- Timestamp:
- Jul 6, 2011, 8:21:13 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/docs/htmldocs/Samba3-ByExample/Big500users.html
r414 r599 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.7 4.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id2565229">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565274">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565373">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id2565409">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2565612">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2565635">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566362">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2566927">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id2570125">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id2570184">Questions and Answers</a></span></dt></dl></div><p>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 4. The 500-User Office</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="ExNetworks.html" title="Part I. Example Network Configurations"><link rel="prev" href="secure.html" title="Chapter 3. Secure Office Networking"><link rel="next" href="happy.html" title="Chapter 5. Making Happy Users"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 4. The 500-User Office</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="secure.html">Prev</a> </td><th width="60%" align="center">Part I. Example Network Configurations</th><td width="20%" align="right"> <a accesskey="n" href="happy.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 4. The 500-User Office"><div class="titlepage"><div><div><h2 class="title"><a name="Big500users"></a>Chapter 4. The 500-User Office</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="Big500users.html#id336007">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336038">Assignment Tasks</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336113">Dissection and Discussion</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#id336141">Technical Issues</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id336318">Political Issues</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id336338">Implementation</a></span></dt><dd><dl><dt><span class="sect2"><a href="Big500users.html#ch5-dnshcp-setup">Installation of DHCP, DNS, and Samba Control Files</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337052">Server Preparation: All Servers</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id337568">Server-Specific Preparation</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5-procstart">Process Startup Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#ch5wincfg">Windows Client Configuration</a></span></dt><dt><span class="sect2"><a href="Big500users.html#id340544">Key Points Learned</a></span></dt></dl></dd><dt><span class="sect1"><a href="Big500users.html#id340597">Questions and Answers</a></span></dt></dl></div><p> 2 2 The Samba-3 networking you explored in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a> covers the finer points of 3 3 configuration of peripheral services such as DHCP and DNS, and WINS. You experienced … … 7 7 An analysis of the history of postings to the Samba mailing list easily demonstrates 8 8 that the two most prevalent Samba problem areas are 9 </p><div class="itemizedlist"><ul type="disc"><li><p>9 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> 10 10 Defective resolution of a NetBIOS name to its IP address 11 </p></li><li ><p>11 </p></li><li class="listitem"><p> 12 12 Printing problems 13 13 </p></li></ul></div><p> … … 18 18 to make printing more complex for the administrator while making it easier for the user. 19 19 </p><p> 20 <a class="indexterm" name="id 2565165"></a>21 <a class="indexterm" name="id 2565172"></a>22 <a class="indexterm" name="id 2565178"></a>20 <a class="indexterm" name="id335954"></a> 21 <a class="indexterm" name="id335961"></a> 22 <a class="indexterm" name="id335967"></a> 23 23 <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a> demonstrates operation of a DHCP server and a DNS server 24 24 as well as a central WINS server. You validated the operation of these services and … … 42 42 You should take the opportunity to innovate and expand on the methods presented 43 43 here and explore them to the fullest. 44 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565229"></a>Introduction</h2></div></div></div><p>44 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336007"></a>Introduction</h2></div></div></div><p> 45 45 Business continues to go well for Abmas. Mr. Meany is driving your success and the 46 46 network continues to grow thanks to the hard work Christine has done. You recently … … 67 67 it is rolled out. Your strategy is to complete the new network so that it 68 68 is ready for operation when the old office moves into the new premises. 69 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565274"></a>Assignment Tasks</h3></div></div></div><p>69 </p><div class="sect2" title="Assignment Tasks"><div class="titlepage"><div><div><h3 class="title"><a name="id336038"></a>Assignment Tasks</h3></div></div></div><p> 70 70 The acquired business had 280 network users. The old Abmas building housed 71 71 220 network users in unbelievably cramped conditions. The network that … … 108 108 every four months. They automatically roll that out to each desktop system. 109 109 You must keep DirectPointe informed of all changes. 110 </p><p><a class="indexterm" name="id 2565345"></a>110 </p><p><a class="indexterm" name="id336088"></a> 111 111 The new network has a single Samba Primary Domain Controller (PDC) located in the 112 112 Network Operation Center (NOC). Buildings 1 and 2 each have a local server … … 116 116 Printing is based on raw pass-through facilities just as it has been used so far. 117 117 All printer drivers are installed on the desktop and notebook computers. 118 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565373"></a>Dissection and Discussion</h2></div></div></div><p>119 <a class="indexterm" name="id 2565381"></a>118 </p></div></div><div class="sect1" title="Dissection and Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336113"></a>Dissection and Discussion</h2></div></div></div><p> 119 <a class="indexterm" name="id336121"></a> 120 120 The example you are building in this chapter is of a network design that works, but this 121 121 does not make it a design that is recommended. As a general rule, there should be at least … … 128 128 controller. This is not a good omen for user satisfaction. You, of course, address this 129 129 very soon (see <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>). 130 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565409"></a>Technical Issues</h3></div></div></div><p>130 </p><div class="sect2" title="Technical Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id336141"></a>Technical Issues</h3></div></div></div><p> 131 131 Stan has talked you into a horrible compromise, but it is addressed. Just make 132 132 certain that the performance of this network is well validated before going live. 133 133 </p><p> 134 134 Design decisions made in this design include the following: 135 </p><div class="itemizedlist"><ul type="disc"><li><p>136 <a class="indexterm" name="id 2565430"></a>137 <a class="indexterm" name="id 2565437"></a>138 <a class="indexterm" name="id 2565444"></a>135 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> 136 <a class="indexterm" name="id336161"></a> 137 <a class="indexterm" name="id336168"></a> 138 <a class="indexterm" name="id336174"></a> 139 139 A single PDC is being implemented. This limitation is based on the choice not to 140 140 use LDAP. Many network administrators fear using LDAP because of the perceived 141 141 complexity of implementation and management of an LDAP-based backend for all user 142 142 identity management as well as to store network access credentials. 143 </p></li><li ><p>144 <a class="indexterm" name="id 2565461"></a>145 <a class="indexterm" name="id 2565468"></a>143 </p></li><li class="listitem"><p> 144 <a class="indexterm" name="id336188"></a> 145 <a class="indexterm" name="id336195"></a> 146 146 Because of the refusal to use an LDAP (ldapsam) passdb backend at this time, the 147 147 only choice that makes sense with 500 users is to use the tdbsam passwd backend. … … 152 152 machines periodically change the secret machine password. When this happens, there 153 153 is no mechanism to return the changed password to the PDC. 154 </p></li><li ><p>154 </p></li><li class="listitem"><p> 155 155 All domain user, group, and machine accounts are managed on the PDC. This makes 156 156 for a simple mode of operation but has to be balanced with network performance and 157 157 integrity of operations considerations. 158 </p></li><li ><p>159 <a class="indexterm" name="id 2565508"></a>158 </p></li><li class="listitem"><p> 159 <a class="indexterm" name="id336229"></a> 160 160 A single central WINS server is being used. The PDC is also the WINS server. 161 161 Any attempt to operate a routed network without a WINS server while using NetBIOS … … 164 164 normally located on the Windows XP Professional client in the 165 165 <code class="filename">C:\WINDOWS\SYSTEM32\ETC\DRIVERS</code> directory. 166 </p></li><li ><p>166 </p></li><li class="listitem"><p> 167 167 At this time the Samba WINS database cannot be replicated. That is 168 168 why a single WINS server is being implemented. This should work without a problem. 169 </p></li><li ><p>170 <a class="indexterm" name="id 2565545"></a>169 </p></li><li class="listitem"><p> 170 <a class="indexterm" name="id336261"></a> 171 171 BDCs make use of <code class="literal">winbindd</code> to provide 172 172 access to domain security credentials for file system access and object storage. 173 </p></li><li ><p>174 <a class="indexterm" name="id 2565564"></a>175 <a class="indexterm" name="id 2565574"></a>173 </p></li><li class="listitem"><p> 174 <a class="indexterm" name="id336279"></a> 175 <a class="indexterm" name="id336288"></a> 176 176 Configuration of Windows XP Professional clients is achieved using DHCP. Each 177 177 subnet has its own DHCP server. Backup DHCP serving is provided by one … … 179 179 all routers. The DHCP Relay agent must be programmed to pass DHCP Requests from the 180 180 network directed at the backup DHCP server. 181 </p></li><li ><p>181 </p></li><li class="listitem"><p> 182 182 All network users are granted the ability to print to any printer that is 183 183 network-attached. All printers are available from each server. Print jobs that … … 185 185 routed to the print spooler that is in control of that printer. The specific details 186 186 of how this might be done are demonstrated for one example only. 187 </p></li><li ><p>187 </p></li><li class="listitem"><p> 188 188 The network address and subnetmask chosen provide 1022 usable IP addresses in 189 189 each subnet. If in the future more addresses are required, it would make sense 190 190 to add further subnets rather than change addressing. 191 </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2565612"></a>Political Issues</h3></div></div></div><p>191 </p></li></ul></div></div><div class="sect2" title="Political Issues"><div class="titlepage"><div><div><h3 class="title"><a name="id336318"></a>Political Issues</h3></div></div></div><p> 192 192 This case gets close to the real world. You and I know the right way to implement 193 193 domain control. Politically, we have to navigate a minefield. In this case, the need is to … … 195 195 by having the real solution ready before it is needed. That real solution is presented in 196 196 <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a>. 197 </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2565635"></a>Implementation</h2></div></div></div><p>197 </p></div></div><div class="sect1" title="Implementation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id336338"></a>Implementation</h2></div></div></div><p> 198 198 The following configuration process begins following installation of Red Hat Fedora Core2 on the 199 199 three servers shown in the network topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">“Network Topology 500 User Network Using tdbsam passdb backend.”</a>. You have 200 200 selected hardware that is appropriate to the task. 201 </p><div class="figure"><a name="chap05net"></a><p class="title"><b>Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap5-net.png" width="270" alt="Network Topology 500 User Network Using tdbsam passdb backend."></div></div></div><br class="figure-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-dnshcp-setup"></a>Installation of DHCP, DNS, and Samba Control Files</h3></div></div></div><p>201 </p><div class="figure"><a name="chap05net"></a><p class="title"><b>Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.</b></p><div class="figure-contents"><div class="mediaobject"><img src="images/chap5-net.png" width="270" alt="Network Topology 500 User Network Using tdbsam passdb backend."></div></div></div><br class="figure-break"><div class="sect2" title="Installation of DHCP, DNS, and Samba Control Files"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-dnshcp-setup"></a>Installation of DHCP, DNS, and Samba Control Files</h3></div></div></div><p> 202 202 Carefully install the configuration files into the correct locations as shown in 203 203 <a class="link" href="Big500users.html#ch5-filelocations" title="Table 4.1. Domain: MEGANET, File Locations for Servers">“Domain: MEGANET, File Locations for Servers”</a>. You should validate that the full file path is … … 206 206 The abbreviation shown in this table as <code class="constant">{VLN}</code> refers to 207 207 the directory location beginning with <code class="filename">/var/lib/named</code>. 208 </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">“Server: MASSIVE (PDC), File: /etc/samba/smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">“Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf”</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">“Common Samba Configuration File: /etc/samba/common.conf”</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">“Server: BLDG1 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">“Server: BLDG2 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">“Common Domain Member Include File: dom-mem.conf”</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">“Server: MASSIVE, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">“Server: BLDG1, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">“Server: BLDG2, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">“Server: MASSIVE, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">“Server: MASSIVE, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">“Server: MASSIVE, File: named.conf, Part: C”</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">“Servers: BLDG1/BLDG2, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">“Servers: BLDG1/BLDG2, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566362"></a>Server Preparation: All Servers</h3></div></div></div><p>208 </p><div class="table"><a name="ch5-filelocations"></a><p class="title"><b>Table 4.1. Domain: <code class="constant">MEGANET</code>, File Locations for Servers</b></p><div class="table-contents"><table summary="Domain: MEGANET, File Locations for Servers" border="1"><colgroup><col align="left"><col align="left"><col align="center"><col align="center"><col align="center"></colgroup><thead><tr><th colspan="2" align="center">File Information</th><th colspan="3" align="center">Server Name</th></tr><tr><th align="center">Source</th><th align="center">Target Location</th><th align="center">MASSIVE</th><th align="center">BLDG1</th><th align="center">BLDG2</th></tr></thead><tbody><tr><td align="left"><a class="link" href="Big500users.html#ch5-massivesmb" title="Example 4.1. Server: MASSIVE (PDC), File: /etc/samba/smb.conf">“Server: MASSIVE (PDC), File: /etc/samba/smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dc-common" title="Example 4.2. Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf">“Server: MASSIVE (PDC), File: /etc/samba/dc-common.conf”</a></td><td align="left"><code class="filename">/etc/samba/dc-common.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-commonsmb" title="Example 4.3. Common Samba Configuration File: /etc/samba/common.conf">“Common Samba Configuration File: /etc/samba/common.conf”</a></td><td align="left"><code class="filename">/etc/samba/common.conf</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg1-smb" title="Example 4.4. Server: BLDG1 (Member), File: smb.conf">“Server: BLDG1 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-bldg2-smb" title="Example 4.5. Server: BLDG2 (Member), File: smb.conf">“Server: BLDG2 (Member), File: smb.conf”</a></td><td align="left"><code class="filename">/etc/samba/smb.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#ch5-dommem-smb" title="Example 4.6. Common Domain Member Include File: dom-mem.conf">“Common Domain Member Include File: dom-mem.conf”</a></td><td align="left"><code class="filename">/etc/samba/dommem.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-dhcp" title="Example 4.7. Server: MASSIVE, File: dhcpd.conf">“Server: MASSIVE, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg1dhcp" title="Example 4.8. Server: BLDG1, File: dhcpd.conf">“Server: BLDG1, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg2dhcp" title="Example 4.9. Server: BLDG2, File: dhcpd.conf">“Server: BLDG2, File: dhcpd.conf”</a></td><td align="left"><code class="filename">/etc/dhcpd.conf</code></td><td align="center">No</td><td align="center">No</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-nameda" title="Example 4.10. Server: MASSIVE, File: named.conf, Part: A">“Server: MASSIVE, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedb" title="Example 4.11. Server: MASSIVE, File: named.conf, Part: B">“Server: MASSIVE, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#massive-namedc" title="Example 4.12. Server: MASSIVE, File: named.conf, Part: C">“Server: MASSIVE, File: named.conf, Part: C”</a></td><td align="left"><code class="filename">/etc/named.conf (part C)</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasbizdns" title="Example 4.13. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.biz.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#abmasusdns" title="Example 4.14. Forward Zone File: abmas.biz.hosts">“Forward Zone File: abmas.biz.hosts”</a></td><td align="left"><code class="filename">{VLN}/master/abmas.us.hosts</code></td><td align="center">Yes</td><td align="center">No</td><td align="center">No</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12nameda" title="Example 4.15. Servers: BLDG1/BLDG2, File: named.conf, Part: A">“Servers: BLDG1/BLDG2, File: named.conf, Part: A”</a></td><td align="left"><code class="filename">/etc/named.conf (part A)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="Big500users.html#bldg12namedb" title="Example 4.16. Servers: BLDG1/BLDG2, File: named.conf, Part: B">“Servers: BLDG1/BLDG2, File: named.conf, Part: B”</a></td><td align="left"><code class="filename">/etc/named.conf (part B)</code></td><td align="center">No</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#loopback" title="Example 15.3. DNS Localhost Forward Zone File: /var/lib/named/localhost.zone">“DNS Localhost Forward Zone File: /var/lib/named/localhost.zone”</a></td><td align="left"><code class="filename">{VLN}/localhost.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#dnsloopy" title="Example 15.4. DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone">“DNS Localhost Reverse Zone File: /var/lib/named/127.0.0.zone”</a></td><td align="left"><code class="filename">{VLN}/127.0.0.zone</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr><tr><td align="left"><a class="link" href="appendix.html#roothint" title="Example 15.5. DNS Root Name Server Hint File: /var/lib/named/root.hint">“DNS Root Name Server Hint File: /var/lib/named/root.hint”</a></td><td align="left"><code class="filename">{VLN}/root.hint</code></td><td align="center">Yes</td><td align="center">Yes</td><td align="center">Yes</td></tr></tbody></table></div></div><br class="table-break"></div><div class="sect2" title="Server Preparation: All Servers"><div class="titlepage"><div><div><h3 class="title"><a name="id337052"></a>Server Preparation: All Servers</h3></div></div></div><p> 209 209 The following steps apply to all servers. Follow each step carefully. 210 </p><div class="procedure" ><a name="id2566373"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol type="1"><li><p>210 </p><div class="procedure" title="Procedure 4.1. Server Preparation Steps"><a name="id337062"></a><p class="title"><b>Procedure 4.1. Server Preparation Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 211 211 Using the UNIX/Linux system tools, set the name of the server as shown in the network 212 212 topology diagram in <a class="link" href="Big500users.html#chap05net" title="Figure 4.1. Network Topology 500 User Network Using tdbsam passdb backend.">“Network Topology 500 User Network Using tdbsam passdb backend.”</a>. For SUSE Linux products, the tool … … 221 221 <code class="prompt">root# </code> hostname -f 222 222 </pre><p> 223 </p></li><li ><p>224 <a class="indexterm" name="id 2566437"></a>225 <a class="indexterm" name="id 2566444"></a>223 </p></li><li class="step" title="Step 2"><p> 224 <a class="indexterm" name="id337123"></a> 225 <a class="indexterm" name="id337130"></a> 226 226 Edit your <code class="filename">/etc/hosts</code> file to include the primary names and addresses 227 227 of all network interfaces that are on the host server. This is necessary so that during … … 230 230 CUPS print server is started before the DNS server (<code class="literal">named</code>), you 231 231 should also include an entry for the printers in the <code class="filename">/etc/hosts</code> file. 232 </p></li><li ><p>233 <a class="indexterm" name="id 2566483"></a>232 </p></li><li class="step" title="Step 3"><p> 233 <a class="indexterm" name="id337165"></a> 234 234 All DNS name resolution should be handled locally. To ensure that the server is configured 235 235 correctly to handle this, edit <code class="filename">/etc/resolv.conf</code> so it has the following … … 241 241 This instructs the name resolver function (when configured correctly) to ask the DNS server 242 242 that is running locally to resolve names to addresses. 243 </p></li><li ><p>244 <a class="indexterm" name="id 2566514"></a>245 <a class="indexterm" name="id 2566521"></a>243 </p></li><li class="step" title="Step 4"><p> 244 <a class="indexterm" name="id337193"></a> 245 <a class="indexterm" name="id337200"></a> 246 246 Add the <code class="constant">root</code> user to the password backend: 247 247 </p><pre class="screen"> … … 255 255 deleted. If for any reason the account is deleted, you may not be able to recreate this account 256 256 without considerable trouble. 257 </p></li><li ><p>258 <a class="indexterm" name="id 2566567"></a>259 <a class="indexterm" name="id 2566574"></a>257 </p></li><li class="step" title="Step 5"><p> 258 <a class="indexterm" name="id337241"></a> 259 <a class="indexterm" name="id337248"></a> 260 260 Create the username map file to permit the <code class="constant">root</code> account to be called 261 261 <code class="constant">Administrator</code> from the Windows network environment. To do this, create … … 283 283 #### 284 284 </pre><p> 285 </p></li><li ><p>285 </p></li><li class="step" title="Step 6"><p> 286 286 Configure all network-attached printers to have a fixed IP address. 287 </p></li><li ><p>287 </p></li><li class="step" title="Step 7"><p> 288 288 Create an entry in the DNS database on the server <code class="constant">MASSIVE</code> 289 289 in both the forward lookup database for the zone <code class="constant">abmas.biz.hosts</code> … … 291 291 located in. Example configuration files for similar zones were presented in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a>, 292 292 <a class="link" href="secure.html#abmasbiz" title="Example 3.14. DNS Abmas.biz Forward Zone File">“DNS Abmas.biz Forward Zone File”</a> and <a class="link" href="secure.html#eth2zone" title="Example 3.13. DNS 192.168.2 Reverse Zone File">“DNS 192.168.2 Reverse Zone File”</a>. 293 </p></li><li ><p>293 </p></li><li class="step" title="Step 8"><p> 294 294 Follow the instructions in the printer manufacturer's manuals to permit printing 295 295 to port 9100. Use any other port the manufacturer specifies for direct mode, 296 296 raw printing. This allows the CUPS spooler to print using raw mode protocols. 297 <a class="indexterm" name="id 2566665"></a>298 <a class="indexterm" name="id 2566672"></a>299 </p></li><li ><p>300 <a class="indexterm" name="id 2566685"></a>297 <a class="indexterm" name="id337328"></a> 298 <a class="indexterm" name="id337335"></a> 299 </p></li><li class="step" title="Step 9"><p> 300 <a class="indexterm" name="id337348"></a> 301 301 Only on the server to which the printer is attached configure the CUPS Print 302 302 Queues as follows: … … 304 304 <code class="prompt">root# </code> lpadmin -p <em class="parameter"><code>printque</code></em> -v socket://<em class="parameter"><code>printer-name</code></em>.abmas.biz:9100 -E 305 305 </pre><p> 306 <a class="indexterm" name="id 2566720"></a>306 <a class="indexterm" name="id337382"></a> 307 307 This step creates the necessary print queue to use no assigned print filter. This 308 308 is ideal for raw printing, that is, printing without use of filters. 309 309 The name <em class="parameter"><code>printque</code></em> is the name you have assigned for 310 310 the particular printer. 311 </p></li><li ><p>311 </p></li><li class="step" title="Step 10"><p> 312 312 Print queues may not be enabled at creation. Make certain that the queues 313 313 you have just created are enabled by executing the following: … … 315 315 <code class="prompt">root# </code> /usr/bin/enable <em class="parameter"><code>printque</code></em> 316 316 </pre><p> 317 </p></li><li ><p>317 </p></li><li class="step" title="Step 11"><p> 318 318 Even though your print queue may be enabled, it is still possible that it 319 319 does not accept print jobs. A print queue services incoming printing … … 323 323 <code class="prompt">root# </code> /usr/bin/accept <em class="parameter"><code>printque</code></em> 324 324 </pre><p> 325 </p></li><li ><p>326 <a class="indexterm" name="id 2566799"></a>327 <a class="indexterm" name="id 2566806"></a>328 <a class="indexterm" name="id 2566813"></a>325 </p></li><li class="step" title="Step 12"><p> 326 <a class="indexterm" name="id337455"></a> 327 <a class="indexterm" name="id337461"></a> 328 <a class="indexterm" name="id337468"></a> 329 329 This step, as well as the next one, may be omitted where CUPS version 1.1.18 330 330 or later is in use. Although it does no harm to follow it anyway, and may … … 336 336 application/octet-stream application/vnd.cups-raw 0 - 337 337 </pre><p> 338 </p></li><li ><p>339 <a class="indexterm" name="id 2566849"></a>338 </p></li><li class="step" title="Step 13"><p> 339 <a class="indexterm" name="id337500"></a> 340 340 Edit the file <code class="filename">/etc/cups/mime.types</code> to uncomment the line: 341 341 </p><pre class="screen"> 342 342 application/octet-stream 343 343 </pre><p> 344 </p></li><li ><p>344 </p></li><li class="step" title="Step 14"><p> 345 345 Refer to the CUPS printing manual for instructions regarding how to configure 346 346 CUPS so that print queues that reside on CUPS servers on remote networks … … 348 348 on your CUPS server may automatically discover remotely installed printers and 349 349 may permit this functionality without requiring specific configuration. 350 </p></li><li ><p>350 </p></li><li class="step" title="Step 15"><p> 351 351 As part of the roll-out program, you need to configure the application's 352 352 server shares. This can be done once on the central server and may then be … … 355 355 <a class="link" href="secure.html#ch4appscfg" title="Application Share Configuration">“Application Share Configuration”</a> may help in your decisions to use an application 356 356 server facility. 357 </p></li></ol></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>357 </p></li></ol></div><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 358 358 Logon scripts that are run from a domain controller (PDC or BDC) are capable of using semi-intelligent 359 359 processes to automap Windows client drives to an application server that is nearest to the client. This 360 360 is considerably more difficult when a single PDC is used on a routed network. It can be done, but not 361 361 as elegantly as you see in the next chapter. 362 </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2566927"></a>Server-Specific Preparation</h3></div></div></div><p>362 </p></div></div><div class="sect2" title="Server-Specific Preparation"><div class="titlepage"><div><div><h3 class="title"><a name="id337568"></a>Server-Specific Preparation</h3></div></div></div><p> 363 363 There are some steps that apply to particular server functionality only. Each step is critical 364 364 to correct server operation. The following step-by-step installation guidance will assist you 365 365 in working through the process of configuring the PDC and then both BDC's. 366 </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2566940"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p>366 </p><div class="sect3" title="Configuration for Server: MASSIVE"><div class="titlepage"><div><div><h4 class="title"><a name="id337579"></a>Configuration for Server: <code class="constant">MASSIVE</code></h4></div></div></div><p> 367 367 The steps presented here attempt to implement Samba installation in a generic manner. While 368 368 some steps are clearly specific to Linux, it should not be too difficult to apply them to 369 369 your platform of choice. 370 </p><div class="procedure" ><a name="id2566955"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol type="1"><li><p>371 <a class="indexterm" name="id 2566967"></a>372 <a class="indexterm" name="id 2566974"></a>370 </p><div class="procedure" title="Procedure 4.2. Primary Domain Controller Preparation"><a name="id337592"></a><p class="title"><b>Procedure 4.2. Primary Domain Controller Preparation</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 371 <a class="indexterm" name="id337603"></a> 372 <a class="indexterm" name="id337610"></a> 373 373 The host server acts as a router between the two internal network segments as well 374 374 as for all Internet access. This necessitates that IP forwarding be enabled. This can be … … 379 379 To ensure that your kernel is capable of IP forwarding during configuration, you may wish to execute 380 380 that command manually also. This setting permits the Linux system to act as a router. 381 </p></li><li ><p>381 </p></li><li class="step" title="Step 2"><p> 382 382 This server is dual hosted (i.e., has two network interfaces) one goes to the Internet 383 383 and the other to a local network that has a router that is the gateway to the remote networks. … … 397 397 startup files as follows: (SUSE) <code class="filename">/etc/rc.d/boot.local</code>, (Red Hat) 398 398 <code class="filename">/etc/rc.d/init.d/rc.local</code>. 399 </p></li><li ><p>400 <a class="indexterm" name="id 2567068"></a>399 </p></li><li class="step" title="Step 3"><p> 400 <a class="indexterm" name="id337688"></a> 401 401 The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 402 402 This file controls the operation of the various resolver libraries that are part of the Linux … … 405 405 hosts: files dns wins 406 406 </pre><p> 407 </p></li><li ><p>408 <a class="indexterm" name="id 2567098"></a>407 </p></li><li class="step" title="Step 4"><p> 408 <a class="indexterm" name="id337715"></a> 409 409 Create and map Windows domain groups to UNIX groups. A sample script is provided in 410 410 <a class="link" href="Big500users.html#ch5-initgrps" title="Example 4.17. Initialize Groups Script, File: /etc/samba/initGrps.sh">“Initialize Groups Script, File: /etc/samba/initGrps.sh”</a>. Create a file containing this script. You called yours … … 412 412 and then execute the script. An example of the execution of this script as well as its 413 413 validation are shown in Section 4.3.2, Step 5. 414 </p></li><li ><p>415 <a class="indexterm" name="id 2567129"></a>416 <a class="indexterm" name="id 2567136"></a>417 <a class="indexterm" name="id 2567145"></a>414 </p></li><li class="step" title="Step 5"><p> 415 <a class="indexterm" name="id337743"></a> 416 <a class="indexterm" name="id337750"></a> 417 <a class="indexterm" name="id337759"></a> 418 418 For each user who needs to be given a Windows domain account, make an entry in the 419 419 <code class="filename">/etc/passwd</code> file as well as in the Samba password backend. … … 421 421 <code class="literal">smbpasswd</code> to create a domain user account. 422 422 </p><p> 423 <a class="indexterm" name="id 2567172"></a>424 <a class="indexterm" name="id 2567179"></a>425 <a class="indexterm" name="id 2567185"></a>423 <a class="indexterm" name="id337784"></a> 424 <a class="indexterm" name="id337790"></a> 425 <a class="indexterm" name="id337797"></a> 426 426 There are a number of tools for user management under UNIX, such as 427 427 <code class="literal">useradd</code>, <code class="literal">adduser</code>, as well as a plethora of custom 428 428 tools. With the tool of your choice, create a home directory for each user. 429 </p></li><li ><p>429 </p></li><li class="step" title="Step 6"><p> 430 430 Using the preferred tool for your UNIX system, add each user to the UNIX groups created 431 431 previously as necessary. File system access control is based on UNIX group membership. 432 </p></li><li ><p>432 </p></li><li class="step" title="Step 7"><p> 433 433 Create the directory mount point for the disk subsystem that is to be mounted to provide 434 434 data storage for company files, in this case, the mount point indicated in the <code class="filename">smb.conf</code> 435 435 file is <code class="filename">/data</code>. Format the file system as required and mount the formatted 436 436 file system partition using appropriate system tools. 437 </p></li><li ><p>438 <a class="indexterm" name="id 2567249"></a>437 </p></li><li class="step" title="Step 8"><p> 438 <a class="indexterm" name="id337856"></a> 439 439 Create the top-level file storage directories for data and applications as follows: 440 440 </p><pre class="screen"> … … 454 454 The <code class="filename">/apps</code> directory is the root of the <code class="constant">apps</code> share 455 455 that provides the application server infrastructure. 456 </p></li><li ><p>456 </p></li><li class="step" title="Step 9"><p> 457 457 The <code class="filename">smb.conf</code> file specifies an infrastructure to support roaming profiles and network 458 458 logon services. You can now create the file system infrastructure to provide the … … 475 475 <code class="prompt">root# </code> chmod ug+wrx,o+rx,-w /var/lib/samba/profiles/'username' 476 476 </pre><p> 477 </p></li><li ><p>478 <a class="indexterm" name="id 2567455"></a>479 <a class="indexterm" name="id 2567462"></a>477 </p></li><li class="step" title="Step 10"><p> 478 <a class="indexterm" name="id338048"></a> 479 <a class="indexterm" name="id338055"></a> 480 480 Create a logon script. It is important that each line is correctly terminated with 481 481 a carriage return and line-feed combination (i.e., DOS encoding). The following procedure … … 492 492 > /var/lib/samba/netlogon/scripts/logon.bat 493 493 </pre><p> 494 </p></li><li ><p>494 </p></li><li class="step" title="Step 11"><p> 495 495 There is one preparatory step without which you cannot have a working Samba network 496 496 environment. You must add an account for each network user. You can do this by executing … … 509 509 </pre><p> 510 510 You do, of course, use a valid user login ID in place of <em class="parameter"><code>username</code></em>. 511 </p></li><li ><p>511 </p></li><li class="step" title="Step 12"><p> 512 512 Follow the processes shown in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">“Process Startup Configuration”</a> to start all services. 513 </p></li><li ><p>513 </p></li><li class="step" title="Step 13"><p> 514 514 Your server is ready for validation testing. Do not proceed with the steps in 515 515 <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">“Configuration Specific to Domain Member Servers: BLDG1, BLDG2”</a> until after the operation of the server has been 516 516 validated following the same methods as outlined in <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a>, <a class="link" href="secure.html#ch4valid" title="Validation">“Validation”</a>. 517 </p></li></ol></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="ch5-domsvrspec"></a>Configuration Specific to Domain Member Servers: <code class="constant">BLDG1, BLDG2</code></h4></div></div></div><p>517 </p></li></ol></div></div><div class="sect3" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2"><div class="titlepage"><div><div><h4 class="title"><a name="ch5-domsvrspec"></a>Configuration Specific to Domain Member Servers: <code class="constant">BLDG1, BLDG2</code></h4></div></div></div><p> 518 518 The following steps will guide you through the nuances of implementing BDCs for the broadcast 519 519 isolated network segments. Remember that if the target installation platform is not Linux, it may 520 520 be necessary to adapt some commands to the equivalent on the target platform. 521 </p><div class="procedure" ><a name="id2567648"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol type="1"><li><p>522 <a class="indexterm" name="id 2567660"></a>521 </p><div class="procedure" title="Procedure 4.3. Backup Domain Controller Configuration Steps"><a name="id338227"></a><p class="title"><b>Procedure 4.3. Backup Domain Controller Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 522 <a class="indexterm" name="id338238"></a> 523 523 The final step that must be completed is to edit the <code class="filename">/etc/nsswitch.conf</code> file. 524 524 This file controls the operation of the various resolver libraries that are part of the Linux … … 529 529 hosts: files dns wins 530 530 </pre><p> 531 </p></li><li ><p>531 </p></li><li class="step" title="Step 2"><p> 532 532 Follow the steps outlined in <a class="link" href="Big500users.html#ch5-procstart" title="Process Startup Configuration">“Process Startup Configuration”</a> to start all services. Do not 533 533 start Samba at this time. Samba is controlled by the process called <code class="literal">smb</code>. 534 </p></li><li ><p>535 <a class="indexterm" name="id 2567712"></a>534 </p></li><li class="step" title="Step 3"><p> 535 <a class="indexterm" name="id338286"></a> 536 536 You must now attempt to join the domain member servers to the domain. The following 537 537 instructions should be executed to effect this: … … 539 539 <code class="prompt">root# </code> net rpc join 540 540 </pre><p> 541 </p></li><li ><p>542 <a class="indexterm" name="id 2567744"></a>541 </p></li><li class="step" title="Step 4"><p> 542 <a class="indexterm" name="id338316"></a> 543 543 You now start the Samba services by executing: 544 544 </p><pre class="screen"> 545 545 <code class="prompt">root# </code> service smb start 546 546 </pre><p> 547 </p></li><li ><p>547 </p></li><li class="step" title="Step 5"><p> 548 548 Your server is ready for validation testing. Do not proceed with the steps in 549 549 <a class="link" href="Big500users.html#ch5-domsvrspec" title="Configuration Specific to Domain Member Servers: BLDG1, BLDG2">“Configuration Specific to Domain Member Servers: BLDG1, BLDG2”</a> until after the operation of the server has been 550 550 validated following the same methods as outlined in <a class="link" href="secure.html#ch4valid" title="Validation">“Validation”</a>. 551 </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2567829"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2567841"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id2567853"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id2567865"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567877"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id2567888"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2567900"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567912"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567924"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2567937"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id2567949"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567961"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id2567974"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567986"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2567998"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id2568019"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568030"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id2568042"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id2568063"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568074"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id2568086"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id2568107"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568119"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id2568130"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568178"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2568190"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2568202"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id2568214"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2568226"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id2568238"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id2568250"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568261"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568273"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id2568294"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id2568306"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id2568317"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568329"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id2568349"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id2568361"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id2568373"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568385"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id2568405"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id2568417"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id2568429"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568440"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568485"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id2568497"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2568508"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id2568520"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id2568532"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id2568543"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id2568555"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id2568567"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568579"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id2568590"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id2568603"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2568615"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2568627"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568639"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568651"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id2568662"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id2568674"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id2568686"></a><em class="parameter"><code>include = </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id2568711"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id2568723"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id2568734"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568746"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568758"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568769"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2568781"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id2568802"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id2568814"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id2568825"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id2568837"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568880"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2568891"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id2568903"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2568946"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id2568958"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id2568970"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id2569013"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id2569025"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id2569038"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id2569049"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id2569061"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2569073"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id2569085"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen">551 </p></li></ol></div></div></div><div class="example"><a name="ch5-massivesmb"></a><p class="title"><b>Example 4.1. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/smb.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338398"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id338409"></a><em class="parameter"><code>netbios name = MASSIVE</code></em></td></tr><tr><td><a class="indexterm" name="id338421"></a><em class="parameter"><code>interfaces = eth1, lo</code></em></td></tr><tr><td><a class="indexterm" name="id338432"></a><em class="parameter"><code>bind interfaces only = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338444"></a><em class="parameter"><code>passdb backend = tdbsam</code></em></td></tr><tr><td><a class="indexterm" name="id338455"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id338467"></a><em class="parameter"><code>add user script = /usr/sbin/useradd -m '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338478"></a><em class="parameter"><code>delete user script = /usr/sbin/userdel -r '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338490"></a><em class="parameter"><code>add group script = /usr/sbin/groupadd '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id338502"></a><em class="parameter"><code>delete group script = /usr/sbin/groupdel '%g'</code></em></td></tr><tr><td><a class="indexterm" name="id338514"></a><em class="parameter"><code>add user to group script = /usr/sbin/usermod -G '%g' '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338526"></a><em class="parameter"><code>add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'</code></em></td></tr><tr><td><a class="indexterm" name="id338538"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338549"></a><em class="parameter"><code>wins support = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338560"></a><em class="parameter"><code>include = /etc/samba/dc-common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[accounts]</code></em></td></tr><tr><td><a class="indexterm" name="id338581"></a><em class="parameter"><code>comment = Accounting Files</code></em></td></tr><tr><td><a class="indexterm" name="id338593"></a><em class="parameter"><code>path = /data/accounts</code></em></td></tr><tr><td><a class="indexterm" name="id338604"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[service]</code></em></td></tr><tr><td><a class="indexterm" name="id338624"></a><em class="parameter"><code>comment = Financial Services Files</code></em></td></tr><tr><td><a class="indexterm" name="id338636"></a><em class="parameter"><code>path = /data/service</code></em></td></tr><tr><td><a class="indexterm" name="id338648"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[pidata]</code></em></td></tr><tr><td><a class="indexterm" name="id338668"></a><em class="parameter"><code>comment = Property Insurance Files</code></em></td></tr><tr><td><a class="indexterm" name="id338680"></a><em class="parameter"><code>path = /data/pidata</code></em></td></tr><tr><td><a class="indexterm" name="id338691"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dc-common"></a><p class="title"><b>Example 4.2. Server: MASSIVE (PDC), File: <code class="filename">/etc/samba/dc-common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id338738"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id338749"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id338761"></a><em class="parameter"><code>logon script = scripts\logon.bat</code></em></td></tr><tr><td><a class="indexterm" name="id338773"></a><em class="parameter"><code>logon path = \%L\profiles\%U</code></em></td></tr><tr><td><a class="indexterm" name="id338784"></a><em class="parameter"><code>logon drive = X:</code></em></td></tr><tr><td><a class="indexterm" name="id338796"></a><em class="parameter"><code>logon home = \%L\%U</code></em></td></tr><tr><td><a class="indexterm" name="id338807"></a><em class="parameter"><code>domain logons = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338819"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338830"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[homes]</code></em></td></tr><tr><td><a class="indexterm" name="id338851"></a><em class="parameter"><code>comment = Home Directories</code></em></td></tr><tr><td><a class="indexterm" name="id338862"></a><em class="parameter"><code>valid users = %S</code></em></td></tr><tr><td><a class="indexterm" name="id338874"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id338885"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[netlogon]</code></em></td></tr><tr><td><a class="indexterm" name="id338906"></a><em class="parameter"><code>comment = Network Logon Service</code></em></td></tr><tr><td><a class="indexterm" name="id338917"></a><em class="parameter"><code>path = /var/lib/samba/netlogon</code></em></td></tr><tr><td><a class="indexterm" name="id338929"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id338940"></a><em class="parameter"><code>locking = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[profiles]</code></em></td></tr><tr><td><a class="indexterm" name="id338961"></a><em class="parameter"><code>comment = Profile Share</code></em></td></tr><tr><td><a class="indexterm" name="id338972"></a><em class="parameter"><code>path = /var/lib/samba/profiles</code></em></td></tr><tr><td><a class="indexterm" name="id338984"></a><em class="parameter"><code>read only = No</code></em></td></tr><tr><td><a class="indexterm" name="id338995"></a><em class="parameter"><code>profile acls = Yes</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-commonsmb"></a><p class="title"><b>Example 4.3. Common Samba Configuration File: <code class="filename">/etc/samba/common.conf</code></b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339038"></a><em class="parameter"><code>username map = /etc/samba/smbusers</code></em></td></tr><tr><td><a class="indexterm" name="id339050"></a><em class="parameter"><code>log level = 1</code></em></td></tr><tr><td><a class="indexterm" name="id339061"></a><em class="parameter"><code>syslog = 0</code></em></td></tr><tr><td><a class="indexterm" name="id339073"></a><em class="parameter"><code>log file = /var/log/samba/%m</code></em></td></tr><tr><td><a class="indexterm" name="id339084"></a><em class="parameter"><code>max log size = 50</code></em></td></tr><tr><td><a class="indexterm" name="id339096"></a><em class="parameter"><code>smb ports = 139</code></em></td></tr><tr><td><a class="indexterm" name="id339107"></a><em class="parameter"><code>name resolve order = wins bcast hosts</code></em></td></tr><tr><td><a class="indexterm" name="id339119"></a><em class="parameter"><code>time server = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339130"></a><em class="parameter"><code>printcap name = CUPS</code></em></td></tr><tr><td><a class="indexterm" name="id339142"></a><em class="parameter"><code>show add printer wizard = No</code></em></td></tr><tr><td><a class="indexterm" name="id339154"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id339165"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id339177"></a><em class="parameter"><code>utmp = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339188"></a><em class="parameter"><code>map acl inherit = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339200"></a><em class="parameter"><code>printing = cups</code></em></td></tr><tr><td><a class="indexterm" name="id339211"></a><em class="parameter"><code>veto files = /*.eml/*.nws/*.{*}/</code></em></td></tr><tr><td><a class="indexterm" name="id339223"></a><em class="parameter"><code>veto oplock files = /*.doc/*.xls/*.mdb/</code></em></td></tr><tr><td><a class="indexterm" name="id339235"></a><em class="parameter"><code>include = </code></em></td></tr><tr><td># Share and Service Definitions are common to all servers</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[printers]</code></em></td></tr><tr><td><a class="indexterm" name="id339259"></a><em class="parameter"><code>comment = SMB Print Spool</code></em></td></tr><tr><td><a class="indexterm" name="id339270"></a><em class="parameter"><code>path = /var/spool/samba</code></em></td></tr><tr><td><a class="indexterm" name="id339282"></a><em class="parameter"><code>guest ok = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339293"></a><em class="parameter"><code>printable = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339305"></a><em class="parameter"><code>use client driver = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339316"></a><em class="parameter"><code>default devmode = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339328"></a><em class="parameter"><code>browseable = No</code></em></td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[apps]</code></em></td></tr><tr><td><a class="indexterm" name="id339348"></a><em class="parameter"><code>comment = Application Files</code></em></td></tr><tr><td><a class="indexterm" name="id339360"></a><em class="parameter"><code>path = /apps</code></em></td></tr><tr><td><a class="indexterm" name="id339371"></a><em class="parameter"><code>admin users = bjordan</code></em></td></tr><tr><td><a class="indexterm" name="id339383"></a><em class="parameter"><code>read only = No</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg1-smb"></a><p class="title"><b>Example 4.4. Server: BLDG1 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339425"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id339436"></a><em class="parameter"><code>netbios name = BLDG1</code></em></td></tr><tr><td><a class="indexterm" name="id339448"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-bldg2-smb"></a><p class="title"><b>Example 4.5. Server: BLDG2 (Member), File: smb.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339490"></a><em class="parameter"><code>workgroup = MEGANET</code></em></td></tr><tr><td><a class="indexterm" name="id339501"></a><em class="parameter"><code>netbios name = BLDG2</code></em></td></tr><tr><td><a class="indexterm" name="id339512"></a><em class="parameter"><code>include = /etc/samba/dom-mem.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="ch5-dommem-smb"></a><p class="title"><b>Example 4.6. Common Domain Member Include File: dom-mem.conf</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><em class="parameter"><code>[global]</code></em></td></tr><tr><td><a class="indexterm" name="id339555"></a><em class="parameter"><code>shutdown script = /var/lib/samba/scripts/shutdown.sh</code></em></td></tr><tr><td><a class="indexterm" name="id339566"></a><em class="parameter"><code>abort shutdown script = /sbin/shutdown -c</code></em></td></tr><tr><td><a class="indexterm" name="id339578"></a><em class="parameter"><code>preferred master = Yes</code></em></td></tr><tr><td><a class="indexterm" name="id339590"></a><em class="parameter"><code>wins server = 172.16.0.1</code></em></td></tr><tr><td><a class="indexterm" name="id339601"></a><em class="parameter"><code>idmap uid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id339613"></a><em class="parameter"><code>idmap gid = 15000-20000</code></em></td></tr><tr><td><a class="indexterm" name="id339624"></a><em class="parameter"><code>include = /etc/samba/common.conf</code></em></td></tr></table></div></div><br class="example-break"><div class="example"><a name="massive-dhcp"></a><p class="title"><b>Example 4.7. Server: MASSIVE, File: dhcpd.conf</b></p><div class="example-contents"><pre class="screen"> 552 552 # Abmas Accounting Inc. 553 553 … … 898 898 net groupmap add ntgroup="Financial Services" unixgroup=finsrvcs type=d 899 899 net groupmap add ntgroup="Insurance Group" unixgroup=piops type=d 900 </pre></div></div><br class="example-break"><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p>901 <a class="indexterm" name="id 2569434"></a>902 <a class="indexterm" name="id 2569441"></a>900 </pre></div></div><br class="example-break"><div class="sect2" title="Process Startup Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch5-procstart"></a>Process Startup Configuration</h3></div></div></div><p> 901 <a class="indexterm" name="id339909"></a> 902 <a class="indexterm" name="id339916"></a> 903 903 There are two essential steps to process startup configuration. A process 904 904 must be configured so that it is automatically restarted each time the server … … 909 909 necessary start or kill script is run. 910 910 </p><p> 911 <a class="indexterm" name="id 2569477"></a>911 <a class="indexterm" name="id339948"></a> 912 912 In the event that a service is provided not as a daemon but via the internetworking 913 913 super daemon (<code class="literal">inetd</code> or <code class="literal">xinetd</code>), then the <code class="literal">chkconfig</code> … … 919 919 are for a Red Hat Linux system, please adapt them to suit the target OS platform on which you 920 920 are installing Samba. 921 </p><div class="procedure" ><a name="id2569521"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol type="1"><li><p>921 </p><div class="procedure" title="Procedure 4.4. Process Startup Configuration Steps"><a name="id339987"></a><p class="title"><b>Procedure 4.4. Process Startup Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 922 922 Use the standard system tool to configure each service to restart 923 923 automatically at every system reboot. For example, 924 <a class="indexterm" name="id 2569535"></a>924 <a class="indexterm" name="id340000"></a> 925 925 </p><pre class="screen"> 926 926 <code class="prompt">root# </code> chkconfig dhpc on … … 930 930 <code class="prompt">root# </code> chkconfig swat on 931 931 </pre><p> 932 </p></li><li ><p>933 <a class="indexterm" name="id 2569585"></a>934 <a class="indexterm" name="id 2569592"></a>935 <a class="indexterm" name="id 2569599"></a>932 </p></li><li class="step" title="Step 2"><p> 933 <a class="indexterm" name="id340049"></a> 934 <a class="indexterm" name="id340056"></a> 935 <a class="indexterm" name="id340062"></a> 936 936 Now start each service to permit the system to be validated. 937 937 Execute each of the following in the sequence shown: … … 944 944 <code class="prompt">root# </code> service swat restart 945 945 </pre><p> 946 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ch5wincfg"></a>Windows Client Configuration</h3></div></div></div><p>946 </p></li></ol></div></div><div class="sect2" title="Windows Client Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="ch5wincfg"></a>Windows Client Configuration</h3></div></div></div><p> 947 947 The procedure for desktop client configuration for the network in this chapter is similar to 948 948 that used for the previous one. There are a few subtle changes that should be noted. 949 </p><div class="procedure" ><a name="id2569665"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol type="1"><li><p>949 </p><div class="procedure" title="Procedure 4.5. Windows Client Configuration Steps"><a name="id340124"></a><p class="title"><b>Procedure 4.5. Windows Client Configuration Steps</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 950 950 Install MS Windows XP Professional. During installation, configure the client to use DHCP for 951 951 TCP/IP protocol configuration. 952 <a class="indexterm" name="id 2569678"></a>953 <a class="indexterm" name="id 2569685"></a>952 <a class="indexterm" name="id340136"></a> 953 <a class="indexterm" name="id340142"></a> 954 954 DHCP configures all Windows clients to use the WINS Server address that has been defined 955 955 for the local subnet. 956 </p></li><li ><p>956 </p></li><li class="step" title="Step 2"><p> 957 957 Join the Windows domain <code class="constant">MEGANET</code>. Use the domain administrator 958 958 username <code class="constant">root</code> and the SMB password you assigned to this account. … … 961 961 Reboot the machine as prompted and then log on using the domain administrator account 962 962 (<code class="constant">root</code>). 963 </p></li><li ><p>963 </p></li><li class="step" title="Step 3"><p> 964 964 Verify that the server called <code class="constant">MEGANET</code> is visible in <span class="guimenu">My Network Places</span>, 965 965 that it is possible to connect to it and see the shares <span class="guimenuitem">accounts</span>, 966 966 <span class="guimenuitem">apps</span>, and <span class="guimenuitem">finsvcs</span>, 967 967 and that it is possible to open each share to reveal its contents. 968 </p></li><li ><p>968 </p></li><li class="step" title="Step 4"><p> 969 969 Create a drive mapping to the <code class="constant">apps</code> share on a server. At this time, it does 970 970 not particularly matter which application server is used. It is necessary to manually … … 972 972 installation. This step is avoided by the improvements to the design of the network configuration 973 973 in the next chapter. 974 </p></li><li ><p>974 </p></li><li class="step" title="Step 5"><p> 975 975 Perform an administrative installation of each application to be used. Select the options 976 976 that you wish to use. Of course, you choose to run applications over the network, correct? 977 </p></li><li ><p>977 </p></li><li class="step" title="Step 6"><p> 978 978 Now install all applications to be installed locally. Typical tools include Adobe Acrobat, 979 979 NTP-based time synchronization software, drivers for specific local devices such as fingerprint 980 980 scanners, and the like. Probably the most significant application to be locally installed 981 981 is antivirus software. 982 </p></li><li ><p>982 </p></li><li class="step" title="Step 7"><p> 983 983 Now install all four printers onto the staging system. The printers you install 984 984 include the accounting department HP LaserJet 6 and Minolta QMS Magicolor printers, and you 985 985 also configure use of the identical printers that are located in the financial services department. 986 986 Install printers on each machine using the following steps: 987 </p><div class="procedure" ><a name="id2569817"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol type="1"><li><p>987 </p><div class="procedure" title="Procedure 4.6. Steps to Install Printer Drivers on Windows Clients"><a name="id340259"></a><p class="title"><b>Procedure 4.6. Steps to Install Printer Drivers on Windows Clients</b></p><ol class="procedure" type="1"><li class="step" title="Step 7.1"><p> 988 988 Click <span class="guimenu">Start</span> → <span class="guimenuitem">Settings</span> → <span class="guimenuitem">Printers</span>+<span class="guiicon">Add Printer</span>+<span class="guibutton">Next</span>. Do not click <span class="guimenuitem">Network printer</span>. 989 989 Ensure that <span class="guimenuitem">Local printer</span> is selected. 990 </p></li><li ><p>990 </p></li><li class="step" title="Step 7.2"><p> 991 991 Click <span class="guibutton">Next</span>. In the 992 992 <span class="guimenuitem">Manufacturer:</span> panel, select <code class="constant">HP</code>. 993 993 In the <span class="guimenuitem">Printers:</span> panel, select the printer called 994 994 <code class="constant">HP LaserJet 6</code>. Click <span class="guibutton">Next</span>. 995 </p></li><li ><p>995 </p></li><li class="step" title="Step 7.3"><p> 996 996 In the <span class="guimenuitem">Available ports:</span> panel, select 997 997 <code class="constant">FILE:</code>. Accept the default printer name by clicking 998 <span class="guibutton">Next</span>. When asked, “<span class="quote">Would you like to print a999 test page?</span>” , click <span class="guimenuitem">No</span>. Click998 <span class="guibutton">Next</span>. When asked, <span class="quote">“<span class="quote">Would you like to print a 999 test page?</span>”</span>, click <span class="guimenuitem">No</span>. Click 1000 1000 <span class="guibutton">Finish</span>. 1001 </p></li><li ><p>1001 </p></li><li class="step" title="Step 7.4"><p> 1002 1002 You may be prompted for the name of a file to print to. If so, close the 1003 1003 dialog panel. Right-click <span class="guiicon">HP LaserJet 6</span> → <span class="guimenuitem">Properties</span> → <span class="guisubmenu">Details (Tab)</span>+<span class="guibutton">Add Port</span>. 1004 </p></li><li ><p>1004 </p></li><li class="step" title="Step 7.5"><p> 1005 1005 In the <span class="guimenuitem">Network</span> panel, enter the name of 1006 1006 the print queue on the Samba server as follows: <code class="constant">\\BLDG1\hplj6a</code>. 1007 1007 Click <span class="guibutton">OK</span>+<span class="guibutton">OK</span> to complete the installation. 1008 </p></li><li ><p>1008 </p></li><li class="step" title="Step 7.6"><p> 1009 1009 Repeat the printer installation steps above for both HP LaserJet 6 printers 1010 1010 as well as for both QMS Magicolor laser printers. Remember to install all … … 1017 1017 configuration (as well as the applications server drive mapping) to the 1018 1018 server on the network segment on which the workstation is to be located. 1019 </p></li></ol></div></li><li ><p>1019 </p></li></ol></div></li><li class="step" title="Step 8"><p> 1020 1020 When you are satisfied that the staging systems are complete, use the appropriate procedure to 1021 1021 remove the client from the domain. Reboot the system, and then log on as the local administrator 1022 1022 and clean out all temporary files stored on the system. Before shutting down, use the disk 1023 1023 defragmentation tool so that the file system is in optimal condition before replication. 1024 </p></li><li ><p>1024 </p></li><li class="step" title="Step 9"><p> 1025 1025 Boot the workstation using the Norton (Symantec) Ghosting disk (or CD-ROM) and image the 1026 1026 machine to a network share on the server. 1027 </p></li><li ><p>1027 </p></li><li class="step" title="Step 10"><p> 1028 1028 You may now replicate the image using the appropriate Norton Ghost procedure to the target 1029 1029 machines. Make sure to use the procedure that ensures each machine has a unique 1030 1030 Windows security identifier (SID). When the installation of the disk image is complete, boot the PC. 1031 </p></li><li ><p>1031 </p></li><li class="step" title="Step 11"><p> 1032 1032 Log onto the machine as the local Administrator (the only option), and join the machine to 1033 1033 the domain following the procedure set out in <a class="link" href="appendix.html" title="Chapter 15. A Collection of Useful Tidbits">“A Collection of Useful Tidbits”</a>, <a class="link" href="appendix.html#domjoin" title="Joining a Domain: Windows 200x/XP Professional">“Joining a Domain: Windows 200x/XP Professional”</a>. You must now set the … … 1035 1035 ready for the user to log on, provided you have created a network logon account for that 1036 1036 user, of course. 1037 </p></li><li ><p>1037 </p></li><li class="step" title="Step 12"><p> 1038 1038 Instruct all users to log onto the workstation using their assigned username and password. 1039 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2570125"></a>Key Points Learned</h3></div></div></div><p>1039 </p></li></ol></div></div><div class="sect2" title="Key Points Learned"><div class="titlepage"><div><div><h3 class="title"><a name="id340544"></a>Key Points Learned</h3></div></div></div><p> 1040 1040 The network you have just deployed has been a valuable exercise in forced constraint. 1041 1041 You have deployed a network that works well, although you may soon start to see 1042 1042 performance problems, at which time the modifications demonstrated in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">“Making Happy Users”</a> 1043 1043 bring the network to life. The following key learning points were experienced: 1044 </p><div class="itemizedlist"><ul type="disc"><li><p>1044 </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p> 1045 1045 The power of using <code class="filename">smb.conf</code> include files 1046 </p></li><li ><p>1046 </p></li><li class="listitem"><p> 1047 1047 Use of a single PDC over a routed network 1048 </p></li><li ><p>1048 </p></li><li class="listitem"><p> 1049 1049 Joining a Samba-3 domain member server to a Samba-3 domain 1050 </p></li><li ><p>1050 </p></li><li class="listitem"><p> 1051 1051 Configuration of winbind to use domain users and groups for Samba access 1052 1052 to resources on the domain member servers 1053 </p></li><li ><p>1053 </p></li><li class="listitem"><p> 1054 1054 The introduction of roaming profiles 1055 </p></li></ul></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2570184"></a>Questions and Answers</h2></div></div></div><p>1056 </p><div class="qandaset" ><dl><dt> <a href="Big500users.html#id2570200">1055 </p></li></ul></div></div></div><div class="sect1" title="Questions and Answers"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id340597"></a>Questions and Answers</h2></div></div></div><p> 1056 </p><div class="qandaset" title="Frequently Asked Questions"><a name="id340606"></a><dl><dt> <a href="Big500users.html#id340612"> 1057 1057 The example smb.conf files in this chapter make use of the include facility. 1058 1058 How may I get to see what the actual working smb.conf settings are? 1059 </a></dt><dt> <a href="Big500users.html#id 2570249">1059 </a></dt><dt> <a href="Big500users.html#id340660"> 1060 1060 Why does the include file common.conf have an empty include statement? 1061 </a></dt><dt> <a href="Big500users.html#id 2570311">1061 </a></dt><dt> <a href="Big500users.html#id340716"> 1062 1062 I accept that the simplest configuration necessary to do the job is the best. The use of tdbsam 1063 1063 passdb backend is much simpler than having to manage an LDAP-based ldapsam passdb backend. 1064 1064 I tried using rsync to replicate the passdb.tdb, and it seems to work fine! 1065 1065 So what is the problem? 1066 </a></dt><dt> <a href="Big500users.html#id 2570366">1066 </a></dt><dt> <a href="Big500users.html#id340766"> 1067 1067 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash? 1068 </a></dt><dt> <a href="Big500users.html#id 2570396">1068 </a></dt><dt> <a href="Big500users.html#id340791"> 1069 1069 How does the Windows client find the PDC? 1070 </a></dt><dt> <a href="Big500users.html#id 2570419">1070 </a></dt><dt> <a href="Big500users.html#id340811"> 1071 1071 Why did you enable IP forwarding (routing) only on the server called MASSIVE? 1072 </a></dt><dt> <a href="Big500users.html#id 2570450">1072 </a></dt><dt> <a href="Big500users.html#id340838"> 1073 1073 You did nothing special to implement roaming profiles. Why? 1074 </a></dt><dt> <a href="Big500users.html#id 2570469">1074 </a></dt><dt> <a href="Big500users.html#id340856"> 1075 1075 On the domain member computers, you configured winbind in the /etc/nsswitch.conf file. 1076 1076 You did not configure any PAM settings. Is this an omission? 1077 </a></dt><dt> <a href="Big500users.html#id 2570501">1077 </a></dt><dt> <a href="Big500users.html#id340883"> 1078 1078 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this? 1079 </a></dt><dt> <a href="Big500users.html#id 2570543">1079 </a></dt><dt> <a href="Big500users.html#id340920"> 1080 1080 The domain controller has an auto-shutdown script. Isn't that dangerous? 1081 </a></dt></dl><table border="0" summary="Q and A Set"><col align="left" width="1%"><tbody><tr class="question"><td align="left" valign="top"><a name="id2570200"></a><a name="id2570202"></a></td><td align="left" valign="top"><p>1081 </a></dt></dl><table border="0" width="100%" summary="Q and A Set"><col align="left" width="1%"><col><tbody><tr class="question"><td align="left" valign="top"><a name="id340612"></a><a name="id340615"></a></td><td align="left" valign="top"><p> 1082 1082 The example <code class="filename">smb.conf</code> files in this chapter make use of the <em class="parameter"><code>include</code></em> facility. 1083 1083 How may I get to see what the actual working <code class="filename">smb.conf</code> settings are? … … 1087 1087 <code class="prompt">root# </code> testparm -s | less 1088 1088 </pre><p> 1089 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570249"></a><a name="id2570251"></a></td><td align="left" valign="top"><p>1089 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340660"></a><a name="id340662"></a></td><td align="left" valign="top"><p> 1090 1090 Why does the include file <code class="filename">common.conf</code> have an empty include statement? 1091 1091 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1100 1100 the include in place, even though the file it points to has already been included. This is a bug 1101 1101 that will be fixed at a future date. 1102 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570311"></a><a name="id2570313"></a></td><td align="left" valign="top"><p>1102 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340716"></a><a name="id340718"></a></td><td align="left" valign="top"><p> 1103 1103 I accept that the simplest configuration necessary to do the job is the best. The use of <em class="parameter"><code>tdbsam</code></em> 1104 1104 passdb backend is much simpler than having to manage an LDAP-based <em class="parameter"><code>ldapsam</code></em> passdb backend. … … 1110 1110 to log onto the network following a reboot and may have to rejoin the domain to recover network 1111 1111 access capability. 1112 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570366"></a><a name="id2570368"></a></td><td align="left" valign="top"><p>1112 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340766"></a><a name="id340769"></a></td><td align="left" valign="top"><p> 1113 1113 You are using DHCP Relay enabled on the routers as well as a local DHCP server. Will this cause a clash? 1114 1114 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1119 1119 The only exception to this rule is when the client makes a directed request from a specific DHCP server 1120 1120 for renewal of the lease it has. This means that under normal circumstances there is no risk of a clash. 1121 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570396"></a><a name="id2570398"></a></td><td align="left" valign="top"><p>1121 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340791"></a><a name="id340794"></a></td><td align="left" valign="top"><p> 1122 1122 How does the Windows client find the PDC? 1123 1123 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1126 1126 to register itself with the WINS server and to obtain enumeration of vital network information to 1127 1127 enable it to operate successfully. 1128 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570419"></a><a name="id2570421"></a></td><td align="left" valign="top"><p>1128 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340811"></a><a name="id340813"></a></td><td align="left" valign="top"><p> 1129 1129 Why did you enable IP forwarding (routing) only on the server called <code class="constant">MASSIVE</code>? 1130 1130 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1133 1133 Route table entries are needed to direct MASSIVE to send all traffic intended for the remote network 1134 1134 segments to the router that is its gateway to them. 1135 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570450"></a><a name="id2570452"></a></td><td align="left" valign="top"><p>1135 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340838"></a><a name="id340840"></a></td><td align="left" valign="top"><p> 1136 1136 You did nothing special to implement roaming profiles. Why? 1137 1137 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> 1138 1138 Unless configured to do otherwise, the default behavior with Samba-3 and Windows XP Professional 1139 1139 clients is to use roaming profiles. 1140 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570469"></a><a name="id2570471"></a></td><td align="left" valign="top"><p>1140 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340856"></a><a name="id340858"></a></td><td align="left" valign="top"><p> 1141 1141 On the domain member computers, you configured winbind in the <code class="filename">/etc/nsswitch.conf</code> file. 1142 1142 You did not configure any PAM settings. Is this an omission? … … 1147 1147 to enable the use of winbind. Samba makes use only of the identity resolution facilities of the name 1148 1148 service switch (NSS). 1149 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570501"></a><a name="id2570503"></a></td><td align="left" valign="top"><p>1149 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340883"></a><a name="id340885"></a></td><td align="left" valign="top"><p> 1150 1150 You are starting SWAT up on this example but have not discussed that anywhere. Why did you do this? 1151 1151 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p> … … 1156 1156 file but leaves in place a broken reference to the top-layer include file. SWAT was not designed to 1157 1157 handle this functionality gracefully. 1158 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id 2570543"></a><a name="id2570545"></a></td><td align="left" valign="top"><p>1158 </p></td></tr><tr class="question"><td align="left" valign="top"><a name="id340920"></a><a name="id340922"></a></td><td align="left" valign="top"><p> 1159 1159 The domain controller has an auto-shutdown script. Isn't that dangerous? 1160 1160 </p></td></tr><tr class="answer"><td align="left" valign="top"></td><td align="left" valign="top"><p>
Note:
See TracChangeset
for help on using the changeset viewer.
