[CentOS] SMB server with CentOS 4

Mon Dec 5 23:58:49 UTC 2005
Bryan J. Smith <thebs413 at earthlink.net>

Ugo Bellavance <ugob at camo-route.com> wrote:
> I started reading the Samba doc, but it is rather long.

Of course.  ;->

Samba has settings to emulate just about every detail of any
release of Server Message Block (SMB) from old LAN Manager to
Windows Server 2003.  Microsoft's "canned," server-wide
settings in their server versions are usually an issue for
various clients.

Hence why most enterprises with SMB experts prefer Samba over
stock SMB in Windows Server.

> I planned on using this server as a PDC so that it is not
> too different from using their former windows 2000 server.

<anal>
FYI, the term Primary Domain Controller (PDC) is deprecated
because it refers to the legacy CIFS NT 4.0 term.  We
typically call modern CIFS/SMB, including ActiveDirectory
Services (ADS) integration, as a Domain Controller (DC). 
Although I noted that the more legacy Samba docs still call
it a PDC.
</anal>

Note that newer DC services aren't just Samba.  Samba just
provides the Windows client Remote Procedure Call (RPC)
services to the Windows clients when they access it as a file
server.  Samba can authenticate and authorize against other
services.

If you start reading a lot of Windows 2000 / ADS / Samba
schtuff, you're going to see people talking about MS Kerberos
and native Windows DC integration.  That _only_ applies when
you are integrating Samba servers with _native_ ADS DC
servers (as you've heard me say before, "making UNIX ADS'
bitch").  In your case, you're not using a native Windows ADS
DC, so Samba is the authority.

How you wish to maintain authentication and directory
services is up to you.  The Samba 3.0 By Example book gives
you a lot of "cookbook methods" to setting up LDAP Schema for
Windows clients.  You can choose to do such if you wish.  In
general, there is a _massive_ "learning curve" associated
with this, because you have to understand how Windows clients
really work at the authentication, directory and file
services level -- as well as how UNIX does.

> I'll be managing this server, which is currently a staging
> server for web development (php/mysql/cvs).

Oh.  Do you really need SMB then?  Should they be doing CVS
or Subversion/WebDAV-DeltaV check-ins instead?

> Anyone has a opinion on this, or better ideas?

Well, if you don't have native Windows ADS servers, then it's
actually pretty easy to do.  Samba can and will emulate a lot
of different RPC services for the Windows clients.  Tweaking
those settings will be all you'll need to do.

How you handle the directory services is up to you -- you can
even just use local UNIX accounts (although I don't recommend
that for future growth and more servers).  Years ago I would
have just used NIS (with Kerberos if I needed authentication
security), but since NsDS 7.1, now FDS 7.1, became available
earlier in the year, I've been recommending it (with or
without Kerberos, your choice).  Especially with the
multi-master replication.

The nice thing about building a network with NsDS is that if
your organization should force native Windows ADS on you, you
can still keep your authentication and control segmented,
while synchronizing with ADS accounts.

> My backups will be based on utilities and mondorescue,

Be careful with Mondo Rescue.  Hugo's a good guy, but his
stuff tends to not work on all systems -- just a fact that
systems differ and he can't test for everything.

> kept on a internal (cold-swap drawer) hard-drive that I
> would take every week (2-drawers rotation).

As long as you are keeping the disks active regularly, then
that's okay.  Although longer-term storage (3+ months) really
should go to a media like DVD-R, or tape if you can afford
it.

> Any recommendations welcome, will provide more details if
> needed.

The scope -- number of servers, types of users, why you need
SMB and/or NFS (if you have UNIX desktops) access, CVS or
Subversion details, etc...


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)