samba - Nov 2006 - Configuring interfaces for Samba-By-Example Ch 3

I have spent a solid two weeks trying to implement the "Secure Office
Networking" example in the book "Samba-3 by Example, to no avail.  In
the example, the system sets the server up as a Samba PDC, and also as a router
for two local subnets.  There are three network interfaces on the computer: eth0
for the WAN/Internet, firewalled;  eth1 & eth2 for two LAN subnets, bound to
Samba.  The linux box is also a DHCP server for the two subnets, a DNS server
for the local hosts on the two subnets, and a WINS server.

Despite following the book meticulously, I can't get DNS to work properly,
or WINS to work at all, or DHCP to give ip addresses to other clients, and i
need help.

The main differences between my setup and the one described in the book:
1) book's example envisions the company having a registered interent domain:
"abmas.us" for which the ISP provides addresses, gateways, dns
servers, forwarding servers, etc.  My system has no such externel website.  The
only address i would get from my ISP are the internet address, two dns servers,
and the one assigned to my computer.
2) book's example has a fixed IP for the internet connection on eth0.  My
system has to use DHCP to get the IP from ISP.
3) I am using Samba 3.0.23b, book is written for 3.0.20, and there is some big
difference with winbind and updating net groupmapping, that i don't quite
understand fully.


My main question right now is how to correctly configure the 3 network interface
cards -- the book gives no information on this and i'm not sure if i'm
doing it correctly.

eth0 - I think i need to configure this card for dhcp, because this is what my
ISP requires.  But is it possible to have dhcp running on one card, while the
computer runs a dhcp server for the other two cards??

eth1 & eth2 - I know they need a static IP: (192.168.1.1 in the book for
eth1, 192.168.2.1 for eth2).  But what should their gateway be set to?  The same
address (192.168.1/2.1)?  The address at the ISP which eth0 connects to?

And what should the two DNS servers be on each of these cards?  The ones which
dhcp on eth0 obtained?  Or the DNS server which will be running internally on
192.168.1.1 and 192.168.2.1?

What would i need to do differently in the dhcpd.conf & named.conf files
because I don't have an external website??

If anyone has tried to implement this same setup from Samba-By-Example i would
be very grateful for your insights.  Thank you.

Glen

OK, I know it will sound harsh and strange - but the truth is out there - 
somewhere!

On Thursday 23 November 2006 20:49, Glen Mullan wrote:
> I have spent a solid two weeks trying to implement the "Secure Office
> Networking" example in the book "Samba-3 by Example, to no avail.
In the
> example, the system sets the server up as a Samba PDC, and also as a router
> for two local subnets.  There are three network interfaces on the computer:
> eth0 for the WAN/Internet, firewalled;  eth1 & eth2 for two LAN
subnets,
> bound to Samba.  The linux box is also a DHCP server for the two subnets, a
> DNS server for the local hosts on the two subnets, and a WINS server.
Nothing too amazing in that - is there?
> Despite following the book meticulously, I can't get DNS to work
properly,
> or WINS to work at all, or DHCP to give ip addresses to other clients, and
> i need help.
OK - I feel your pain now, but what does/does not work?

What is your platform? Are you doing this on SUSE SLES9? Have you carefully 
verified that the path to all files is as intended when your distribution was 
compiled?
> The main differences between my setup and the one described in the book:
> 1) book's example envisions the company having a registered interent
> domain: "abmas.us" for which the ISP provides addresses,
gateways, dns
> servers, forwarding servers, etc.  
Right! The example is a business case in which the ISP provides a static IP 
address and hosts external DNS services. The server is also configured to do 
network address translation (NAT) so that all traffic that leaves your 
internet gateway (the server that is also the Samba host) will appear to come 
only from the external fixed IP address that connects to the ISP.
> My system has no such externel website. 
Hmmm - what do you mean by "external website"?
> The only address i would get from my ISP are the internet address, two dns
> servers, and the one assigned to my computer.
Your server will have a dynamically assigned IP Address - that will make it 
tricky to configure your firewall and NAT facility. Suggest you figure out 
how to get your internet connection, firewall and NAT working before 
embarking on all the internal services.
> 2) book's example has a fixed 
> IP for the internet connection on eth0.  My system has to use DHCP to get
> the IP from ISP. 
As I said - this will be tricky! In effect you want to use a dynamic IP 
external IP address _AND_ use NAT.  Hmmm - maybe a few others will chime in 
on that. Could be a little ambitious!
> 3) I am using Samba 3.0.23b, book is written for 3.0.20, 
> and there is some big difference with winbind and updating net
> groupmapping, that i don't quite understand fully.
I updated the on-line version of the book. You can obtain the PDF from 
http://www.samba.org/samba/docs/Samba3-ByExample.pdf and check for the 
changes.

Even so, you should be able to get Samba running without Winbind initially.
> My main question right now is how to correctly configure the 3 network
> interface cards -- the book gives no information on this and i'm not
sure
> if i'm doing it correctly.
What sort of information do you expect? I decided to NOT cover basic 
installation because every distro has its own particular methods - the book 
is intended to demonstrate the use of Samba - it was never intended to be a 
comprehensive tutorial on Linux, FreeBSD, Solaris, or any other OS.

What have I missed that really should be in there? I am willing to consider 
your suggestions.
> eth0 - I think i need to configure this card for dhcp, because this is what
> my ISP requires.  
If your ISP is only willing to provide a dynamic IP address then you do need 
to configure the eth0 as a DHCP client.
> But is it possible to have dhcp running on one card, 
> while the computer runs a dhcp server for the other two cards??
Of course it is! But how will you configure NAT on the outgoing interface? 
Without NAT your internal clients will not be able to route directly to the 
internet.
> eth1 & eth2 - I know they need a static IP: (192.168.1.1 in the book
for
> eth1, 192.168.2.1 for eth2).  But what should their gateway be set to?  The
> same address (192.168.1/2.1)?  The address at the ISP which eth0 connects
> to?
The if the server is the router to the internet and its internal interface IP 
addresses are 192.168.1.1 and 192.168.2.1 respectively, then these are the 
gateway addresses (for the respective subnetworks) to the internet.

Eth0 is the incoming gateway from the outside world. Your ISP will route 
incoming traffic from the outside world to this address.
> And what should the two DNS servers be on each of these cards?  The ones
> which dhcp on eth0 obtained? 
The DNS server you run on your system needs to forward to your ISP's DNS 
servers to look up external addresses.
> Or the DNS server which will be running  internally on 192.168.1.1 and 
192.168.2.1?

Your local network clients should point at your DNS server. That will be 
192.168.1.1 and 192.168.2.1 respectively.
> What would i need to do differently in the dhcpd.conf & named.conf
files
> because I don't have an external website??
Pleae explain. What does a web server have to do with dhcpd.conf and 
named.conf?
> If anyone has tried to implement this same setup from Samba-By-Example i
> would be very grateful for your insights.  Thank you.
I have configured dozens of sites using the example in this book - that is why 
I put it in there.

- John T.
-- 
John H Terpstra
Samba-Team Member

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971