Bryan J. Smith wrote:
Ugo Bellavance ugob@camo-route.com wrote:
I started reading the Samba doc, but it is rather long.
Of course. ;->
Samba has settings to emulate just about every detail of any release of Server Message Block (SMB) from old LAN Manager to Windows Server 2003. Microsoft's "canned," server-wide settings in their server versions are usually an issue for various clients.
Hence why most enterprises with SMB experts prefer Samba over stock SMB in Windows Server.
Ok
I planned on using this server as a PDC so that it is not too different from using their former windows 2000 server.
<anal> FYI, the term Primary Domain Controller (PDC) is deprecated because it refers to the legacy CIFS NT 4.0 term. We typically call modern CIFS/SMB, including ActiveDirectory Services (ADS) integration, as a Domain Controller (DC). Although I noted that the more legacy Samba docs still call it a PDC. </anal>
I knew that, but this is the terms they use in the Samba doc, probably because Samba can't emulate all the features of a DC.
Note that newer DC services aren't just Samba. Samba just provides the Windows client Remote Procedure Call (RPC) services to the Windows clients when they access it as a file server. Samba can authenticate and authorize against other services.
Yup.
If you start reading a lot of Windows 2000 / ADS / Samba schtuff, you're going to see people talking about MS Kerberos and native Windows DC integration. That _only_ applies when you are integrating Samba servers with _native_ ADS DC servers (as you've heard me say before, "making UNIX ADS' bitch"). In your case, you're not using a native Windows ADS DC, so Samba is the authority.
Ok
How you wish to maintain authentication and directory services is up to you. The Samba 3.0 By Example book gives you a lot of "cookbook methods" to setting up LDAP Schema for Windows clients. You can choose to do such if you wish. In general, there is a _massive_ "learning curve" associated with this, because you have to understand how Windows clients really work at the authentication, directory and file services level -- as well as how UNIX does.
Hmmm, and I don't know LDAP very well... I have started reading the oreilly book about it, but couldn't figure out how it looked/felt/worked in practice :(.
I'll be managing this server, which is currently a staging server for web development (php/mysql/cvs).
Oh. Do you really need SMB then? Should they be doing CVS or Subversion/WebDAV-DeltaV check-ins instead?
Well, there will be a few programmers on this server, but also the direcor, the secretary, a project manager, so they'll obviously need network shares, and, of course, network printing. On question that I have about Samba and printing: Do the printers need to have drivers for linux, if only the windows clients will print, or having windows drivers is enough?
Anyone has a opinion on this, or better ideas?
Well, if you don't have native Windows ADS servers, then it's actually pretty easy to do. Samba can and will emulate a lot of different RPC services for the Windows clients. Tweaking those settings will be all you'll need to do.
Ok
How you handle the directory services is up to you -- you can even just use local UNIX accounts (although I don't recommend that for future growth and more servers). Years ago I would have just used NIS (with Kerberos if I needed authentication security), but since NsDS 7.1, now FDS 7.1, became available earlier in the year, I've been recommending it (with or without Kerberos, your choice). Especially with the multi-master replication.
Hmm, I'll read a bit on it, but I wonder if it isn't overkill...
The nice thing about building a network with NsDS is that if your organization should force native Windows ADS on you, you can still keep your authentication and control segmented, while synchronizing with ADS accounts.
Ok. I doubt that because I'm the only sysadmin, but it can happen...
My backups will be based on utilities and mondorescue,
Be careful with Mondo Rescue. Hugo's a good guy, but his stuff tends to not work on all systems -- just a fact that systems differ and he can't test for everything.
I know Hugo a lot. I can't say I like his style/attitude/product 100% but it works on this specific system. And if doesn't work as a bare-metal recovery system, it is easy to restore (.iso on a hard drive). I agree that I would hesitate to rely on this on a new system, since I don't think there has been a new version of mindi/mondo for months.
kept on a internal (cold-swap drawer) hard-drive that I would take every week (2-drawers rotation).
As long as you are keeping the disks active regularly, then that's okay. Although longer-term storage (3+ months) really should go to a media like DVD-R, or tape if you can afford it.
The drives will be used one week over 2.
Any recommendations welcome, will provide more details if needed.
The scope -- number of servers, types of users, why you need SMB and/or NFS (if you have UNIX desktops) access, CVS or Subversion details, etc...
Number of servers: 1 for the moment. The prod server will be in colo. Types of users: see above. Amount of users: ~ 10 for now, may grow up to 20 max within 24 months. Reason for SMB : file/print sharing. CVS details? What do you need to know exactly? We are using CVS over SSH, Eclipse with ssh keys being the client. The developpers work sometimes in the office, sometimes from home, connected to a vpn (the endpoint is a m0n0wall firewall). The developpers have a Xampp setup on their laptops and develop there, then test on the staging server, then put it in prod. The staging server is also the development MySQL server. I'd like to use OpenXchange to have a mail/calendar/etc solution that can work with current tools (outlook :(). The server is a dual Athlon MP 1800, 1 gB RAM, 3 ware 7006-LP card in RAID 1 with 80 gB PATA HDDs + 1(X2) 200 GB removable hard drive (this server is also a backup server for a few servers for now, but this will probably change.
Please let me know if you need more details.
Thanks for your input ;).