I'm a little new to Samba when used as more than just a simple place to mount a single user to a single share, but we're now getting ready to replace our Netware servers with Samba, and I guess that means Active Directory DC.
As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the Centos/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.
Can anyone provide insight into what they've done in this situation and whether the samba rpms are now full versions? Most of what I have found on the web is dated around when samba4 just came out of beta through a little later.
There doesn't seem to be much documentation on this subject on the web or through Amazon, so half of my time is spent searching instead of reading. A good source for reading would be appreciated as well. I can find plenty examples, just not definitive manuals.
steve campbell
On 18 Apr 2014 16:49, "Steve Campbell" campbell@cnpapers.com wrote:
As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the Centos/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.
The samba4 packages redhat provides has AD DC functionality disabled due to heimdal/MIT issues. They are also quite out of date.
To get more recent working packages look to SerNet Samba.
Thanks very much. The SerNet stuff was what I was seeing using Google, but as I mentioned, the postings were rather old.
Thanks James for the reply. steve On 4/22/2014 3:20 AM, James Hogarth wrote:
On 18 Apr 2014 16:49, "Steve Campbell" campbell@cnpapers.com wrote:
As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the Centos/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.
The samba4 packages redhat provides has AD DC functionality disabled due to heimdal/MIT issues. They are also quite out of date.
To get more recent working packages look to SerNet Samba. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I have used the informations available at samba4:
http://wiki.samba.org/index.php/Main_Page
wget ftp://ftp.samba.org/pub/samba/samba-4.1.6.tar.gz
and compiled samba4.
CentOS Version is 6.5
best regards Helmut
Viele Grüße Helmut Drodofsky
Internet XS Service GmbH Heßbrühlstraße 15 70565 Stuttgart
Geschäftsführung Dr.-Ing. Roswitha Hahn-Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774 Tel. 0711 781941 0 Fax: 0711 781941 79 Mail: info@internet-xs.de www.internet-xs.de
Am 18.04.2014 17:49, schrieb Steve Campbell:
I'm a little new to Samba when used as more than just a simple place to mount a single user to a single share, but we're now getting ready to replace our Netware servers with Samba, and I guess that means Active Directory DC.
As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the Centos/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.
Can anyone provide insight into what they've done in this situation and whether the samba rpms are now full versions? Most of what I have found on the web is dated around when samba4 just came out of beta through a little later.
There doesn't seem to be much documentation on this subject on the web or through Amazon, so half of my time is spent searching instead of reading. A good source for reading would be appreciated as well. I can find plenty examples, just not definitive manuals.
steve campbell _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Am 18.04.2014 17:49, schrieb Steve Campbell:
I'm a little new to Samba when used as more than just a simple place to mount a single user to a single share, but we're now getting ready to replace our Netware servers with Samba, and I guess that means Active Directory DC.
As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the Centos/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.
Can anyone provide insight into what they've done in this situation and whether the samba rpms are now full versions? Most of what I have found on the web is dated around when samba4 just came out of beta through a little later.
<snip> One question: why do you need samba 4? We're running 3.6.9 (the current) on CentOS 6.5, in a moderately complex environment, and we connect to AD (and kerberos, I think - I don't normally touch samba).
mark
I'm not sure why I need that. As I stated, I'm a little new to Samba and AD. For some reason, my research suggests that to get AD, I need Samba 4.
The person who manages our Netware, and who will be assuming the responsibility of managing all of this once installed wants to keep as much of the similarities between Samba and Netware as he/she can. We are replacing Netware with Samba as a file services device.
steve
On 4/22/2014 9:59 AM, m.roth@5-cent.us wrote:
Am 18.04.2014 17:49, schrieb Steve Campbell:
I'm a little new to Samba when used as more than just a simple place to mount a single user to a single share, but we're now getting ready to replace our Netware servers with Samba, and I guess that means Active Directory DC.
As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the Centos/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.
Can anyone provide insight into what they've done in this situation and whether the samba rpms are now full versions? Most of what I have found on the web is dated around when samba4 just came out of beta through a little later.
<snip> One question: why do you need samba 4? We're running 3.6.9 (the current) on CentOS 6.5, in a moderately complex environment, and we connect to AD (and kerberos, I think - I don't normally touch samba).
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Please don't top post.
Steve Campbell wrote:
On 4/22/2014 9:59 AM, m.roth@5-cent.us wrote:
Am 18.04.2014 17:49, schrieb Steve Campbell:
I'm a little new to Samba when used as more than just a simple place to mount a single user to a single share, but we're now getting ready to replace our Netware servers with Samba, and I guess that means Active Directory DC.
As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the Centos/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.
Can anyone provide insight into what they've done in this situation and whether the samba rpms are now full versions? Most of what I have found on the web is dated around when samba4 just came out of beta through a little later.
<snip> One question: why do you need samba 4? We're running 3.6.9 (the current) on CentOS 6.5, in a moderately complex environment, and we connect to AD (and kerberos, I think - I don't normally touch samba).
I'm not sure why I need that. As I stated, I'm a little new to Samba and AD. For some reason, my research suggests that to get AD, I need Samba 4.
The person who manages our Netware, and who will be assuming the responsibility of managing all of this once installed wants to keep as much of the similarities between Samba and Netware as he/she can. We are replacing Netware with Samba as a file services device.
Well, Let me assure you that, as I said, we're running the version of samba that you get when you do yum install samba with CentOS 6.5, and we've been running for quite a number of years.
mark "your federal tax dollars at work, here*"
* I work for a federal contractor at a civilian sector US federal gov't organization. I do not speak for my organization, my employer, or the view out my window (as if they'd give me a window).
The person who manages our Netware, and who will be assuming the responsibility of managing all of this once installed wants to keep as much of the similarities between Samba and Netware as he/she can.
Is that his/her same forward thinking that managed to keep you guys on netware for so long?
His/her phone is ringing, its 1980, they want their technology back:)
On Tue, Apr 22, 2014 at 9:07 AM, Steve Campbell campbell@cnpapers.com wrote:
I'm not sure why I need that. As I stated, I'm a little new to Samba and AD. For some reason, my research suggests that to get AD, I need Samba 4.
Do you want to replace AD or just interoperate with a Microsoft AD? Samba 3 will do the latter.
On 4/22/2014 2:13 PM, Les Mikesell wrote:
On Tue, Apr 22, 2014 at 9:07 AM, Steve Campbell campbell@cnpapers.com wrote:
I'm not sure why I need that. As I stated, I'm a little new to Samba and AD. For some reason, my research suggests that to get AD, I need Samba 4.
Do you want to replace AD or just interoperate with a Microsoft AD? Samba 3 will do the latter.
I'll tell you what we've got now, and how the new stuff will be used. I'm definitely not a windows type guy, and windows domains are confusing as H*** to me.
With our current netware:
We have 3 "domains". They're really not domains but we have 3 separate companies here. Based on the netware logins, you get certain volumes mapped to windows drives. The netware login scripts do the mapping. We have opted not to get a new Windows Server and whatever Netware is now.
So I guess from the Samba standpoint, the volumes are shares. This netware guy wants the ability to add new users to a "domain" that will have common mappings, and all the other stuff like specific printers attached. When the new user/machine is configured, the Windows domain is specified as well for that user.
Now understand, I don't speak windows domains, and all I've researched about Samba and what he's wanting to do sort of points to a Samba AD DC to accomplish this. I've only created individual shares using Samba and mounted those shares manually to a windows machine. That all works great (on Windows 7, XP requires a remount during every boot up).
The best thing I can come up with for now is to install Samba on a machine and see how far I can get with a test Windows machine.
My original post was about the Samba rpms that come with Centos, and I think I got the answer that it's not fully complete due to copyright infringements.
Thanks for all the help. One day I hope it all makes sense.
steve
Steve Campbell wrote:
On 4/22/2014 2:13 PM, Les Mikesell wrote:
On Tue, Apr 22, 2014 at 9:07 AM, Steve Campbell campbell@cnpapers.com wrote:
I'm not sure why I need that. As I stated, I'm a little new to Samba and AD. For some reason, my research suggests that to get AD, I need
Samba
Do you want to replace AD or just interoperate with a Microsoft AD? Samba 3 will do the latter.
I'll tell you what we've got now, and how the new stuff will be used. I'm definitely not a windows type guy, and windows domains are confusing as H*** to me.
With our current netware:
We have 3 "domains". They're really not domains but we have 3 separate companies here. Based on the netware logins, you get certain volumes mapped to windows drives. The netware login scripts do the mapping. We have opted not to get a new Windows Server and whatever Netware is now.
So I guess from the Samba standpoint, the volumes are shares. This netware guy wants the ability to add new users to a "domain" that will have common mappings, and all the other stuff like specific printers attached. When the new user/machine is configured, the Windows domain is specified as well for that user.
<snip> I'm nowhere near a samba guru, but I'd think that the AD info - that's a version of LDAP - could *say* what shares a given user mounts.
Wait, as I think of it, this is percolating through: nahhh, what you do is have three workgroups, and what they user is on gets that workgroup's shares.
mark
On 4/22/2014 2:40 PM, m.roth@5-cent.us wrote:
Steve Campbell wrote:
On 4/22/2014 2:13 PM, Les Mikesell wrote:
On Tue, Apr 22, 2014 at 9:07 AM, Steve Campbell campbell@cnpapers.com wrote:
I'm not sure why I need that. As I stated, I'm a little new to Samba and AD. For some reason, my research suggests that to get AD, I need
Samba
Do you want to replace AD or just interoperate with a Microsoft AD? Samba 3 will do the latter.
I'll tell you what we've got now, and how the new stuff will be used. I'm definitely not a windows type guy, and windows domains are confusing as H*** to me.
With our current netware:
We have 3 "domains". They're really not domains but we have 3 separate companies here. Based on the netware logins, you get certain volumes mapped to windows drives. The netware login scripts do the mapping. We have opted not to get a new Windows Server and whatever Netware is now.
So I guess from the Samba standpoint, the volumes are shares. This netware guy wants the ability to add new users to a "domain" that will have common mappings, and all the other stuff like specific printers attached. When the new user/machine is configured, the Windows domain is specified as well for that user.
<snip> I'm nowhere near a samba guru, but I'd think that the AD info - that's a version of LDAP - could *say* what shares a given user mounts.
Wait, as I think of it, this is percolating through: nahhh, what you do is have three workgroups, and what they user is on gets that workgroup's shares.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
But do the workgroups have their own login scripts on the server? That's sort of been the difference between using workgroups and domains, at least from any readings I've done so far. We actually break the "workgroups/domains" down into departmental groups.
We're a newspaper corporation. We have 3 distinct newspapers here (by law, the newspapers must be distinct). Then there's the JOA that operates over the 3 newspapers that controls finance, production (press room and the like).
Within each newspaper, there is sub-workgroups like copy desk, editors, etc that all get subsets of the mappings.
Mark, thanks for the brain work. I'm not sure Samba 4 wouldn't be the better choice. I've subscribed to SerNet and downloaded the rpms. The server isn't loaded yet with the OS, so it's still planning time. And redundancy of any type hasn't been looked at yet, but I think Samba 4 is supposed to be more mature for that.
I probably should join the samba list from here on. Just a matter of time before someone shouts OT, but the original post was not.
steve
On 4/22/2014 11:52 AM, Steve Campbell wrote:
But do the workgroups have their own login scripts on the server? That's sort of been the difference between using workgroups and domains, at least from any readings I've done so far. We actually break the "workgroups/domains" down into departmental groups.
workgroups are just groupings of peer hosts for the 'network neighborhood' view. nothing more or less. most importantly, they don't include any 'server' or centralized authentication, thats what Active Directory provides.
In Microsoft's Active Directory, you put users and systems in "OU" (Organizational Units), and each OU can have group policies and those policies can specify login scripts, these can do things like map network drives for users. Presumably, Samba's implementation of AD offers a similar facility, but I don't think the domain management tools in Samba are anywhere near as well integrated or full featured as what you get with a Windows Server system.
On 4/22/2014 3:02 PM, John R Pierce wrote:
On 4/22/2014 11:52 AM, Steve Campbell wrote:
But do the workgroups have their own login scripts on the server? That's sort of been the difference between using workgroups and domains, at least from any readings I've done so far. We actually break the "workgroups/domains" down into departmental groups.
workgroups are just groupings of peer hosts for the 'network neighborhood' view. nothing more or less. most importantly, they don't include any 'server' or centralized authentication, thats what Active Directory provides.
In Microsoft's Active Directory, you put users and systems in "OU" (Organizational Units), and each OU can have group policies and those policies can specify login scripts, these can do things like map network drives for users. Presumably, Samba's implementation of AD offers a similar facility, but I don't think the domain management tools in Samba are anywhere near as well integrated or full featured as what you get with a Windows Server system.
Another samba 4 advantage, I think: You can load and use Windows Remote Server Administration Tools (RSAT) to manage the domains. How completely? Time will tell.
steve
Le 22/04/2014 21:21, Steve Campbell a écrit :
Another samba 4 advantage, I think: You can load and use Windows Remote Server Administration Tools (RSAT) to manage the domains. How completely? Time will tell.
I think you should wait for RHEL 7 (and then CentOS 7), which will be released soon (June ?). Perhaps, it well include samba4 without anything to build from source, and a rather recent one, 4.2 ?
Better than to recompile to source, and the maintainers take care of the updates (security one are the most important).
Alain
On 4/22/2014 12:21 PM, Steve Campbell wrote:
Another samba 4 advantage, I think: You can load and use Windows Remote Server Administration Tools (RSAT) to manage the domains. How completely? Time will tell.
I'd read the EULA on those tools carefully. I would not be at all surprised that their useage is tied to having Microsoft Servers. TANSTAAFL.
On Tue, Apr 22, 2014 at 2:02 PM, John R Pierce pierce@hogranch.com wrote:
On 4/22/2014 11:52 AM, Steve Campbell wrote:
But do the workgroups have their own login scripts on the server? That's sort of been the difference between using workgroups and domains, at least from any readings I've done so far. We actually break the "workgroups/domains" down into departmental groups.
workgroups are just groupings of peer hosts for the 'network neighborhood' view. nothing more or less. most importantly, they don't include any 'server' or centralized authentication, thats what Active Directory provides.
Windows had a concept of 'domain controller' before AD, and samba 3.x should be able to emulate that for one domain and run a logon script. It might be cheaper to run 3 Centos instances (or VMs) than Netware or AD (or learn how to manage the AD emulation in samba 4).
SME server used to be pretty good at that sort of thing (small business server). You could just add users and put them in groups with the web interface and set up file shares by group. The ClearOS version might be more up to date, though. The old lanman authentication wouldn't be as secure as AD, though.
On Wed, Apr 23, 2014 at 1:25 AM, Les Mikesell lesmikesell@gmail.com wrote:
SME server used to be pretty good at that sort of thing (small business server). You could just add users and put them in groups with the web interface and set up file shares by group. The ClearOS version might be more up to date, though. The old lanman authentication wouldn't be as secure as AD, though.
+1 to Les's comments.
@ OP - if you are not averse to switching distributions, then give Zentyal (www.zentyal.org) a try; it has Samba 4.1.5 IIRC and based on Ubuntu 12.04.3 LTS.
The Zentyal folks have done a good job on the Web UI so user/group and file share management is fairly straightforward.
Recently, I migrated a 50 node setup, a mix of CentOS desktops, Linux Storage (Debian), Windows 7 Pro, OS X, from a openLDAP+Samba3 PDC setup to Samba4 AD/DC.
Much as this group has helped you, you will have to do some homework (reading + experimentation) and bring yourself up to speed on Samba4. There is a lot of documentation http://www.samba.org/samba/docs/ and wiki.samba.org.
-- Arun Khan
-
Alain Péan -
Arun Khan -
Helmut Drodofsky -
James Hogarth -
John R Pierce -
Joseph L. Casale -
Les Mikesell -
m.roth@5-cent.us -
Steve Campbell