Ugo Bellavance ugob@camo-route.com wrote:
I started reading the Samba doc, but it is rather long.
Of course. ;->
Samba has settings to emulate just about every detail of any release of Server Message Block (SMB) from old LAN Manager to Windows Server 2003. Microsoft's "canned," server-wide settings in their server versions are usually an issue for various clients.
Hence why most enterprises with SMB experts prefer Samba over stock SMB in Windows Server.
I planned on using this server as a PDC so that it is not too different from using their former windows 2000 server.
<anal> FYI, the term Primary Domain Controller (PDC) is deprecated because it refers to the legacy CIFS NT 4.0 term. We typically call modern CIFS/SMB, including ActiveDirectory Services (ADS) integration, as a Domain Controller (DC). Although I noted that the more legacy Samba docs still call it a PDC. </anal>
Note that newer DC services aren't just Samba. Samba just provides the Windows client Remote Procedure Call (RPC) services to the Windows clients when they access it as a file server. Samba can authenticate and authorize against other services.
If you start reading a lot of Windows 2000 / ADS / Samba schtuff, you're going to see people talking about MS Kerberos and native Windows DC integration. That _only_ applies when you are integrating Samba servers with _native_ ADS DC servers (as you've heard me say before, "making UNIX ADS' bitch"). In your case, you're not using a native Windows ADS DC, so Samba is the authority.
How you wish to maintain authentication and directory services is up to you. The Samba 3.0 By Example book gives you a lot of "cookbook methods" to setting up LDAP Schema for Windows clients. You can choose to do such if you wish. In general, there is a _massive_ "learning curve" associated with this, because you have to understand how Windows clients really work at the authentication, directory and file services level -- as well as how UNIX does.
I'll be managing this server, which is currently a staging server for web development (php/mysql/cvs).
Oh. Do you really need SMB then? Should they be doing CVS or Subversion/WebDAV-DeltaV check-ins instead?
Anyone has a opinion on this, or better ideas?
Well, if you don't have native Windows ADS servers, then it's actually pretty easy to do. Samba can and will emulate a lot of different RPC services for the Windows clients. Tweaking those settings will be all you'll need to do.
How you handle the directory services is up to you -- you can even just use local UNIX accounts (although I don't recommend that for future growth and more servers). Years ago I would have just used NIS (with Kerberos if I needed authentication security), but since NsDS 7.1, now FDS 7.1, became available earlier in the year, I've been recommending it (with or without Kerberos, your choice). Especially with the multi-master replication.
The nice thing about building a network with NsDS is that if your organization should force native Windows ADS on you, you can still keep your authentication and control segmented, while synchronizing with ADS accounts.
My backups will be based on utilities and mondorescue,
Be careful with Mondo Rescue. Hugo's a good guy, but his stuff tends to not work on all systems -- just a fact that systems differ and he can't test for everything.
kept on a internal (cold-swap drawer) hard-drive that I would take every week (2-drawers rotation).
As long as you are keeping the disks active regularly, then that's okay. Although longer-term storage (3+ months) really should go to a media like DVD-R, or tape if you can afford it.
Any recommendations welcome, will provide more details if needed.
The scope -- number of servers, types of users, why you need SMB and/or NFS (if you have UNIX desktops) access, CVS or Subversion details, etc...