<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<chapter id="2000users">
+<chapter id="net2000users">
<title>A Distributed 2000-User Network</title>
<para>
include the accounting department HP LaserJet 6 and Minolta QMS Magicolor printers, and you
also configure use of the identical printers that are located in the financial services department.
Install printers on each machine using the following steps:
+ </para>
<procedure>
<title>Steps to Install Printer Drivers on Windows Clients</title>
dialog panel. Right-click <menuchoice>
<guiicon>HP LaserJet 6</guiicon>
<guimenuitem>Properties</guimenuitem>
- <guimenusub>Details (Tab)</guimenusub>
- <guimenubutton>Add Port</guimenubutton>
+ <guisubmenu>Details (Tab)</guisubmenu>
+ <guibutton>Add Port</guibutton>
</menuchoice>.
</para></step>
server on the network segment on which the workstation is to be located.
</para></step>
</procedure>
- </para></step>
+ </step>
<step><para>
When you are satisfied that the staging systems are complete, use the appropriate procedure to
</para>
<para>
- The instructions given here apply to the Samba environment shown in <link linkend="happy"/> and <link linkend="2000users"/>.
+ The instructions given here apply to the Samba environment shown in <link linkend="happy"/> and <link linkend="net2000users"/>.
If the network does not have an LDAP slave server (i.e., <link linkend="happy"/> configuration),
change the target LDAP server from <constant>lapdc</constant> to <constant>massive.</constant>
</para>
</sect2>
-
<sect2>
<title>UNIX/Linux Client Domain Member</title>
<step><para>
The opening panel is the same one that can be reached by clicking <guimenu>System</guimenu> on the Control Panel.
See <link linkend="swxpp001"></link>.
- <figure id="swxpp001"><imagefile>wxpp001</imagefile><title>The General Panel.</title></figure>
+ <figure id="swxpp001"><title>The General Panel.</title><imagefile>wxpp001</imagefile></figure>
</para></step>
<step><para>
Clicking the <guimenu>Network ID</guimenu> button launches the configuration wizard. Do not use this with
Samba-3. If you wish to change the computer name, or join or leave the domain, click the <guimenu>Change</guimenu> button.
See <link linkend="swxpp004"></link>.
- <figure id="swxpp004"><imagefile>wxpp004</imagefile><title>The Computer Name Panel.</title></figure>
+ <figure id="swxpp004"><title>The Computer Name Panel.</title><imagefile>wxpp004</imagefile></figure>
</para></step>
<step><para>
Click on <guimenu>Change</guimenu>. This panel shows that our example machine (TEMPTATION) is in a workgroup called WORKGROUP.
We join the domain called MIDEARTH. See <link linkend="swxpp006"></link>.
- <figure id="swxpp006"><imagefile>wxpp006</imagefile><title>The Computer Name Changes Panel</title></figure>
+ <figure id="swxpp006"><title>The Computer Name Changes Panel</title><imagefile>wxpp006</imagefile></figure>
</para></step>
<step><para>
<para>
This panel shows that our example machine (TEMPTATION) is set to join the domain called MIDEARTH. See <link linkend="swxpp007"></link>.
- <figure id="swxpp007"><imagefile>wxpp007</imagefile><title>The Computer Name Changes Panel &smbmdash; Domain MIDEARTH</title></figure>
+ <figure id="swxpp007"><title>The Computer Name Changes Panel &smbmdash; Domain MIDEARTH</title><imagefile>wxpp007</imagefile></figure>
</para></step>
<step><para>
<para>
Enter the name <quote>root</quote> and the root password from your Samba-3 server. See <link linkend="swxpp008"></link>.
- <figure id="swxpp008"><imagefile>wxpp008</imagefile><title>Computer Name Changes &smbmdash; User name and Password Panel</title></figure>
+ <figure id="swxpp008"><title>Computer Name Changes &smbmdash; User name and Password Panel</title><imagefile>wxpp008</imagefile></figure>
</para></step>
<step><para>
<primary>file caching</primary>
</indexterm>
Third-party Windows applications may not be compatible with the use of opportunistic file
- and record locking. For applications that are known not to be compatible,<footnote>Refer to
+ and record locking. For applications that are known not to be compatible,<footnote><para>Refer to
the application manufacturer's installation guidelines and knowledge base for specific
information regarding compatibility. It is often safe to assume that if the software
manufacturer does not specifically mention incompatibilities with opportunistic file
and record locking, or with Windows client file caching, the application is probably
- compatible with Windows (as well as Samba) default settings.</footnote> oplock
+ compatible with Windows (as well as Samba) default settings.</para></footnote> oplock
support may need to be disabled both on the Samba server and on the Windows workstations.
</para>
Abmas Video Rentals' head of IT heard of this criticism. He was offended that a junior engineer
should make such a comment. He felt that he had to prepare in case he might be criticized for his
decision to use Active Directory. He decided he would defend his decision by hiring the services
- of an outside security systems consultant to report<footnote>This report is entirely fictitious.
- Any resemblance to a factual report is purely coincidental.</footnote> on his unit's operations
+ of an outside security systems consultant to report<footnote><para>This report is entirely fictitious.
+ Any resemblance to a factual report is purely coincidental.</para></footnote> on his unit's operations
and to investigate the role of Samba at his site. Here are key extracts from this hypothetical
report:
</para>
</varlistentry>
<varlistentry>
- <term>Active Directory Replacement with Kerberos, LDAP, and Samba</term>
- <indexterm>
+ <term>Active Directory Replacement with Kerberos, LDAP, and Samba
+ <indexterm>
<primary>Active Directory</primary>
<secondary>Replacement</secondary>
</indexterm><indexterm>
<primary>remote procedure call</primary>
<see>RPC</see>
</indexterm>
+
+ </term>
<listitem><para>
<literallayout> </literallayout>
The Microsoft networking protocols extensively make use of remote procedure call (RPC)
A storm has broken out concerning interoperability between MIT Kerberos and Microsofts' implementation
of it. For example, a 2002
<ulink url="http://www.idg.com.sg/idgwww.nsf/0/5DDA8D153A7505A748256BAB000D992A?OpenDocument">IDG</ulink>
- report<footnote>Note: This link is no longer active. The same article is still
- available from <ulink url="http://199.105.191.226/Man/2699/020430msdoj/">ITWorld.com</ulink> (July 5, 2005)</footnote> by
+ report<footnote><para>Note: This link is no longer active. The same article is still
+ available from <ulink url="http://199.105.191.226/Man/2699/020430msdoj/">ITWorld.com</ulink> (July 5, 2005)</para></footnote> by
states:
</para>
<orderedlist>
<listitem><para>
A user opens a Work document from a network drive. The file was owned by user <constant>janetp</constant>
- and <group>users</group>, and was set read/write-enabled for everyone.
+ and <constant>users</constant>, and was set read/write-enabled for everyone.
</para></listitem>
<listitem><para>
</para>
<simplelist>
- <member><para>200 MHz MMX processor</para></member>
- <member><para>512K RAM</para></member>
- <member><para>24 GB disk space in RAID1</para></member>
- <member><para>Novell 4.11 patched to service pack 7</para></member>
- <member><para>60+ users</para></member>
- <member><para>7 network-attached printers</para></member>
+ <member>200 MHz MMX processor</member>
+ <member>512K RAM</member>
+ <member>24 GB disk space in RAID1</member>
+ <member>Novell 4.11 patched to service pack 7</member>
+ <member>60+ users</member>
+ <member>7 network-attached printers</member>
</simplelist>
<para>
<simplelist>
<member>
- <para>3.0 GHz P4 Processor</para>
+ 3.0 GHz P4 Processor
</member>
<member>
- <para>1 GB RAM</para>
+ 1 GB RAM
</member>
<member>
- <para>120 GB SATA operating system drive</para>
+ 120 GB SATA operating system drive
</member>
<member>
- <para>4 x 80 GB SATA data drives (RAID5 240 GB capacity)</para>
+ 4 x 80 GB SATA data drives (RAID5 240 GB capacity)
</member>
<member>
- <para>2 x 80 GB SATA removable drives for online backup</para>
+ 2 x 80 GB SATA removable drives for online backup
</member>
<member>
- <para>A DLT drive for asynchronous offline backup</para>
+ A DLT drive for asynchronous offline backup
</member>
<member>
- <para>SUSE Linux Professional 9.1</para>
+ SUSE Linux Professional 9.1
</member>
</simplelist>
</para>
<simplelist>
- <member><para>courier-imap</para></member>
- <member><para>courier-imap-ldap</para></member>
- <member><para>nss_ldap</para></member>
- <member><para>openldap2-client</para></member>
- <member><para>openldap2-devel (only for Samba compilation)</para></member>
- <member><para>openldap2</para></member>
- <member><para>pam_ldap</para></member>
- <member><para>samba-3.0.20 or later</para></member>
- <member><para>samba-client-3.0.20 or later</para></member>
- <member><para>samba-winbind-3.0.20 or later</para></member>
- <member><para>smbldap-tools Version 0.9.1</para></member>
+ <member>courier-imap</member>
+ <member>courier-imap-ldap</member>
+ <member>nss_ldap</member>
+ <member>openldap2-client</member>
+ <member>openldap2-devel (only for Samba compilation)</member>
+ <member>openldap2</member>
+ <member>pam_ldap</member>
+ <member>samba-3.0.20 or later</member>
+ <member>samba-client-3.0.20 or later</member>
+ <member>samba-winbind-3.0.20 or later</member>
+ <member>smbldap-tools Version 0.9.1</member>
</simplelist>
<para>
<indexterm><primary>Postfix</primary></indexterm>
<indexterm><primary>Courier-IMAP</primary></indexterm>
<simplelist>
- <member><para>UNIX login/ssh</para></member>
- <member><para>Postfix (SMTP)</para></member>
- <member><para>Courier-IMAP/IMAPS/POP3/POP3S</para></member>
+ <member>UNIX login/ssh</member>
+ <member>Postfix (SMTP)</member>
+ <member>Courier-IMAP/IMAPS/POP3/POP3S</member>
</simplelist>
<para>
</screen>
The next step is to make certain that Samba is running using <command>ps ax | grep mbd</command>.
The <command>nmbd</command> daemon will provide the WINS name resolution service when the
- &smb.conf; file <smbconfsection>[global]</smbconfsection> parameter <smbconfoption name="wins
+ &smb.conf; file <smbconfsection name="global"/> parameter <smbconfoption name="wins
support">Yes</smbconfoption> has been specified. Having validated that Samba is operational,
excute the following:
<screen>
directories are created with the same owner and group as the directory in which they are
created. Any new directories created still have the same owner, group, and permissions as the
directory they are in. This should eliminate all permissions-based file access problems. For
- more information on this subject, refer to TOSHARG2<footnote>The Official Samba-3 HOWTO and
- Reference Guide, Chapter 15, File, Directory and Share Access Controls.</footnote> or refer
+ more information on this subject, refer to TOSHARG2<footnote><para>The Official Samba-3 HOWTO and
+ Reference Guide, Chapter 15, File, Directory and Share Access Controls.</para></footnote> or refer
to the UNIX man page for the <command>chmod</command> and the <command>chown</command> commands.
</para></step>
</para>
<procedure>
<step><para>
- <menuchoice>
- Right-click <guimenu>My Network</guimenu>
- <guimenuitem>Map Network Drive...</guimenuitem>
- </menuchoice>
+ Right-click <menuchoice><guimenu>My Network</guimenu>
+ <guimenuitem>Map Network Drive...</guimenuitem></menuchoice>
</para></step>
<step><para>
by setting the sticky bit (set UID/GID) on the top-level directories.
</para>
+ <para>
<figure id="acct2net">
<title>Abmas Accounting &smbmdash; 52-User Network Topology</title>
<imagefile scale="100">acct2net</imagefile>
</figure>
+</para>
<procedure>
<title>Server Installation Steps</title>
<para>
<indexterm><primary>parameters</primary></indexterm>
The following parameters are new to Samba-3 and should be correctly configured.
- Please refer to <link linkend="secure"/> through <link linkend="2000users"/>
+ Please refer to <link linkend="secure"/> through <link linkend="net2000users"/>
in this book for examples of use of the new parameters shown here:
<indexterm><primary>add group script</primary></indexterm>
<indexterm><primary>add machine script</primary></indexterm>
<para>
<simplelist>
- <member><para>add group script</para></member>
- <member><para>add machine script</para></member>
- <member><para>add user to group script</para></member>
- <member><para>delete group script</para></member>
- <member><para>delete user from group script</para></member>
- <member><para>passdb backend</para></member>
- <member><para>set primary group script</para></member>
+ <member>add group script</member>
+ <member>add machine script</member>
+ <member>add user to group script</member>
+ <member>delete group script</member>
+ <member>delete user from group script</member>
+ <member>passdb backend</member>
+ <member>set primary group script</member>
</simplelist>
</para>