samba - Nov 2002 - Samba newbie question...

Can Samba be used as a complete replacement for a Windows 2000 Active Directory
server? I have some vague notion that this can be accomplished by using a
combination of OpenLDAP, Samba, MIT Kerberos, and the OpenAFS file system. To
say the least, the descriptions I have found have been vague as to whether or
not I will be able to completely replace the functionality of an Active
Directory server with a similar setup.

If this is possible, could someone point me to reasonably good documentation on
the subject?

Thanks so much.
--David

On Fri, Nov 22, 2002 at 04:40:20PM -0500, daveman@bellatlantic.net
wrote:
> Can Samba be used as a complete replacement for a Windows 2000 Active
Directory server? I have some vague notion that this can be accomplished by
using a combination of OpenLDAP, Samba, MIT Kerberos, and the OpenAFS file
system. To say the least, the descriptions I have found have been vague as to
whether or not I will be able to completely replace the functionality of an
Active Directory server with a similar setup.
> 
> If this is possible, could someone point me to reasonably good
documentation on the subject?
> 
> Thanks so much.
> --David

Dave,

	I believe that you should first ask what Windows 2000 Active Directory   
features you must have before seeing what Samba can do for you. You may   
find that you have little or no need for most of the features of AD.

	If all you are looking for is a server to provide you with file shares,   
domain authentication and printer sharing. Then Samba is perfect the way   
that it is. You can create and manage a number of user accounts and   
groups, control their access create quotas for users via the built-in   
Linux/UNIX tools on whatever OS you choose.

	If you say what features you are looking to emulate, I am certain that   
more then a few of us can give you the right answers or point you in the   
correct direction.

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 -----Original Message-----
From: daveman@bellatlantic.net [mailto:daveman@bellatlantic.net]
Sent: Saturday, November 23, 2002 2:27 PM
To: samba@lists.samba.org; Robert Adkins
Subject: Re: [Samba] Samba newbie question...

   

On Fri, Nov 22, 2002 at 04:40:20PM -0500, daveman@bellatlantic.net
wrote:
> Can Samba be used as a complete replacement for a Windows 2000 Active   
Directory server? I have some vague notion that this can be accomplished   
by using a combination of OpenLDAP, Samba, MIT Kerberos, and the OpenAFS   
file system. To say the least, the descriptions I have found have been   
vague as to whether or not I will be able to completely replace the   
functionality of an Active Directory server with a similar
setup.
>
> If this is possible, could someone point me to reasonably good   
documentation on the subject?
>
> Thanks so much.
> --David
>From the number of replies I received on this,(none) it seems fair to   
assume that this is not entirely possible. Anyone able to tell me what   
the current limitations are? I would really like to set up a system using   
samba as much as possible for domain and file serving operations. I   
suppose I can supplement samba with a win2k server if I have to... ;-)

Thanks,
David

 --
 |\_/|
 (\ /)
  ) (//^\
 ( M )
(_)_(_)
 --
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Dave,

	Pick up "Using Samba" from O'Reilly. It will definitely give you
a great
base about how Samba, SMB, NMB and a brief intro into a Samba PDC. Of   
course, the information is mildly dated, such is the curse of virtually   
ALL software reference material, but the information can prove to be   
immeasurable in building a Samba server and Samba PDC.

	That book will fill you in on all of the required information for   
getting a basic Samba setup running. You would also want to take a look   
at the available online documentation that comes included with the   
release of Samba that you eventually choose.

	The best thing to do, to become familiar with the whole thing, would be   
to create a test machine and just start playing around. In order to get   
Samba and a number of other services that I use up and running, I utilize   
a number of tools. I typically start off with a GUI configuration tool,   
as that will get me a working configuration file, then I dive into the   
file and see how the structure is, which greatly assists in trouble   
shooting down the road and quick CLI edits at a later time.

	To do that, I use a combination of Webmin, which has proven very   
invaluable to me, SWAT and also the CLI. SWAT, which is accessible   
through Webmin, has a number of useful HOWTOs included within it, there   
is one on making a Samba PDC and a Samba BDC which ONLY works for a Samba   
PDC. I wouldn't recommend using SWAT to edit your smb.conf file as it   
will over write all of the options you may have put down in a working   
file and it will alter the structure of the file that you have become   
familiar with. (It happened to me and I was very unhappy with the   
result.)

	Much of the other issues, like who and what group gets to write to where   
is covered by the file permissions in Linux. To learn how to properly   
implement those, I would recommend picking up the following book, "Linux   
Administration; A Beginner's Guide", unless you are already familiar
with
 Linux and UNIX Administration. It is available at the following Link.   
 http://shop.osborne.com/cgi-bin/osborne/0072131365.html

	I picked up the Solaris version of this book and it greatly expanded my   
knowledge of UNIX in general as it is geared towards assisting Windows   
Admins hone their skills on a UNIX system. It makes some great   
comparisons that will be immeasurably helpful. (As you can tell, I can't   
recommend this reference enough.)

	Of course, if you are already quite familiar with how UNIX and Linux   
operates, then I must apologize for recommending a beginning guide. Good   
luck!

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 -----Original Message-----
From: daveman@bellatlantic.net [mailto:daveman@bellatlantic.net]
Sent: Sunday, November 24, 2002 12:53 PM
To: samba@lists.samba.org; Robert Adkins
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba newbie question...

   

On Sun, Nov 24, 2002 at 12:11:00PM -0500, Robert Adkins
wrote:
> Dave,
>
> 	I believe that you should first ask what Windows 2000 Active Directory   
    
> features you must have before seeing what Samba can do for you. You may   
    
> find that you have little or no need for most of the features of AD.
>
> 	If all you are looking for is a server to provide you with file   
shares,
> domain authentication and printer sharing. Then Samba is perfect the   
way
> that it is. You can create and manage a number of user accounts and
> groups, control their access create quotas for users via the built-in   
    
> Linux/UNIX tools on whatever OS you choose.
>
> 	If you say what features you are looking to emulate, I am certain that   
    
> more then a few of us can give you the right answers or point you in   
the
> correct direction.
>
> Regards,
> Robert Adkins II
> IT Manager/Buyer
> Impel Industries, Inc.
> Ph. 586-254-5800
> Fx. 586-254-5804
>
I definitely want to do all of what you have mentioned. I don't   
specifically need too many directory features but I do want to be able to   
have a single, replicable database of user and machine accounts. The   
things I am particularly worried about are things like the NTLOGIN folder   
on the PDC, how to tell user accounts where to find their shared   
directories and mapped drives, how to actually make these changes when   
creating a new account with samba, how to deal with MS kerberos and SAMs,   
etc... Basically, I am a being cautious about actually replacing a very   
important machine in my infrastructure without first knowing EXACTLY what   
I am doing and what any shortcomings I will run into might be. A document   
that addresses issues such as these, from my perspective, would be   
INVALUABLE to someone looking to move a domain to samba control.

Perhaps what I am really looking for this time around is a book that   
actually addresses these issues since I do have so many questions. Alas,   
that is why I joined this list. ;-)

Thanks,
David Shepard
>
>  -----Original Message-----
> From: daveman@bellatlantic.net [mailto:daveman@bellatlantic.net]
> Sent: Saturday, November 23, 2002 2:27 PM
> To: samba@lists.samba.org; Robert Adkins
> Subject: Re: [Samba] Samba newbie question...
>
>
>
> On Fri, Nov 22, 2002 at 04:40:20PM -0500, daveman@bellatlantic.net   
wrote:
> > Can Samba be used as a complete replacement for a Windows 2000 Active
    
> Directory server? I have some vague notion that this can be   
accomplished
> by using a combination of OpenLDAP, Samba, MIT Kerberos, and the   
OpenAFS
> file system. To say the least, the descriptions I have found have been   
    
> vague as to whether or not I will be able to completely replace the
> functionality of an Active Directory server with a similar setup.
> >
> > If this is possible, could someone point me to reasonably good
> documentation on the subject?
> >
> > Thanks so much.
> > --David
>
> >From the number of replies I received on this,(none) it seems fair to
    
> assume that this is not entirely possible. Anyone able to tell me what   
    
> the current limitations are? I would really like to set up a system   
using
> samba as much as possible for domain and file serving operations. I
> suppose I can supplement samba with a win2k server if I have to... ;-)
>
> Thanks,
> David
>
>  --
>  |\_/|
>  (\ /)
>   ) (//^\
>  ( M )
> (_)_(_)
>  --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
 --
 |\_/|
 (\ /)
  ) (//^\
 ( M )
(_)_(_)
 --
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

John,

	One thing that I would love to see in Swat would be an area to configure   
a PDC and or a BDC (For another Samba PDC.)

	The only other thing that I would like to see is that SWAT leaves the   
smb.conf file in some kind of structured state. I was left with a working   
smb.conf file, but it was mangled and I had some issues with seeing where   
SWAT moved some of my settings.

	All Domain related flags in one section (perhaps flagged DOMAIN   
Components)

	I really would just like to see all of the flags for a related section   
broken up from a looooong listing of all the flags and separated with   
some kind of identifier. (It doesn't have include documentation.) In   
fact, I removed all the documentation in the smb.conf file I created and   
just left the parts broken up in my own file.

	Perhaps SWAT could include a little check box to optimize the file,   
removing all non-essential text and putting everything into a single list   
and perhaps have another that will break up the list into logical   
sections. It makes it much easier for trouble-shooting from afar if you   
need to ssh into the server.

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 -----Original Message-----
From: John H Terpstra [mailto:jht@samba.org]
Sent: Monday, November 25, 2002 5:01 PM
To: Robert Adkins
Cc: daveman@bellatlantic.net; samba@lists.samba.org
Subject: RE: [Samba] Samba newbie question...

   

Robert,

Your efforts to help another user are much appreciated. It is this type   
of
help that makes open source software user friendly. The advice to check
out the HOWOT information on the SWAT home page is good as this is often
more up to date than anything else that has been published. If only we
could keep it completely up to date! :)

The Samba-Team wrote SWAT to opimise the smb.conf file for a reason. I
believe that a configuration file is a poor place for system
documentation, particularly if it can affect performance. This does not
affect small sites but those with hundreds of MS Windows PC clients will
notice a significant problem with unnecessarily large smb.conf files.

So having said that, I am looking for input from people who have an
opinion they wish to share. What is your wish list for SWAT? What new or
improved functionality should SWAT offer to make Samba more usable?

Lastly, I am looking for volunteers to help extend/change/improve SWAT.
This week is SWAT week for me. Between Wednesday and Friday I hope to
overhaul SWAT in the Samba-3.0.0 branch, I would ask for early responses.

Please email comments back to this list, and offers to help with
specifying and coding to me privately at jht@samba.org.

I will summarize comments back to this list later this week.

Cheers,
John T.

On Mon, 25 Nov 2002, Robert Adkins wrote:
> Dave,
>
> 	Pick up "Using Samba" from O'Reilly. It will definitely give
you a
great
> base about how Samba, SMB, NMB and a brief intro into a Samba PDC. Of
> course, the information is mildly dated, such is the curse of virtually
> ALL software reference material, but the information can prove to be
> immeasurable in building a Samba server and Samba PDC.
>
> 	That book will fill you in on all of the required information for
> getting a basic Samba setup running. You would also want to take a look
> at the available online documentation that comes included with the
> release of Samba that you eventually choose.
>
> 	The best thing to do, to become familiar with the whole thing, would   
be
> to create a test machine and just start playing around. In order to get
> Samba and a number of other services that I use up and running, I   
utilize
> a number of tools. I typically start off with a GUI configuration tool,
> as that will get me a working configuration file, then I dive into the
> file and see how the structure is, which greatly assists in trouble
> shooting down the road and quick CLI edits at a later time.
>
> 	To do that, I use a combination of Webmin, which has proven very
> invaluable to me, SWAT and also the CLI. SWAT, which is accessible
> through Webmin, has a number of useful HOWTOs included within it, there
> is one on making a Samba PDC and a Samba BDC which ONLY works for a   
Samba
> PDC. I wouldn't recommend using SWAT to edit your smb.conf file as it
> will over write all of the options you may have put down in a working
> file and it will alter the structure of the file that you have become
> familiar with. (It happened to me and I was very unhappy with the
> result.)
>
> 	Much of the other issues, like who and what group gets to write to   
where
> is covered by the file permissions in Linux. To learn how to properly
> implement those, I would recommend picking up the following book,   
"Linux
> Administration; A Beginner's Guide", unless you are already
familiar
with
>  Linux and UNIX Administration. It is available at the following Link.
>  http://shop.osborne.com/cgi-bin/osborne/0072131365.html
>
> 	I picked up the Solaris version of this book and it greatly expanded   
my
> knowledge of UNIX in general as it is geared towards assisting Windows
> Admins hone their skills on a UNIX system. It makes some great
> comparisons that will be immeasurably helpful. (As you can tell, I   
can't
> recommend this reference enough.)
>
> 	Of course, if you are already quite familiar with how UNIX and Linux
> operates, then I must apologize for recommending a beginning guide.   
Good
> luck!
>
> Regards,
> Robert Adkins II
> IT Manager/Buyer
> Impel Industries, Inc.
> Ph. 586-254-5800
> Fx. 586-254-5804
>
>
>  -----Original Message-----
> From: daveman@bellatlantic.net [mailto:daveman@bellatlantic.net]
> Sent: Sunday, November 24, 2002 12:53 PM
> To: samba@lists.samba.org; Robert Adkins
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Samba newbie question...
>
>
>
> On Sun, Nov 24, 2002 at 12:11:00PM -0500, Robert Adkins wrote:
> > Dave,
> >
> > 	I believe that you should first ask what Windows 2000 Active   
Directory
>
>
> > features you must have before seeing what Samba can do for you. You   
may
>
>
> > find that you have little or no need for most of the features of AD.
> >
> > 	If all you are looking for is a server to provide you with file
> shares,
> > domain authentication and printer sharing. Then Samba is perfect the
> way
> > that it is. You can create and manage a number of user accounts and
> > groups, control their access create quotas for users via the built-in
>
>
> > Linux/UNIX tools on whatever OS you choose.
> >
> > 	If you say what features you are looking to emulate, I am certain   
that
>
>
> > more then a few of us can give you the right answers or point you in
> the
> > correct direction.
> >
> > Regards,
> > Robert Adkins II
> > IT Manager/Buyer
> > Impel Industries, Inc.
> > Ph. 586-254-5800
> > Fx. 586-254-5804
> >
> I definitely want to do all of what you have mentioned. I don't
> specifically need too many directory features but I do want to be able   
to
> have a single, replicable database of user and machine accounts. The
> things I am particularly worried about are things like the NTLOGIN   
folder
> on the PDC, how to tell user accounts where to find their shared
> directories and mapped drives, how to actually make these changes when
> creating a new account with samba, how to deal with MS kerberos and   
SAMs,
> etc... Basically, I am a being cautious about actually replacing a very
> important machine in my infrastructure without first knowing EXACTLY   
what
> I am doing and what any shortcomings I will run into might be. A   
document
> that addresses issues such as these, from my perspective, would be
> INVALUABLE to someone looking to move a domain to samba control.
>
> Perhaps what I am really looking for this time around is a book that
> actually addresses these issues since I do have so many questions.   
Alas,
> that is why I joined this list. ;-)
>
> Thanks,
> David Shepard
> >
> >  -----Original Message-----
> > From: daveman@bellatlantic.net [mailto:daveman@bellatlantic.net]
> > Sent: Saturday, November 23, 2002 2:27 PM
> > To: samba@lists.samba.org; Robert Adkins
> > Subject: Re: [Samba] Samba newbie question...
> >
> >
> >
> > On Fri, Nov 22, 2002 at 04:40:20PM -0500, daveman@bellatlantic.net
> wrote:
> > > Can Samba be used as a complete replacement for a Windows 2000   
Active
>
>
> > Directory server? I have some vague notion that this can be
> accomplished
> > by using a combination of OpenLDAP, Samba, MIT Kerberos, and the
> OpenAFS
> > file system. To say the least, the descriptions I have found have   
been
>
>
> > vague as to whether or not I will be able to completely replace the
> > functionality of an Active Directory server with a similar setup.
> > >
> > > If this is possible, could someone point me to reasonably good
> > documentation on the subject?
> > >
> > > Thanks so much.
> > > --David
> >
> > >From the number of replies I received on this,(none) it seems fair
to
>
>
> > assume that this is not entirely possible. Anyone able to tell me   
what
>
>
> > the current limitations are? I would really like to set up a system
> using
> > samba as much as possible for domain and file serving operations. I
> > suppose I can supplement samba with a win2k server if I have to...   
;-)
> >
> > Thanks,
> > David
> >
> >  --
> >  |\_/|
> >  (\ /)
> >   ) (//^\
> >  ( M )
> > (_)_(_)
> >  --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>  --
>  |\_/|
>  (\ /)
>   ) (//^\
>  ( M )
> (_)_(_)
>  --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>
 --
John H Terpstra
Email: jht@samba.org

John,

	It was initially confusing to see the smb.conf file drastically changed   
from what I had been used to seeing when I opened it up in my favorite   
CLI editor. To me, that was "mangled", I should have clarified that a
bit
better.

	I do understand the need to have as small a smb.conf file as possible   
for optimized performance. However, it was a spot annoying to skim   
through the file and find things moved all around on me.

	Perhaps it is my dislike of having things optimized/configured/altered   
without being asked. (Which is a big part of my dislike for MS Server and   
Desktop products and I am sure that is something most other people   
dislike too.)

	What I would really like to see is a button that states, "If you click   
this, SWAT will optimize your smb.conf file. Doing so will alter the   
appearance, placement of options and remove all notes and documentation   
from the SWAT file. If you have already removed the documentation and   
have structured the smb.conf file to your liking, you might not wish to   
click this. Of course, doing so could quite possibly improve the   
performance of your Samba install, especially if you have hundreds of   
users."

	Having something like the above would be a very nice touch. I know that   
it would have eased my mind to have known, or had a hand in optimizing my   
smb.conf file. It just didn't sit right with me to see the file so   
drastically altered from what I had seen previously.

	I haven't checked the wizard options in Samba 2.2.6 or 2.2.7. In at   
least the 2.2.5 release of Samba, the only method I clearly saw to   
configure a PDC was by manually editing the smb.conf file. Which isn't a   
problem, however, it can be a little easier to see all of the PDC options   
right there in front of you, within a GUI tool.

	I will be upgrading to Samba 2.2.7 very soon. I just need to perform   
some testing to make sure that the transition will be very smooth for my   
network. When I am able to focus on testing 2.2.7, I will take a look at   
the wizard option and I will be able to offer some opinions.

	Sorry if I wasn't as clear as I could have been previously.

Regards,
Robert Adkins II
IT Manager/Buyer
Impel Industries, Inc.
Ph. 586-254-5800
Fx. 586-254-5804


 -----Original Message-----
From: John H Terpstra [mailto:jht@samba.org]
Sent: Monday, November 25, 2002 5:27 PM
To: samba@lists.samba.org; Robert Adkins
Cc: daveman@bellatlantic.net; samba@lists.samba.org
Subject: RE: [Samba] Samba newbie question...

   

On Mon, 25 Nov 2002, Robert Adkins wrote:
> John,
>
> 	One thing that I would love to see in Swat would be an area to   
configure
> a PDC and or a BDC (For another Samba PDC.)
Do you mean just to build an smb.conf file that will NOT be in use on the
machine you ran SWAT on?

Have you checked the Wizard option in samba-2.2.6/2.2.7? Opinions?
Recommendations?
>
> 	The only other thing that I would like to see is that SWAT leaves the
> smb.conf file in some kind of structured state. I was left with a   
working
> smb.conf file, but it was mangled and I had some issues with seeing   
where
> SWAT moved some of my settings.
Please help me to understand what you mean by "mangled" and
"structured".

Have you used 'testparm' to validate you smb.conf file. It produces all
output in the internal structure SWAT will use to re-write the optimized
smb.conf file.
>
> 	All Domain related flags in one section (perhaps flagged DOMAIN
> Components)
>
> 	I really would just like to see all of the flags for a related section
> broken up from a looooong listing of all the flags and separated with
> some kind of identifier. (It doesn't have include documentation.) In
> fact, I removed all the documentation in the smb.conf file I created   
and
> just left the parts broken up in my own file.
Why is this needed? You can always use 'testparm' to output all options
and their settings. Why not keep smb.conf as a fully optimised file with
only settings that differ from the samba default?
>
> 	Perhaps SWAT could include a little check box to optimize the file,
> removing all non-essential text and putting everything into a single   
list
> and perhaps have another that will break up the list into logical
> sections. It makes it much easier for trouble-shooting from afar if you
> need to ssh into the server.
I understand what you are trying to do, why is this better than using
'testparm'?

I want to understand the thinking behind you suggestion, not criticize   
it.

Cheers,
John T.
 ---
John H Terpstra
Email: jht@samba.org

 --
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Robert,

Thanks for taking the time to reply. Your comments will be taking into
account as SWAT gets hacked up this week.

In particular I will make sure that SWAT will issue a warning about file
optimization. Good suggestion. I think you hit the sore spot right on the
head. It is the surprise element that annoys people. I had not thought
about it enough before your explanation.

If you or anyone else has any further wish-list items for SWAT please let
me have them really soon. This will be acted on this week for samba-3.0.0
as we want to get this new update ready for release within the next month
or two.

PS: Offers to help set sepcfications and to cut code are most welcome.

- John T.
-- 
John H Terpstra
Email: jht@samba.org

A non-text attachment was scrubbed...
Name: msg.pgp
Type: application/pgp
Size: 724 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20021125/84fa2a96/msg.bin

>The Samba-Team wrote SWAT to opimise the smb.conf file for a reason. I
>believe that a configuration file is a poor place for system
>documentation, particularly if it can affect performance. This does not
>affect small sites but those with hundreds of MS Windows PC clients will
>notice a significant problem with unnecessarily large smb.conf files.
>
>So having said that, I am looking for input from people who have an
>opinion they wish to share. What is your wish list for SWAT? What new or
>improved functionality should SWAT offer to make Samba more usable?
>
>Lastly, I am looking for volunteers to help extend/change/improve SWAT.
>This week is SWAT week for me. Between Wednesday and Friday I hope to
>overhaul SWAT in the Samba-3.0.0 branch, I would ask for early responses.
>
>Please email comments back to this list, and offers to help with
>specifying and coding to me privately at jht@samba.org.
>
>I will summarize comments back to this list later this week.

Hi John, I don't actually use swat, so am not highly qualified to offer
suggestions.  Anyway, here's my two cents.  :-)

I would like to use a nice gui such as SWAT to manage my conf file, but
don't
because I have heard that it changes the structure - ordering of parameters etc.
within the conf file, as well as removing comments.