samba - Jul 2008 - Mutli-Homed Subnetting - Advice please

Hi All,

I have a problem with a growing network. I inherited the network at about
200 machines and it's now reached 300 at which point the cracks are
starting to show. I have no budget to speak of but need to up the
bandwitdh so I'm looking at sticking an extra Gigabit NIC into my PDC and
splitting the network into two subnets. I have two kinds of data, static
and dynamic. Static files are put there by higher rights users (teachers)
to be accessed read only by pupils. Dynamic data includes profiles and
users work.


After reading the manuals and searching the web I have a couple of questions:

1) I assume that as the NICs are on the same server (PDC & WINS)  the WINS
server part of Samba will store both NIC IPs in the wins.dat file and that
it'll answer WINS queries from both subnet without a problem. Dynamic data
will be stored on the PDC so I assume this will be easy. Am I on safe
ground here?

2) I plan to have a server on each subnet that will hold the static data
and act as BDCs relieving the load on the PDC. Effectively, the content
will be identical but as staff update data on one, is there a way of
binding the server shares together so one updates the other. I know you
can bind two drives on a unix box together with mount --bind. Has anyone
tried binding two samba shares together? Is it easier to script an rsync 
-u .

3) Finally, I need to run login scripts based on group membership but with
static data shares mounted on a different server depending on the subnet
you're on. Any tips on stacking login scripts? Can samba do this.

Any hints and tips appreciated. I have limited time to do this and set up
three web servers with limited time for testing but that's life.

Cheers,

Jools

Hi Jools,

I'm not an expert of this, but I have some ideas:

1, WINS was made exactly, what you would like to use it for. I should not
cause any problems, if you split your network to multiple subnets (as long
as you modify your firewall scripts according to the new topology). WINS is
part of nmbd, so if you set "wins support = Yes" in your smb.conf
file, you
will have a working WINS server on every interface you have nmdb listening
on. Just configure your DHCP server to give the WINS server address to the
clients (DHCP option no. 44) and WINS name resolution should work from that
on. Also, setting NetBIOS node type to "P-mode" is a good idea (DHCP
option
no. 46, set it to a value of 8). That way none of your clients will ever try
to broadcast any name resolution requests, they will send them immediately
to the WINS server, therefore causing less bandwidth usage.

2, I'm not an expert of this, but probably NFS would be the correct
solution. Dedicating a Gigabit Ethernet connection to this purpose should be
enough for ~300 users, I think.
I don't know too much about NFS drives, but as far as I know, you can mount
and use an NFS drive as if it were on the local computer. You can read more
about the NFS protocol on this site:
http://en.wikipedia.org/wiki/Network_File_System_(protocol)

3, Create logon scripts for each group and add a command to the scripts like
this:

net use Z: %LOGONSERVER%\share_name

Append the following line to the [global] section of smb.conf:

logon script = %G.bat

That way, during a user logon, the appropriate logon script will be run on
the client machine. (I have never tried it yet, but it should work).


I hope, I could help you a bit.

how congested is your network?  is the gigabit card on the server near 
100% utilization, or also are your network switches near 100% bandwidth 
utilization, or both?  are you using roaming profiles?  i'd try to 
offload some of the network load by re-directing my documents to their 
home directory so that roaming profiles doesn't have to copy that data 
at login/logoff.  if your switches are already congested, I don't think 
a 2nd nic will help much.  if you had some money you could buy more 
switches.  I like how the cisco switches handle VLANs well to break up 
networks.

use unison for the mirroring of the folders, google for it.  its like a 
2-way rsync.

i can send you some old emails from the list i saved with various 
helpful samba login scripting if you want me to forward you copies of them.

jools@oss4all.plus.com wrote:
> Hi All,
>
> I have a problem with a growing network. I inherited the network at about
> 200 machines and it's now reached 300 at which point the cracks are
> starting to show. I have no budget to speak of but need to up the
> bandwitdh so I'm looking at sticking an extra Gigabit NIC into my PDC
and
> splitting the network into two subnets. I have two kinds of data, static
> and dynamic. Static files are put there by higher rights users (teachers)
> to be accessed read only by pupils. Dynamic data includes profiles and
> users work.
>
>
> After reading the manuals and searching the web I have a couple of
questions:
>
> 1) I assume that as the NICs are on the same server (PDC & WINS)  the
WINS
> server part of Samba will store both NIC IPs in the wins.dat file and that
> it'll answer WINS queries from both subnet without a problem. Dynamic
data
> will be stored on the PDC so I assume this will be easy. Am I on safe
> ground here?
>
> 2) I plan to have a server on each subnet that will hold the static data
> and act as BDCs relieving the load on the PDC. Effectively, the content
> will be identical but as staff update data on one, is there a way of
> binding the server shares together so one updates the other. I know you
> can bind two drives on a unix box together with mount --bind. Has anyone
> tried binding two samba shares together? Is it easier to script an rsync 
> -u .
>
> 3) Finally, I need to run login scripts based on group membership but with
> static data shares mounted on a different server depending on the subnet
> you're on. Any tips on stacking login scripts? Can samba do this.
>
> Any hints and tips appreciated. I have limited time to do this and set up
> three web servers with limited time for testing but that's life.
>
> Cheers,
>
> Jools
>
>

On Mon, Jul 28, 2008 at 1:41 PM,  <jools@oss4all.plus.com> wrote:
> 1) I assume that as the NICs are on the same server (PDC & WINS)  the
WINS
> server part of Samba will store both NIC IPs in the wins.dat file and that
> it'll answer WINS queries from both subnet without a problem. Dynamic
data
> will be stored on the PDC so I assume this will be easy. Am I on safe
> ground here?
My WINS servers have 2 to 6 NICs each.  No problems there.
> 2) I plan to have a server on each subnet that will hold the static data
> and act as BDCs relieving the load on the PDC. Effectively, the content
> will be identical but as staff update data on one, is there a way of
> binding the server shares together so one updates the other. I know you
> can bind two drives on a unix box together with mount --bind. Has anyone
> tried binding two samba shares together? Is it easier to script an rsync
> -u .
I would make one machine a WINS, DNS, and PDC server with no shares
other than the logon share and possibly user homes.  Then I'd set up
two more servers that did nothing but share files, with 2 NICs in
each.  Many of my file servers have 4 NICs in them and work fine.
Complexity is the enemy of reliability - I would avoid synchronizing
shares and instead architect so that a single set of shares can be
reached by all.  NICs are cheaper than the time it takes to build
reliable synchronized file shares.
> 3) Finally, I need to run login scripts based on group membership but with
> static data shares mounted on a different server depending on the subnet
> you're on. Any tips on stacking login scripts? Can samba do this.
You can dynamically generate your logon scripts.  See here:
http://freshmeat.net/projects/exampleadvancedsambaloginscript/
> Any hints and tips appreciated. I have limited time to do this and set up
> three web servers with limited time for testing but that's life.
I've found keeping my PDC/logon servers separate from my "heavy
lifter" file servers saves me much pain; I can work on login and
authentication issues separately from load and permissions problems.
I also use DHCP to set my windows clients to "hybrid" mode.

        option netbios-dd-server 192.168.0.1;
        option netbios-node-type 8;

# 1    B-node: Broadcast - no WINS
# 2    P-node: Peer - WINS only.
# 4    M-node: Mixed - broadcast, then WINS
# 8    H-node: Hybrid - WINS, then broadcast
#  It should be obvious that this is a bit-mapped value, more info in
RFCs 1001 and 1002

  You can really clog up a network fast with broadcast name
resolution, so you want to restrict that as much as possible.

--Charlie

jools@oss4all.plus.com wrote:
> 2) I plan to have a server on each subnet that will hold the static data
> and act as BDCs relieving the load on the PDC. Effectively, the content
> will be identical but as staff update data on one, is there a way of
> binding the server shares together so one updates the other. I know you
> can bind two drives on a unix box together with mount --bind. Has anyone
> tried binding two samba shares together? Is it easier to script an rsync 
> -u .
the simple and low-end way is if you use rsync or something like that to 
synchronize the data on both servers, and keep the data on both servers 
local. Use one of them as master (writable for your staff) and the other 
one as read-only slave.

the high-end (high budget) way of doing this is to use storage that can 
be shared between multiple servers (for example a SAS or SCSI connected 
box) and use a cluster filesystem such as GFS or OCFS2 (and ideally use 
samba CTDB, then you have a real high performance, high availability 
samba cluster).

regards,
	Olivier