Difference between revisions of "Advanced Samba"
Line 123: | Line 123: | ||
Joined domain LEI-SALEM. | Joined domain LEI-SALEM. | ||
[root@testbed2 ~]# | [root@testbed2 ~]# | ||
− | {{Note box|You will need the admin password from your PDC to complete this step. Also, take specific note of the format of the net command above. The admin username and password MUST follow the -U flag, otherwise the command will fail. This is due to a bug in the net command in the current version of samba.}} | + | {{Note box|You will need the admin password from your PDC to complete this step. |
+ | Also, take specific note of the format of the net command above. The admin username and password MUST follow the -U flag, otherwise the command will fail. This is due to a bug in the net command in the current version of samba.}} | ||
8. At the bash prompt: | 8. At the bash prompt: |
Revision as of 19:17, 13 October 2008
Maintainer
Greg J. Zartman (greg@leiinc.com)
Description
Advanced Samba is a SME Contrib to extend SME's Samba functionality to support all standard Windows Server Roles. Out-of-the-box, SME Server supports Workgroup and Primary Domain Controller Server Roles. These, out-of-the-box, Server Roles address many Windows Network needs, but they do not provide all of the functionality available to todays typical Windows Server.
This document provides procedural and SME specific RPM(s) to configure SME Server to function in all mainstream Windows Server Roles:
1. Domain Member: In this Server Role, SME will present Ibays to a Domain as Windows Network Shares, relying on a separate Domain Controller for client/user authentication. That is, authenticated Windows Network users can access ibays on the SME Domain Member machine without needing a local user account.
2. Backup Domain Controller: In this Server Role, SME will provide all functionality available as a Domain Member, but it can also take over the role as the Domain Controller if certain network conditions exist. As with the Domain Member Server Role, it is not necessary for the Network Administrator to create user accounts on the SME Backup Domain Controller machine. SME, in this Server Role, will maintain (or replicate) a local copy of user/client authentication information from the Primary Domain Controller in the event that it needs to take on the role of Domain Controller.
3. Active Directory Domain Controller: This Server Role is very similar to the out-of-the-box SME Server Role Primary Domain Controller (PDC). In addition to those functions provided by the PDC, the SME Active Directory Domain Controller will maintain a directory of Windows Active Directory Services.
4. Active Directory Domain Member: This Server Role is nearly identical to the Domain Member Server Role except that in this Server Role, SME will have access to Active Directory Services provided by an Active Directory Server.
It should be noted that this Contrib is a work in progress. Preliminary is provided for all Server Roles and full support for a selection of them, as detailed below. In time, all Server Roles listed here in will be fully supported by this Contrib.
Prerequisites
The current releases of SME do not support Samba Server Roles directly. Modification of several core SME packages is required to support Samba Server Roles, therefore it is not possible to provide Advanced Samba functions with a typical Contrib RPM.
An effort to update the necessary Core SME packages is being tracked in the following SME bug report: http://bugs.contribs.org/show_bug.cgi?id=4172
It is the Maintainers opinion that these changes will ultimately be included in the core SME packages. When this occurs, it is very likely that this section of this contrib will go away.
Until these changes are incorporated into the core packages, patched versions of the current release SME packages will be provided as part of this contrib. It is necessary that users install these "patched" core packages to take advantage of Samba Server Roles. EVERY effort is made to provide this additional functionality without changing standard SME functionality. In other words, the patched core SME packages will not change they way SME currently functions -- the modified core packages simply provide the additional Server Role functionality.
Install necessary patched packages
1. Download the patched Server Role RPMs from my contribs repository to your local machine: http://mirror.contribs.org/contribs/gzartman/Contribs/7/Samba/
2. Install the patched rpms:
yum localinstall *.rpm
3. Reconfigure and reboot machine:
signal-event post-upgrade; signal-event reboot.
Install Advanced Samba RPMS
It is necessary to install one addition RPM prior to configuring SME Server in advanced server roles. This package provides necessary Samba functionality that may not be available in Core SME packages:
1. Download smeserver-adv-samba package to your local machine:
wget http://mirror.contribs.org/releases/7/smecontribs/i386/RPMS/smeserver-adv-samba-0.1.0-2.el4.sme.noarch.rpm
2. Install package:
yum local install smeserver-adv-samba*
3. Reconfigure machine:
signal-event post-upgrade; signal-event reboot
Configure Server Roles
As most of those familiar with SME Server know, much of configuration (management) of the SME Server can be done through the Server Manager. The current SME Server Manager provides a panel, Workgroup, which provides the Administrator the ability to configure SME Server as either a Workgroup Server of a Primary Domain Controller. NOTHING presented in this Contrib (software or documentation) will change this. We have worked to provide seamless integration of new functionality with the current SME Server -- nothing will change if you desire to stick with the standard options.
However, further functionality with respect to Samba Server Roles is provided via shell command line options (Note: It is this authors desire to add further functionality to the Server Manager with respect to Server Roles -- perhaps it will happen one day. I do understand the Development Teams desire to take a conservative stance on functionality)
Advanced Samba Server Role Support is provided as follows:
Workgroup Server
This Server Role configures SME Server to function as a member of a MS Windows Peer-To-Peer network. In order to access network shares on the SME machine when it is configured in this Server Role, users/clients must have local user accounts on the SME machine. This is the simplest of MS Network configurations. In this Server Role, SME will act as a typical Windows Client (e.g., Win 95, Win XP, Win 2000, etc.)
Configuration
Currently supported via the standard Server Manager Panel
Primary Domain Controller
This Server Role configures SME Server to function as a Windows NT4 type Domain Controller.
Configuration
Currently supported via the standard Server Manager Panel
Domain Member
In this Server Mode, SME Server will act as a File and/or Print Server to an existing Windows Network Domain. User/Client accounts on the local machine are not required to access Domain Member resources (shares). Ibays created will be presented as standard Windows shares.
Configuration
1. Open a shell (bash) session and log into your SME box with root access.
2. At the bash prompt:
config setprop smb ServerName machine_name_of_domain_member_box
3. At the bash prompt:
config setprop smb ServerRole DM
4. At the bash prompt:
config setprop smb WINSServer ip_address_of_domain_PDC
5. Verify settings:
config show smb
Should show you an output similar to this:
[root@testbed ~]# config show smb smb=service DeadTime=10080 DomainMaster=no KeepVersions=disabled OpLocks=enabled OsLevel=35 RecycleBin=disabled RoamingProfiles=no ServerName=testbed2 ServerRole=DM ShadowCount=10 ShadowDir=/home/e-smith/files/.shadow UnixCharSet=UTF8 UseClientDriver=yes WINSServer=90.0.0.20 Workgroup=lei-salem status=enabled
6. At bash prompt:
signal-event workgroup-update
For example:
[root@testbed2 ~]# signal-event workgroup-update
7. At the bash prompt:
net rpc join -U admin%pdc_admin_password
Output:
[root@testbed2 ~]# net rpc join -U admin%pdc_admin_password Joined domain LEI-SALEM. [root@testbed2 ~]#
8. At the bash prompt:
signal-event workgroup-update.
Your SME Domain Client box shares should now be accessable.
Backup Domain Controller
Preliminary support for this Server Mode Only. DO NOT TO ATTEMPT to deploy this Server Role on SME Server unless you are very experienced with SME Server.
SME Server support for this Server Role is coming soon.
Please report all bugs and comments to the bug tracker. Thank you.
Active Directory Domain Controller
Preliminary support for this Server Mode Only. DO NOT TO ATTEMPT to deploy this Server Role on SME Server unless you are very experienced with SME Server.
SME Server support for this Server Role is coming soon.
Please report all bugs and comments to the bug tracker. Thank you.
Active Directory Domain Member
Preliminary support for this Server Mode Only. DO NOT TO ATTEMPT to deploy this Server Role on SME Server unless you are very experienced with SME Server.
SME Server support for this Server Role is coming soon.
Please report all bugs and comments to the bug tracker. Thank you.
Known Issues
TO DO
Bugs
Please raise bugs under the SME-Contribs section in bugzilla .