5. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part A</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2560752"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2560763"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2560773"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2560784"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2560802"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2560813"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2560823"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560834"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560844"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560854"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560865"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2560884"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2560894"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2560905"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2560915"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2560934"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2560945"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2560956"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2560966"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2560985"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2560995"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2561006"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><p><br class="example-break"> 553 554 </p><div class="example"><a name="promisnetsvcb"></a><p class="title"><b>Example 3.6. 130 User Network with <span class="emphasis"><em>tdbsam</em></span> Services Section Part B</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2561044"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2561054"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2561065"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2561084"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2561095"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2561105"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2561124"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2561134"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2561145"></a><em class="parameter"><code>read only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2561155"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr></table></div></div><p><br class="example-break"> 555 </p></li><li><p> 556 <a class="indexterm" name="id2561173"></a><a class="indexterm" name="id2561178"></a> 557 557 Add the <code class="constant">root</code> user to the password backend as follows: 558 558 </p><pre class="screen"> … … 566 566 deleted. If for any reason the account is deleted, you may not be able to recreate this account 567 567 without considerable trouble. 568 </p></li><li class="step" title="Step 4"><p>569 <a class="indexterm" name="id256 7306"></a>568 </p></li><li><p> 569 <a class="indexterm" name="id2561222"></a> 570 570 Create the username map file to permit the <code class="constant">root</code> account to be called 571 571 <code class="constant">Administrator</code> from the Windows network environment. To do this, create … … 593 593 #### 594 594 </pre><p> 595 </p></li><li class="step" title="Step 5"><p>596 <a class="indexterm" name="id256 7348"></a>597 <a class="indexterm" name="id256 7354"></a>598 <a class="indexterm" name="id256 7365"></a>599 <a class="indexterm" name="id256 7376"></a>595 </p></li><li><p> 596 <a class="indexterm" name="id2561264"></a> 597 <a class="indexterm" name="id2561270"></a> 598 <a class="indexterm" name="id2561281"></a> 599 <a class="indexterm" name="id2561291"></a> 600 600 Create and map Windows Domain Groups to UNIX groups. A sample script is provided in <a class="link" href="small.html" title="Chapter 2. Small Office Networking">“Small Office Networking”</a>, 601 601 <a class="link" href="small.html#initGrps" title="Example 2.1. Script to Map Windows NT Groups to UNIX Groups">“Script to Map Windows NT Groups to UNIX Groups”</a>. Create a file containing this script. We called ours … … 603 603 and then execute the script. Sample output should be as follows: 604 604 605 </p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id256 7413"></a><pre class="screen">605 </p><div class="example"><a name="ch4initGrps"></a><p class="title"><b>Example 3.7. Script to Map Windows NT Groups to UNIX Groups</b></p><div class="example-contents"><a class="indexterm" name="id2561329"></a><pre class="screen"> 606 606 #!/bin/bash 607 607 # … … 655 655 Users (S-1-5-32-545) -> -1 656 656 </pre><p> 657 </p></li><li class="step" title="Step 6"><p>658 <a class="indexterm" name="id256 7486"></a>659 <a class="indexterm" name="id256 7492"></a>660 <a class="indexterm" name="id256 7498"></a>661 <a class="indexterm" name="id256 7505"></a>662 <a class="indexterm" name="id256 7511"></a>663 <a class="indexterm" name="id256 7517"></a>664 <a class="indexterm" name="id256 7526"></a>657 </p></li><li><p> 658 <a class="indexterm" name="id2561402"></a> 659 <a class="indexterm" name="id2561408"></a> 660 <a class="indexterm" name="id2561414"></a> 661 <a class="indexterm" name="id2561420"></a> 662 <a class="indexterm" name="id2561427"></a> 663 <a class="indexterm" name="id2561433"></a> 664 <a class="indexterm" name="id2561441"></a> 665 665 There is one preparatory step without which you will not have a working Samba 666 666 network environment. You must add an account for each network user. … … 686 686 </pre><p> 687 687 You do of course use a valid user login ID in place of <em class="parameter"><code>username</code></em>. 688 </p></li><li class="step" title="Step 7"><p>689 <a class="indexterm" name="id256 7630"></a>690 <a class="indexterm" name="id256 7638"></a>691 <a class="indexterm" name="id256 7647"></a>688 </p></li><li><p> 689 <a class="indexterm" name="id2561546"></a> 690 <a class="indexterm" name="id2561554"></a> 691 <a class="indexterm" name="id2561562"></a> 692 692 Using the preferred tool for your UNIX system, add each user to the UNIX groups created 693 693 previously as necessary. File system access control will be based on UNIX group membership. 694 </p></li><li class="step" title="Step 8"><p>694 </p></li><li><p> 695 695 Create the directory mount point for the disk subsystem that can be mounted to provide 696 696 data storage for company files. In this case the mount point is indicated in the <code class="filename">smb.conf</code> 697 697 file is <code class="filename">/data</code>. Format the file system as required, and mount the formatted 698 698 file system partition using appropriate system tools. 699 </p></li><li class="step" title="Step 9"><p>700 <a class="indexterm" name="id256 7686"></a>699 </p></li><li><p> 700 <a class="indexterm" name="id2561602"></a> 701 701 Create the top-level file storage directories for data and applications as follows: 702 702 </p><pre class="screen"> … … 715 715 The <code class="filename">/apps</code> directory is the root of the <code class="constant">apps</code> share 716 716 that provides the application server infrastructure. 717 </p></li><li class="step" title="Step 10"><p>717 </p></li><li><p> 718 718 The <code class="filename">smb.conf</code> file specifies an infrastructure to support roaming profiles and network 719 719 logon services. You can now create the file system infrastructure to provide the … … 738 738 <code class="prompt">root# </code> chmod ug+wrx,o+rx,-w /var/lib/samba/profiles/'username' 739 739 </pre><p> 740 </p></li><li class="step" title="Step 11"><p>741 <a class="indexterm" name="id256 7880"></a>742 <a class="indexterm" name="id256 7886"></a>743 <a class="indexterm" name="id256 7892"></a>740 </p></li><li><p> 741 <a class="indexterm" name="id2561796"></a> 742 <a class="indexterm" name="id2561802"></a> 743 <a class="indexterm" name="id2561808"></a> 744 744 Create a logon script. It is important that each line is correctly terminated with 745 745 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure … … 757 757 > /var/lib/samba/netlogon/scripts/logon.bat 758 758 </pre><p> 759 </p></li></ol></div></div><div class="sect2" title="Configuration of DHCP and DNS Servers"><div class="titlepage"><div><div><h3 class="title"><a name="ch4dhcpdns"></a>Configuration of DHCP and DNS Servers</h3></div></div></div><p>759 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4dhcpdns"></a>Configuration of DHCP and DNS Servers</h3></div></div></div><p> 760 760 DHCP services are a basic component of the entire network client installation. DNS operation is 761 761 foundational to Internet access as well as to trouble-free operation of local networking. When 762 762 you have completed this section, the server should be ready for solid duty operation. 763 </p><div class="procedure" title="Procedure 3.3. DHCP and DNS Server Configuration Steps"><a name="id2567964"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>764 <a class="indexterm" name="id256 7975"></a>763 </p><div class="procedure"><a name="id2561878"></a><p class="title"><b>Procedure 3.3. DHCP and DNS Server Configuration Steps</b></p><ol type="1"><li><p> 764 <a class="indexterm" name="id2561890"></a> 765 765 Create a file called <code class="filename">/etc/dhcpd.conf</code> with the contents as 766 766 shown in <a class="link" href="secure.html#prom-dhcp" title="Example 3.8. DHCP Server Configuration File /etc/dhcpd.conf">“DHCP Server Configuration File /etc/dhcpd.conf”</a>. … … 812 812 } 813 813 </pre></div></div><p><br class="example-break"> 814 </p></li><li class="step" title="Step 2"><p>815 <a class="indexterm" name="id256 8050"></a>814 </p></li><li><p> 815 <a class="indexterm" name="id2561965"></a> 816 816 Create a file called <code class="filename">/etc/named.conf</code> that has the combined contents 817 817 of the <a class="link" href="secure.html#ch4namedcfg" title="Example 3.9. DNS Master Configuration File /etc/named.conf Master Section">“DNS Master Configuration File /etc/named.conf Master Section”</a>, <a class="link" href="secure.html#ch4namedvarfwd" title="Example 3.10. DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section">“DNS Master Configuration File /etc/named.conf Forward Lookup Definition Section”</a>, and 818 818 <a class="link" href="secure.html#ch4namedvarrev" title="Example 3.11. DNS Master Configuration File /etc/named.conf Reverse Lookup Definition Section">“DNS Master Configuration File /etc/named.conf Reverse Lookup Definition Section”</a> files that are concatenated (merged) in this 819 819 specific order. 820 </p></li><li class="step" title="Step 3"><p>820 </p></li><li><p> 821 821 Create the files shown in their respective directories as shown in <a class="link" href="secure.html#namedrscfiles" title="Table 3.2. DNS (named) Resource Files">DNS 822 822 (named) Resource Files</a>. … … 824 824 </p><div class="table"><a name="namedrscfiles"></a><p class="title"><b>Table 3.2. DNS (named) Resource Files</b></p><div class="table-contents"><table summary="DNS (named) Resource Files" border="1"><colgroup><col align="left"><col align="left"></colgroup><thead><tr><th align="left">Reference</th><th align="left">File Location</th></tr></thead><tbody><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left">/var/lib/named/localhost.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left">/var/lib/named/127.0.0.zone</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left">/var/lib/named/root.hint</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">“DNS Abmas.biz Forward Zone File”</a></td><td align="left">/var/lib/named/master/abmas.biz.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#abmasus" title="Example 3.15. DNS Abmas.us Forward Zone File">“DNS Abmas.us Forward Zone File”</a></td><td align="left">/var/lib/named/abmas.us.hosts</td></tr><tr><td align="left"><a class="link" href="secure.html#eth1zone" title="Example 3.12. DNS 192.168.1 Reverse Zone File">“DNS 192.168.1 Reverse Zone File”</a></td><td align="left">/var/lib/named/192.168.1.0.rev</td></tr><tr><td align="left"><a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">“DNS 192.168.2 Reverse Zone File”</a></td><td align="left">/var/lib/named/192.168.2.0.rev</td></tr></tbody></table></div></div><p><br class="table-break"> 825 825 826 </p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id256 8260"></a><pre class="screen">826 </p><div class="example"><a name="ch4namedcfg"></a><p class="title"><b>Example 3.9. DNS Master Configuration File <code class="filename">/etc/named.conf</code> Master Section</b></p><div class="example-contents"><a class="indexterm" name="id2562175"></a><pre class="screen"> 827 827 ### 828 828 # Abmas Biz DNS Control File … … 1008 1008 </pre></div></div><p><br class="example-break"> 1009 1009 1010 </p></li><li class="step" title="Step 4"><p>1011 <a class="indexterm" name="id256 8474"></a><a class="indexterm" name="id2568479"></a>1010 </p></li><li><p> 1011 <a class="indexterm" name="id2562388"></a><a class="indexterm" name="id2562394"></a> 1012 1012 All DNS name resolution should be handled locally. To ensure that the server is configured 1013 1013 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> to have the following … … 1018 1018 nameserver 123.45.54.23 1019 1019 </pre><p> 1020 <a class="indexterm" name="id256 8504"></a>1020 <a class="indexterm" name="id2562419"></a> 1021 1021 This instructs the name resolver function (when configured correctly) to ask the DNS server 1022 1022 that is running locally to resolve names to addresses. In the event that the local name server 1023 1023 is not available, ask the name server provided by the ISP. The latter, of course, does not resolve 1024 1024 purely local names to IP addresses. 1025 </p></li><li class="step" title="Step 5"><p>1026 <a class="indexterm" name="id256 8525"></a>1025 </p></li><li><p> 1026 <a class="indexterm" name="id2562440"></a> 1027 1027 The final step is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 1028 1028 This file controls the operation of the various resolver libraries that are part of the Linux … … 1036 1036 processing system. Then you can configure the server so that all services 1037 1037 start automatically on reboot. You must also manually start all services prior to validation testing. 1038 </p></div><div class="sect2" title="Printer Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4ptrcfg"></a>Printer Configuration</h3></div></div></div><p>1038 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4ptrcfg"></a>Printer Configuration</h3></div></div></div><p> 1039 1039 Network administrators who are new to CUPS based-printing typically experience some difficulty mastering 1040 1040 its powerful features. The steps outlined in this section are designed to navigate around the distractions … … 1043 1043 submitted to it. In other words, our configuration turns CUPS into a raw-mode print queue. This means that 1044 1044 the correct printer driver must be installed on all clients. 1045 </p><div class="procedure" title="Procedure 3.4. Printer Configuration Steps"><a name="id2568584"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>1045 </p><div class="procedure"><a name="id2562499"></a><p class="title"><b>Procedure 3.4. Printer Configuration Steps</b></p><ol type="1"><li><p> 1046 1046 Configure each printer to be a DHCP client, carefully following the manufacturer's guidelines. 1047 </p></li><li class="step" title="Step 2"><p>1047 </p></li><li><p> 1048 1048 Follow the instructions in the printer manufacturer's manuals to permit printing to port 9100. 1049 1049 Use any other port the manufacturer specifies for direct-mode raw printing, and adjust the 1050 1050 port as necessary in the following example commands. 1051 1051 This allows the CUPS spooler to print using raw mode protocols. 1052 <a class="indexterm" name="id256 8610"></a>1053 <a class="indexterm" name="id256 8616"></a>1054 </p></li><li class="step" title="Step 3"><p>1055 <a class="indexterm" name="id256 8630"></a><a class="indexterm" name="id2568638"></a>1052 <a class="indexterm" name="id2562524"></a> 1053 <a class="indexterm" name="id2562531"></a> 1054 </p></li><li><p> 1055 <a class="indexterm" name="id2562545"></a><a class="indexterm" name="id2562553"></a> 1056 1056 Configure the CUPS Print Queues as follows: 1057 1057 </p><pre class="screen"> … … 1061 1061 <code class="prompt">root# </code> lpadmin -p hplj6f -v socket://hplj6f.abmas.biz:9100 -E 1062 1062 </pre><p> 1063 <a class="indexterm" name="id256 8681"></a>1063 <a class="indexterm" name="id2562596"></a> 1064 1064 This creates the necessary print queues with no assigned print filter. 1065 </p></li><li class="step" title="Step 4"><p><a class="indexterm" name="id2568696"></a>1065 </p></li><li><p><a class="indexterm" name="id2562610"></a> 1066 1066 Print queues may not be enabled at creation. Use <code class="literal">lpc stat</code> to check 1067 1067 the status of the print queues and, if necessary, make certain that the queues you have … … 1073 1073 <code class="prompt">root# </code> /usr/bin/enable hplj6f 1074 1074 </pre><p> 1075 </p></li><li class="step" title="Step 5"><p><a class="indexterm" name="id2568750"></a>1075 </p></li><li><p><a class="indexterm" name="id2562665"></a> 1076 1076 Even though your print queues may be enabled, it is still possible that they 1077 1077 are not accepting print jobs. A print queue services incoming printing … … 1084 1084 <code class="prompt">root# </code> /usr/sbin/accept hplj6f 1085 1085 </pre><p> 1086 </p></li><li class="step" title="Step 6"><p>1087 <a class="indexterm" name="id256 8801"></a>1088 <a class="indexterm" name="id256 8808"></a>1089 <a class="indexterm" name="id256 8815"></a>1086 </p></li><li><p> 1087 <a class="indexterm" name="id2562716"></a> 1088 <a class="indexterm" name="id2562723"></a> 1089 <a class="indexterm" name="id2562730"></a> 1090 1090 Edit the file <code class="filename">/etc/cups/mime.convs</code> to uncomment the line: 1091 1091 </p><pre class="screen"> 1092 1092 application/octet-stream application/vnd.cups-raw 0 - 1093 1093 </pre><p> 1094 </p></li><li class="step" title="Step 7"><p>1095 <a class="indexterm" name="id256 8843"></a>1094 </p></li><li><p> 1095 <a class="indexterm" name="id2562758"></a> 1096 1096 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line: 1097 1097 </p><pre class="screen"> 1098 1098 application/octet-stream 1099 1099 </pre><p> 1100 </p></li><li class="step" title="Step 8"><p>1100 </p></li><li><p> 1101 1101 Printing drivers are installed on each network client workstation. 1102 1102 </p></li></ol></div><p> … … 1105 1105 </p><p> 1106 1106 The UNIX system print queues have been configured and are ready for validation testing. 1107 </p></div><div class="sect2" title="Process Startup Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="procstart"></a>Process Startup Configuration</h3></div></div></div><p>1108 <a class="indexterm" name="id256 8908"></a>1107 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="procstart"></a>Process Startup Configuration</h3></div></div></div><p> 1108 <a class="indexterm" name="id2562823"></a> 1109 1109 There are two essential steps to process startup configuration. First, the process 1110 1110 must be configured so that it automatically restarts each time the server … … 1115 1115 necessary start or kill script is run. 1116 1116 </p><p> 1117 <a class="indexterm" name="id256 8944"></a>1118 <a class="indexterm" name="id256 8950"></a>1119 <a class="indexterm" name="id256 8957"></a>1120 <a class="indexterm" name="id256 8964"></a>1121 <a class="indexterm" name="id256 8971"></a>1117 <a class="indexterm" name="id2562858"></a> 1118 <a class="indexterm" name="id2562865"></a> 1119 <a class="indexterm" name="id2562872"></a> 1120 <a class="indexterm" name="id2562879"></a> 1121 <a class="indexterm" name="id2562886"></a> 1122 1122 In the event that a service is not run as a daemon, but via the internetworking 1123 1123 super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code> … … 1127 1127 </p><p> 1128 1128 Last, each service must be started to permit system validation to proceed. 1129 </p><div class="procedure"><ol class="procedure" type="1"><li class="step" title="Step 1"><p>1129 </p><div class="procedure"><ol type="1"><li><p> 1130 1130 Use the standard system tool to configure each service to restart 1131 1131 automatically at every system reboot. For example, 1132 <a class="indexterm" name="id256 9022"></a>1132 <a class="indexterm" name="id2562937"></a> 1133 1133 </p><pre class="screen"> 1134 1134 <code class="prompt">root# </code> chkconfig dhpcd on … … 1137 1137 <code class="prompt">root# </code> chkconfig smb on 1138 1138 </pre><p> 1139 </p></li><li class="step" title="Step 2"><p>1140 <a class="indexterm" name="id256 9066"></a>1141 <a class="indexterm" name="id256 9073"></a>1142 <a class="indexterm" name="id256 9080"></a>1139 </p></li><li><p> 1140 <a class="indexterm" name="id2562981"></a> 1141 <a class="indexterm" name="id2562988"></a> 1142 <a class="indexterm" name="id2562995"></a> 1143 1143 Now start each service to permit the system to be validated. 1144 1144 Execute each of the following in the sequence shown: … … 1150 1150 <code class="prompt">root# </code> /etc/rc.d/init.d/smb restart 1151 1151 </pre><p> 1152 </p></li></ol></div></div><div class="sect2" title="Validation"><div class="titlepage"><div><div><h3 class="title"><a name="ch4valid"></a>Validation</h3></div></div></div><p>1153 <a class="indexterm" name="id256 9134"></a>1152 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4valid"></a>Validation</h3></div></div></div><p> 1153 <a class="indexterm" name="id2563049"></a> 1154 1154 Complex networking problems are most often caused by simple things that are poorly or incorrectly 1155 1155 configured. The validation process adopted here should be followed carefully; it is the result of the … … 1161 1161 Later in this book you learn how to make users happier. For now, it is enough to learn to 1162 1162 validate. Let's get on with it. 1163 </p><div class="procedure" title="Procedure 3.5. Server Validation Steps"><a name="id2569157"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>1164 <a class="indexterm" name="id256 9168"></a>1163 </p><div class="procedure"><a name="id2563072"></a><p class="title"><b>Procedure 3.5. Server Validation Steps</b></p><ol type="1"><li><p> 1164 <a class="indexterm" name="id2563083"></a> 1165 1165 One of the most important facets of Samba configuration is to ensure that 1166 1166 name resolution functions correctly. You can check name resolution … … 1187 1187 This proves that name resolution via the <code class="filename">/etc/hosts</code> file 1188 1188 is working. 1189 </p></li><li class="step" title="Step 2"><p>1190 <a class="indexterm" name="id256 9237"></a>1189 </p></li><li><p> 1190 <a class="indexterm" name="id2563152"></a> 1191 1191 So far, your installation is going particularly well. In this step we validate 1192 1192 DNS server and name resolution operation. Using your favorite UNIX system editor, … … 1196 1196 hosts: dns 1197 1197 </pre><p> 1198 </p></li><li class="step" title="Step 3"><p>1199 <a class="indexterm" name="id256 9270"></a>1198 </p></li><li><p> 1199 <a class="indexterm" name="id2563185"></a> 1200 1200 Before you test DNS operation, it is a good idea to verify that the DNS server 1201 1201 is running by executing the following: … … 1211 1211 </pre><p> 1212 1212 This means that we are ready to check DNS operation. Do so by executing: 1213 <a class="indexterm" name="id256 9300"></a>1213 <a class="indexterm" name="id2563215"></a> 1214 1214 </p><pre class="screen"> 1215 1215 <code class="prompt">root# </code> ping diamond … … 1227 1227 sleeth1.abmas.biz has address 192.168.1.1 1228 1228 </pre><p> 1229 <a class="indexterm" name="id256 9339"></a>1229 <a class="indexterm" name="id2563254"></a> 1230 1230 You may now remove the entry called <code class="constant">diamond</code> from the 1231 1231 <code class="filename">/etc/hosts</code> file. It does not hurt to leave it there, 1232 1232 but its removal reduces the number of administrative steps for this name. 1233 </p></li><li class="step" title="Step 4"><p>1234 <a class="indexterm" name="id256 9365"></a>1233 </p></li><li><p> 1234 <a class="indexterm" name="id2563279"></a> 1235 1235 WINS is a great way to resolve NetBIOS names to their IP address. You can test 1236 1236 the operation of WINS by starting <code class="literal">nmbd</code> (manually or by way … … 1251 1251 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.479 ms 1252 1252 </pre><p> 1253 <a class="indexterm" name="id256 9456"></a>1253 <a class="indexterm" name="id2563371"></a> 1254 1254 Now that you can relax with the knowledge that all three major forms of name 1255 1255 resolution to IP address resolution are working, edit the <code class="filename">/etc/nsswitch.conf</code> … … 1260 1260 </pre><p> 1261 1261 The system is looking good. Let's move on. 1262 </p></li><li class="step" title="Step 5"><p>1262 </p></li><li><p> 1263 1263 It would give you peace of mind to know that the DHCP server is running 1264 1264 and available for service. You can validate DHCP services by running: … … 1271 1271 This shows that the server is running. The proof of whether or not it is working 1272 1272 comes when you try to add the first DHCP client to the network. 1273 </p></li><li class="step" title="Step 6"><p>1274 <a class="indexterm" name="id256 9516"></a>1273 </p></li><li><p> 1274 <a class="indexterm" name="id2563431"></a> 1275 1275 This is a good point at which to start validating Samba operation. You are 1276 1276 content that name resolution is working for basic TCP/IP needs. Let's move on. … … 1343 1343 </pre><p> 1344 1344 Clear away all errors before proceeding. 1345 </p></li><li class="step" title="Step 7"><p>1346 <a class="indexterm" name="id256 9617"></a>1347 <a class="indexterm" name="id256 9624"></a>1348 <a class="indexterm" name="id256 9630"></a>1349 <a class="indexterm" name="id256 9637"></a>1345 </p></li><li><p> 1346 <a class="indexterm" name="id2563532"></a> 1347 <a class="indexterm" name="id2563539"></a> 1348 <a class="indexterm" name="id2563545"></a> 1349 <a class="indexterm" name="id2563552"></a> 1350 1350 Check that the Samba server is running: 1351 1351 </p><pre class="screen"> … … 1360 1360 </pre><p> 1361 1361 The <code class="literal">winbindd</code> daemon is running in split mode (normal), so there are also 1362 two instances<sup>[<a name="id256 9669" href="#ftn.id2569669" class="footnote">7</a>]</sup> of it.1363 </p></li><li class="step" title="Step 8"><p>1364 <a class="indexterm" name="id256 9699"></a>1365 <a class="indexterm" name="id256 9706"></a>1362 two instances<sup>[<a name="id2563584" href="#ftn.id2563584" class="footnote">7</a>]</sup> of it. 1363 </p></li><li><p> 1364 <a class="indexterm" name="id2563614"></a> 1365 <a class="indexterm" name="id2563621"></a> 1366 1366 Check that an anonymous connection can be made to the Samba server: 1367 1367 </p><pre class="screen"> … … 1394 1394 The <code class="constant">-U%</code> argument means to send a <code class="constant">NULL</code> username and 1395 1395 a <code class="constant">NULL</code> password. 1396 </p></li><li class="step" title="Step 9"><p>1397 <a class="indexterm" name="id256 9764"></a>1398 <a class="indexterm" name="id256 9771"></a>1399 <a class="indexterm" name="id256 9778"></a>1396 </p></li><li><p> 1397 <a class="indexterm" name="id2563679"></a> 1398 <a class="indexterm" name="id2563686"></a> 1399 <a class="indexterm" name="id2563693"></a> 1400 1400 Verify that each printer has the IP address assigned in the DHCP server configuration file. 1401 1401 The easiest way to do this is to ping the printer name. Immediately after the ping response … … 1412 1412 hplj6a (192.168.1.30) at 00:03:47:CB:81:E0 [ether] on eth0 1413 1413 </pre><p> 1414 <a class="indexterm" name="id256 9824"></a>1414 <a class="indexterm" name="id2563739"></a> 1415 1415 The MAC address <code class="constant">00:03:47:CB:81:E0</code> matches that specified for the 1416 1416 IP address from which the printer has responded and with the entry for it in the 1417 1417 <code class="filename">/etc/dhcpd.conf</code> file. Repeat this for each printer configured. 1418 </p></li><li class="step" title="Step 10"><p>1419 <a class="indexterm" name="id256 9853"></a>1418 </p></li><li><p> 1419 <a class="indexterm" name="id2563768"></a> 1420 1420 Make an authenticated connection to the server using the <code class="literal">smbclient</code> tool: 1421 1421 </p><pre class="screen"> … … 1435 1435 smb: \> q 1436 1436 </pre><p> 1437 </p></li><li class="step" title="Step 11"><p>1438 <a class="indexterm" name="id256 9910"></a>1437 </p></li><li><p> 1438 <a class="indexterm" name="id2563825"></a> 1439 1439 Your new server is connected to an Internet-accessible connection. Before you start 1440 1440 your firewall, you should run a port scanner against your system. You should repeat that … … 1510 1510 Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds 1511 1511 </pre><p> 1512 </p></li></ol></div></div><div class="sect2" title="Application Share Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4appscfg"></a>Application Share Configuration</h3></div></div></div><p>1513 <a class="indexterm" name="id25 70013"></a>1514 <a class="indexterm" name="id25 70020"></a>1512 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4appscfg"></a>Application Share Configuration</h3></div></div></div><p> 1513 <a class="indexterm" name="id2563928"></a> 1514 <a class="indexterm" name="id2563935"></a> 1515 1515 The use of an application server is a key mechanism by which desktop administration overheads 1516 1516 can be reduced. Check the application manual for your software to identify how best to … … 1520 1520 is typically not suited for administrative installation. Administratively installed software 1521 1521 permits one or more of the following installation choices: 1522 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1522 </p><div class="itemizedlist"><ul type="disc"><li><p> 1523 1523 Install software fully onto a workstation, storing data files on the same workstation. 1524 </p></li><li class="listitem"><p>1524 </p></li><li><p> 1525 1525 Install software fully onto a workstation with central network data file storage. 1526 </p></li><li class="listitem"><p>1526 </p></li><li><p> 1527 1527 Install software to run off a central application server with data files stored 1528 1528 on the local workstation. This is often called a minimum installation, or a 1529 1529 network client installation. 1530 </p></li><li class="listitem"><p>1530 </p></li><li><p> 1531 1531 Install software to run off a central application server with data files stored 1532 1532 on a central network share. This type of installation often prevents storage 1533 1533 of work files on the local workstation. 1534 1534 </p></li></ul></div><p> 1535 <a class="indexterm" name="id25 70072"></a>1535 <a class="indexterm" name="id2563987"></a> 1536 1536 A common application deployed in this environment is an office suite. 1537 1537 Enterprise editions of Microsoft Office XP Professional can be administratively installed … … 1550 1550 local disk space. In the latter case, when the applications are used, they load over the network. 1551 1551 </p><p> 1552 <a class="indexterm" name="id25 70109"></a>1553 <a class="indexterm" name="id25 70116"></a>1552 <a class="indexterm" name="id2564024"></a> 1553 <a class="indexterm" name="id2564031"></a> 1554 1554 Microsoft Office Service Packs can be unpacked to update an administrative share. This makes 1555 1555 it possible to update MS Office XP Professional for all users from a single installation … … 1560 1560 editing or by way of configuration options inside each Office XP Professional application. 1561 1561 </p><p> 1562 <a class="indexterm" name="id25 70138"></a>1562 <a class="indexterm" name="id2564053"></a> 1563 1563 OpenOffice.Org OpenOffice Version 1.1.0 can be installed locally. It can also 1564 1564 be installed to run off a network share. The latter is a most desirable solution for office-bound … … 1573 1573 share point. The full administrative OpenOffice share takes approximately 150 MB of disk 1574 1574 space. 1575 </p><div class="sect3" title="Comments Regarding Software Terms of Use"><div class="titlepage"><div><div><h4 class="title"><a name="id2570170"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p>1575 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2564084"></a>Comments Regarding Software Terms of Use</h4></div></div></div><p> 1576 1576 Many single-user products can be installed into an administrative share, but 1577 1577 personal versions of products such as Microsoft Office XP Professional do not permit this. … … 1597 1597 please do not use the software. 1598 1598 </p><p> 1599 <a class="indexterm" name="id25 70218"></a>1599 <a class="indexterm" name="id2564133"></a> 1600 1600 Samba is provided under the terms of the GNU GPL Version 2, a copy of which is provided 1601 1601 with the source code. 1602 </p></div></div><div class="sect2" title="Windows Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch4wincfg"></a>Windows Client Configuration</h3></div></div></div><p>1602 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch4wincfg"></a>Windows Client Configuration</h3></div></div></div><p> 1603 1603 Christine needs to roll out 130 new desktop systems. There is no doubt that she also needs 1604 1604 to reinstall many of the notebook computers that will be recycled for use with the new network … … 1607 1607 Ghost (enterprise edition) to replicate the staged machine to its target desktops. The same can 1608 1608 be done with notebook computers as long as they are identical or sufficiently similar. 1609 </p><div class="procedure" title="Procedure 3.6. Windows Client Configuration Procedure"><a name="sbewinclntprep"></a><p class="title"><b>Procedure 3.6. Windows Client Configuration Procedure</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>1610 <a class="indexterm" name="id25 70268"></a>1611 <a class="indexterm" name="id25 70275"></a>1609 </p><div class="procedure"><a name="sbewinclntprep"></a><p class="title"><b>Procedure 3.6. Windows Client Configuration Procedure</b></p><ol type="1"><li><p> 1610 <a class="indexterm" name="id2564183"></a> 1611 <a class="indexterm" name="id2564190"></a> 1612 1612 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 1613 1613 TCP/IP protocol configuration. DHCP configures all Windows clients to use the WINS Server 1614 1614 address that has been defined for the local subnet. 1615 </p></li><li class="step" title="Step 2"><p>1615 </p></li><li><p> 1616 1616 Join the Windows Domain <code class="constant">PROMISES</code>. Use the Domain Administrator 1617 1617 username <code class="constant">root</code> and the SMB password you assigned to this account. … … 1620 1620 Reboot the machine as prompted and then log on using the Domain Administrator account 1621 1621 (<code class="constant">root</code>). 1622 </p></li><li class="step" title="Step 3"><p>1622 </p></li><li><p> 1623 1623 Verify <code class="constant">DIAMOND</code> is visible in <span class="guimenu">My Network Places</span>, 1624 1624 that it is possible to connect to it and see the shares <span class="guimenuitem">accounts</span>, 1625 1625 <span class="guimenuitem">apps</span>, and <span class="guimenuitem">finsvcs</span>, and that it is 1626 1626 possible to open each share to reveal its contents. 1627 </p></li><li class="step" title="Step 4"><p>1627 </p></li><li><p> 1628 1628 Create a drive mapping to the <code class="constant">apps</code> share on the server <code class="constant">DIAMOND</code>. 1629 </p></li><li class="step" title="Step 5"><p>1629 </p></li><li><p> 1630 1630 Perform an administrative installation of each application to be used. Select the options 1631 1631 that you wish to use. Of course, you can choose to run applications over the network, correct? 1632 </p></li><li class="step" title="Step 6"><p>1632 </p></li><li><p> 1633 1633 Now install all applications to be installed locally. Typical tools include Adobe Acrobat, 1634 1634 NTP-based time synchronization software, drivers for specific local devices such as fingerprint 1635 1635 scanners, and the like. Probably the most significant application for local installation 1636 1636 is antivirus software. 1637 </p></li><li class="step" title="Step 7"><p>1637 </p></li><li><p> 1638 1638 Now install all four printers onto the staging system. The printers you install 1639 1639 include the accounting department HP LaserJet 6 and Minolta QMS Magicolor printers. You will … … 1641 1641 Install printers on each machine following the steps shown in the Windows client printer 1642 1642 preparation procedure below. 1643 </p></li><li class="step" title="Step 8"><p>1644 <a class="indexterm" name="id25 70413"></a>1643 </p></li><li><p> 1644 <a class="indexterm" name="id2564328"></a> 1645 1645 When you are satisfied that the staging systems are complete, use the appropriate procedure to 1646 1646 remove the client from the domain. Reboot the system and then log on as the local administrator 1647 1647 and clean out all temporary files stored on the system. Before shutting down, use the disk 1648 1648 defragmentation tool so that the file system is in optimal condition before replication. 1649 </p></li><li class="step" title="Step 9"><p>1649 </p></li><li><p> 1650 1650 Boot the workstation using the Norton (Symantec) Ghosting diskette (or CD-ROM) and image the 1651 1651 machine to a network share on the server. 1652 </p></li><li class="step" title="Step 10"><p>1653 <a class="indexterm" name="id25 70442"></a>1654 <a class="indexterm" name="id25 70452"></a>1652 </p></li><li><p> 1653 <a class="indexterm" name="id2564357"></a> 1654 <a class="indexterm" name="id2564366"></a> 1655 1655 You may now replicate the image to the target machines using the appropriate Norton Ghost 1656 1656 procedure. Make sure to use the procedure that ensures each machine has a unique 1657 1657 Windows security identifier (SID). When the installation of the disk image has completed, boot the PC. 1658 </p></li><li class="step" title="Step 11"><p>1658 </p></li><li><p> 1659 1659 Log on to the machine as the local Administrator (the only option), and join the machine to 1660 1660 the Domain, following the procedure set out in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">“A Collection of Useful Tidbits”</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">“Joining a Domain: Windows 200x/XP Professional”</a>. The system is now 1661 1661 ready for the user to log on, provided you have created a network logon account for that 1662 1662 user, of course. 1663 </p></li><li class="step" title="Step 12"><p>1663 </p></li><li><p> 1664 1664 Instruct all users to log on to the workstation using their assigned username and password. 1665 </p></li></ol></div><div class="procedure" title="Procedure 3.7. Windows Client Printer Preparation Procedure"><a name="sbewinclntptrprep"></a><p class="title"><b>Procedure 3.7. Windows Client Printer Preparation Procedure</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>1665 </p></li></ol></div><div class="procedure"><a name="sbewinclntptrprep"></a><p class="title"><b>Procedure 3.7. Windows Client Printer Preparation Procedure</b></p><ol type="1"><li><p> 1666 1666 Click <span class="guimenu">Start</span> → <span class="guimenuitem">Settings</span> → <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>. 1667 1667 Ensure that <span class="guimenuitem">Local printer</span> is selected. 1668 </p></li><li class="step" title="Step 2"><p>1668 </p></li><li><p> 1669 1669 Click <span class="guibutton">Next</span>. In the 1670 1670 <span class="guimenuitem">Manufacturer:</span> panel, select <code class="constant">HP</code>. 1671 1671 In the <span class="guimenuitem">Printers:</span> panel, select the printer called 1672 1672 <code class="constant">HP LaserJet 6</code>. Click <span class="guibutton">Next</span>. 1673 </p></li><li class="step" title="Step 3"><p>1673 </p></li><li><p> 1674 1674 In the <span class="guimenuitem">Available ports:</span> panel, select 1675 1675 <code class="constant">FILE:</code>. Accept the default printer name by clicking 1676 <span class="guibutton">Next</span>. When asked, <span class="quote">“<span class="quote">Would you like to print a1677 test page?,</span>” </span>click <span class="guimenuitem">No</span>. Click1676 <span class="guibutton">Next</span>. When asked, “<span class="quote">Would you like to print a 1677 test page?,</span>” click <span class="guimenuitem">No</span>. Click 1678 1678 <span class="guibutton">Finish</span>. 1679 </p></li><li class="step" title="Step 4"><p>1679 </p></li><li><p> 1680 1680 You may be prompted for the name of a file to print to. If so, close the 1681 1681 dialog panel. Right-click <span class="guiicon">HP LaserJet 6</span> → <span class="guimenuitem">Properties</span> → <span class="guisubmenu">Details (Tab)</span> → <span class="guimenuitem">Add Port</span>. 1682 </p></li><li class="step" title="Step 5"><p>1682 </p></li><li><p> 1683 1683 In the <span class="guimenuitem">Network</span> panel, enter the name of 1684 1684 the print queue on the Samba server as follows: <code class="constant">\\DIAMOND\hplj6a</code>. 1685 1685 Click <span class="guibutton">OK</span>+<span class="guibutton">OK</span> to complete the installation. 1686 </p></li><li class="step" title="Step 6"><p>1686 </p></li><li><p> 1687 1687 Repeat the printer installation steps above for both HP LaserJet 6 printers 1688 1688 as well as for both QMS Magicolor laser printers. 1689 </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id2570721"></a>Key Points Learned</h3></div></div></div><p>1689 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2564636"></a>Key Points Learned</h3></div></div></div><p> 1690 1690 How do you feel? You have built a capable network, a truly ambitious project. 1691 1691 Future network updates can be handled by 1692 1692 your staff. You must be a satisfied manager. Let's review the achievements. 1693 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>1693 </p><div class="itemizedlist"><ul type="disc"><li><p> 1694 1694 A simple firewall has been configured to protect the server in the event that 1695 1695 the ISP firewall service should fail. 1696 </p></li><li class="listitem"><p>1696 </p></li><li><p> 1697 1697 The Samba configuration uses measures to ensure that only local network users 1698 1698 can connect to SMB/CIFS services. 1699 </p></li><li class="listitem"><p>1699 </p></li><li><p> 1700 1700 Samba uses the new <code class="constant">tdbsam</code> passdb backend facility. 1701 1701 Considerable complexity was added to Samba functionality. 1702 </p></li><li class="listitem"><p>1702 </p></li><li><p> 1703 1703 A DHCP server was configured to implement dynamic DNS (DDNS) updates to the DNS 1704 1704 server. 1705 </p></li><li class="listitem"><p>1705 </p></li><li><p> 1706 1706 The DNS server was configured to permit DDNS only for local network clients. This 1707 1707 server also provides primary DNS services for the company Internet presence. 1708 </p></li><li class="listitem"><p>1708 </p></li><li><p> 1709 1709 You introduced an application server as well as the concept of cloning a Windows 1710 1710 client in order to effect improved standardization of desktops and to reduce 1711 1711 the costs of network management. 1712 </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2570783"></a>Questions and Answers</h2></div></div></div><p>1713 </p><div class="qandaset" title="Frequently Asked Questions"><a name="id2570793"></a><dl><dt>1. <a href="secure.html#id2570799">1712 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2564698"></a>Questions and Answers</h2></div></div></div><p> 1713 </p><div class="qandaset"><dl><dt>1. <a href="secure.html#id2564714"> 1714 1714 What is the maximum number of account entries that the tdbsam 1715 1715 passdb backend can handle? 1716 </a></dt><dt>2. <a href="secure.html#id25 70868">1716 </a></dt><dt>2. <a href="secure.html#id2564783"> 1717 1717 Would Samba operate any better if the OS level is set to a value higher than 35? 1718 </a></dt><dt>3. <a href="secure.html#id25 70890">1718 </a></dt><dt>3. <a href="secure.html#id2564805"> 1719 1719 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups? 1720 </a></dt><dt>4. <a href="secure.html#id25 70913">1720 </a></dt><dt>4. <a href="secure.html#id2564827"> 1721 1721 Why has a path been specified in the IPC$ share? 1722 </a></dt><dt>5. <a href="secure.html#id25 70941">1722 </a></dt><dt>5. <a href="secure.html#id2564856"> 1723 1723 Why does the smb.conf file in this exercise include an entry for smb ports? 1724 </a></dt><dt>6. <a href="secure.html#id25 70988">1724 </a></dt><dt>6. <a href="secure.html#id2564902"> 1725 1725 What is the difference between a print queue and a printer? 1726 </a></dt><dt>7. <a href="secure.html#id25 71024">1726 </a></dt><dt>7. <a href="secure.html#id2564938"> 1727 1727 Can all MS Windows application software be installed onto an application server share? 1728 </a></dt><dt>8. <a href="secure.html#id25 71048">1728 </a></dt><dt>8. <a href="secure.html#id2564963"> 1729 1729 Why use dynamic DNS (DDNS)? 1730 </a></dt><dt>9. <a href="secure.html#id25 71068">1730 </a></dt><dt>9. <a href="secure.html#id2564983"> 1731 1731 Why would you use WINS as well as DNS-based name resolution? 1732 </a></dt><dt>10. <a href="secure.html#id25 71153">1732 </a></dt><dt>10. <a href="secure.html#id2565068"> 1733 1733 What are the major benefits of using an application server? 1734 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question" title="1."><td align="left" valign="top"><a name="id2570799"></a><a name="id2570801"></a><p><b>1.</b></p></td><td align="left" valign="top"><p>1734 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2564714"></a><a name="id2564716"></a><p><b>1.</b></p></td><td align="left" valign="top"><p> 1735 1735 What is the maximum number of account entries that the <em class="parameter"><code>tdbsam</code></em> 1736 1736 passdb backend can handle? … … 1758 1758 not provide a mechanism for replicating tdbsam data so it can be used by a BDC. The 1759 1759 limitation of 250 users per tdbsam is predicated only on the need for replication, 1760 not on the limits<sup>[<a name="id25 70857" href="#ftn.id2570857" class="footnote">8</a>]</sup> of the tdbsam backend itself.1761 </p></td></tr><tr class="question" title="2."><td align="left" valign="top"><a name="id2570868"></a><a name="id2570870"></a><p><b>2.</b></p></td><td align="left" valign="top"><p>1760 not on the limits<sup>[<a name="id2564772" href="#ftn.id2564772" class="footnote">8</a>]</sup> of the tdbsam backend itself. 1761 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564783"></a><a name="id2564785"></a><p><b>2.</b></p></td><td align="left" valign="top"><p> 1762 1762 Would Samba operate any better if the OS level is set to a value higher than 35? 1763 1763 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1765 1765 of 35 already assures Samba of precedence over MS Windows products in browser elections. There is 1766 1766 no gain to be had from setting this higher. 1767 </p></td></tr><tr class="question" title="3."><td align="left" valign="top"><a name="id2570890"></a><a name="id2570892"></a><p><b>3.</b></p></td><td align="left" valign="top"><p>1767 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564805"></a><a name="id2564807"></a><p><b>3.</b></p></td><td align="left" valign="top"><p> 1768 1768 Why in this example have you provided UNIX group to Windows Group mappings for only Domain Groups? 1769 1769 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1771 1771 a later date Samba may make use of Windows Local Groups, as well as of the Active Directory special 1772 1772 Groups. Proper operation requires Domain Groups to be mapped to valid UNIX groups. 1773 </p></td></tr><tr class="question" title="4."><td align="left" valign="top"><a name="id2570913"></a><a name="id2570915"></a><p><b>4.</b></p></td><td align="left" valign="top"><p>1773 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564827"></a><a name="id2564830"></a><p><b>4.</b></p></td><td align="left" valign="top"><p> 1774 1774 Why has a path been specified in the <em class="parameter"><code>IPC$</code></em> share? 1775 1775 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1777 1777 obtain access to the file system, it does so at a location that presents least risk. Under normal operation 1778 1778 this type of paranoid step should not be necessary. The use of this parameter should not be necessary. 1779 </p></td></tr><tr class="question" title="5."><td align="left" valign="top"><a name="id2570941"></a><a name="id2570943"></a><p><b>5.</b></p></td><td align="left" valign="top"><p>1779 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564856"></a><a name="id2564858"></a><p><b>5.</b></p></td><td align="left" valign="top"><p> 1780 1780 Why does the <code class="filename">smb.conf</code> file in this exercise include an entry for <a class="link" href="smb.conf.5.html#SMBPORTS" target="_top">smb ports</a>? 1781 1781 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1786 1786 The result of this is improved network performance. Where Samba-3 is installed as an Active Directory Domain 1787 1787 member, the default behavior is highly beneficial and should not be changed. 1788 </p></td></tr><tr class="question" title="6."><td align="left" valign="top"><a name="id2570988"></a><a name="id2570990"></a><p><b>6.</b></p></td><td align="left" valign="top"><p>1788 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564902"></a><a name="id2564905"></a><p><b>6.</b></p></td><td align="left" valign="top"><p> 1789 1789 What is the difference between a print queue and a printer? 1790 1790 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1800 1800 and the job is then submitted to a sequential print queue where the job is stored until 1801 1801 the printer is ready to receive the job. 1802 </p></td></tr><tr class="question" title="7."><td align="left" valign="top"><a name="id2571024"></a><a name="id2571026"></a><p><b>7.</b></p></td><td align="left" valign="top"><p>1802 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564938"></a><a name="id2564940"></a><p><b>7.</b></p></td><td align="left" valign="top"><p> 1803 1803 Can all MS Windows application software be installed onto an application server share? 1804 1804 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1808 1808 Professional do not permit installation to an application server share and can be installed 1809 1809 and used only to/from a local workstation hard disk. 1810 </p></td></tr><tr class="question" title="8."><td align="left" valign="top"><a name="id2571048"></a><a name="id2571050"></a><p><b>8.</b></p></td><td align="left" valign="top"><p>1810 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564963"></a><a name="id2564965"></a><p><b>8.</b></p></td><td align="left" valign="top"><p> 1811 1811 Why use dynamic DNS (DDNS)? 1812 1812 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1814 1814 network clients that are not NetBIOS-enabled, and thus cannot use WINS, to locate 1815 1815 Windows clients via DNS. 1816 </p></td></tr><tr class="question" title="9."><td align="left" valign="top"><a name="id2571068"></a><a name="id2571070"></a><p><b>9.</b></p></td><td align="left" valign="top"><p>1816 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2564983"></a><a name="id2564985"></a><p><b>9.</b></p></td><td align="left" valign="top"><p> 1817 1817 Why would you use WINS as well as DNS-based name resolution? 1818 1818 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 1819 1819 WINS is to NetBIOS names as DNS is to fully qualified domain names (FQDN). The FQDN is 1820 a name like <span class="quote">“<span class="quote">myhost.mydomain.tld</span>”</span>where <em class="parameter"><code>tld</code></em>1820 a name like “<span class="quote">myhost.mydomain.tld</span>” where <em class="parameter"><code>tld</code></em> 1821 1821 means <code class="constant">top-level domain</code>. A FQDN is a longhand but easy-to-remember 1822 1822 expression that may be up to 1024 characters in length and that represents an IP address. 1823 1823 A NetBIOS name is always 16 characters long. The 16<sup>th</sup> character 1824 is a name type indicator. A specific name type is registered<sup>[<a name="id25 71106" href="#ftn.id2571106" class="footnote">9</a>]</sup> for each1824 is a name type indicator. A specific name type is registered<sup>[<a name="id2565020" href="#ftn.id2565020" class="footnote">9</a>]</sup> for each 1825 1825 type of service that is provided by the Windows server or client and that may be registered 1826 1826 where a WINS server is in use. … … 1837 1837 </p><p> 1838 1838 Windows 200x Active Directory requires the registration in the DNS zone for the domain it 1839 controls of service locator<sup>[<a name="id25 71140" href="#ftn.id2571140" class="footnote">10</a>]</sup> records1839 controls of service locator<sup>[<a name="id2565054" href="#ftn.id2565054" class="footnote">10</a>]</sup> records 1840 1840 that Windows clients and servers will use to locate Kerberos and LDAP services. ADS also 1841 1841 requires the registration of special records that are called global catalog (GC) entries 1842 1842 and site entries by which domain controllers and other essential ADS servers may be located. 1843 </p></td></tr><tr class="question" title="10."><td align="left" valign="top"><a name="id2571153"></a><a name="id2571155"></a><p><b>10.</b></p></td><td align="left" valign="top"><p>1843 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id2565068"></a><a name="id2565070"></a><p><b>10.</b></p></td><td align="left" valign="top"><p> 1844 1844 What are the major benefits of using an application server? 1845 1845 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1848 1848 one location for all major applications used. This results in faster update roll-outs and 1849 1849 significantly better application usage control. 1850 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id25 65700" href="#id2565700" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3.1850 </p></td></tr></tbody></table></div></div><div class="footnotes"><br><hr width="100" align="left"><div class="footnote"><p><sup>[<a name="ftn.id2559616" href="#id2559616" class="para">5</a>] </sup>See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 3. 1851 1851 This is necessary so that Samba can act as a Domain Controller (PDC); see 1852 <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25 66081" href="#id2566081" class="para">6</a>] </sup>You may want to do the echo command last and include1853 "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id256 9669" href="#id2569669" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>,1852 <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 4, for additional information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2559997" href="#id2559997" class="para">6</a>] </sup>You may want to do the echo command last and include 1853 "0" in the init scripts, since it opens up your network for a short time.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2563584" href="#id2563584" class="para">7</a>] </sup>For more information regarding winbindd, see <span class="emphasis"><em>TOSHARG2</em></span>, 1854 1854 Chapter 23, Section 23.3. The single instance of <code class="literal">smbd</code> is normal. One additional 1855 1855 <code class="literal">smbd</code> slave process is spawned for each SMB/CIFS client 1856 connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25 70857" href="#id2570857" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very1856 connection.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2564772" href="#id2564772" class="para">8</a>] </sup>Bench tests have shown that tdbsam is a very 1857 1857 effective database technology. There is surprisingly little performance loss even 1858 with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25 71106" href="#id2571106" class="para">9</a>] </sup>1859 See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id25 71140" href="#id2571140" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>1858 with over 4000 users.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2565020" href="#id2565020" class="para">9</a>] </sup> 1859 See <span class="emphasis"><em>TOSHARG2</em></span>, Chapter 9, for more information.</p></div><div class="footnote"><p><sup>[<a name="ftn.id2565054" href="#id2565054" class="para">10</a>] </sup>See TOSHARG2, Chapter 9, Section 9.3.3.</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="small.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ExNetworks.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Big500users.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. Small Office Networking </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 4. The 500-User Office</td></tr></table></div></body></html>
Note:
See TracChangeset
for help on using the changeset viewer.
