Travel

Samba Administration Guide

Categories
Published
of 29
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Description
Samba Administration Guide Open Enterprise Server 2 SP3 May 3, 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of
Transcript
Samba Administration Guide Open Enterprise Server 2 SP3 May 3, 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals. Copyright Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. Novell, Inc South Novell Place Provo, UT U.S.A. Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/ tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners. Contents About This Guide 7 1 Overview of Samba Samba Basics Samba Functionality in OES Samba Differences in OES Software Installed with the Novell Samba Pattern Other OES Services That Work with Samba Samba Users Are Both Windows and edirectory Users Samba and NSS Volumes Samba on NSS Can Be a Good Combination for Performance Share Access Requires NSS Trustee Rights NSS Volumes Should Be Mounted as Case Insensitive for Use with Samba Web Links What s New in Samba for OES What s New (April 2013 Patches) What s New (January 2013 Patches) What s New (OES 2 Initial Release) Installing Samba for OES Samba Implementation Overview Installing the Novell Samba Components Installing Novell Samba During Initial Server Installation Installing Novell Samba After Initial Server Installation Configuring LUM and Novell Samba Running Samba in a Virtualized Environment 23 5 Configuring Samba for Novell Cluster Services Benefits of Configuring Samba for High Availability Using the Clusters Plug-In for Novell imanager or Later NCS Installation and Configuration Installing a Shared Disk Subsystem Installing the Cluster Servers Preparing the Shared Storage Creating Mount Points Cluster Resource Configuration Creating a Samba Cluster Resource Configuring Samba Load, Unload, and Monitor Scripts Setting Samba Start, Failover, and Failback Modes Editing the Samba Resource Preferred Nodes List Verifying the Samba Cluster Resource Configuration Samba Configuration Preparing the Cluster Servers Creating a Samba Share Contents 3 5.5.3 Editing the smb.conf File Bringing the Samba Cluster Resource Online Creating Samba Users and a Group for Cluster Access Creating Users and Groups for Samba Creating edirectory Users for Samba Creating an edirectory Container for User Objects Creating edirectory Users in imanager Creating a Samba Group About the Default Samba Users Group Creating an edirectory Group and Assigning Users to It Enabling the Group for Linux Access (LUM) Samba-Enabling Users with smbbulkadd Managing Samba Servers, Shares, and Users About the Samba Management Plug-in Managing the Samba Server Selecting a Samba Server to Manage Viewing General Information about the Samba Server Starting and Stopping the Samba Server Managing Samba Shares Viewing the Existing Samba Shares Creating a Samba Share Editing a Samba Share Deleting a Samba Share Managing Samba Users Adding Samba Users Removing Samba Users Typical Samba Configuration Scenarios Setting Up a Workgroup and Shares (Access Points) Creating Private Home Directories for Samba Users Creating Home Directories on Traditional Linux Volumes Creating Home Directories Using imanager Creating a Share for Group Access: NSS/NCP Example Creating a Share for Group Access: POSIX Example Aligning Samba and Novell Client Access What s Next Using Samba in OES Adding a Network Place Adding a Web Folder Mapping Drives to Shares Troubleshooting Samba I Can t Enable edirectory Users for Samba Users Can See Everyone s Home Directories Users Can t Log In to the Samba Server Users Can t See Their Home Directories Users Get Errors When Trying to Access Their Directories I Get Errors When Creating a Samba Share in imanager I Get Errors When Adding Samba Users in imanager Concurrent Samba Client Logins Are Limited Could Not Samba Enable the User Errors in imanager OES2 SP3: Samba Administration Guide 10 Security Considerations for Samba Security Implications Universal Password Samba Access vs. Novell Client Access Samba Passwords Setting a Universal Password for an Existing User Be Sure to Use Samba-Qualified Universal Password Policies Creating a New Samba-Qualified Password Policy Modifying an Existing Password Policy for Samba A Samba Caveats 73 A.1 Setting the Base Context for Samba Users A.2 LDAP Search Delays and Samba A.3 The Samba Proxy User A.4 Windows XP SP2 Wrongly Reports File Deletion A.5 Home Directory Creation Is Not Automatic A.6 Enabling Users for Samba Disables Access to NetStorage SSH Storage Locations A.7 NetBios Name for Samba Is Limited to 15 Characters in Length A.8 Use cifs Option When Mounting Samba Shares B Samba Configuration Files 77 B.1 Component Information B.1.1 Samba RPM B.1.2 The smb.conf Configuration File B.1.3 The ldap.conf Configuration File B.2 Changing the Samba Server Configuration B.2.1 Changing the Workgroup Name B.2.2 Understanding the Domain SID B.2.3 Changing the NetBios Name B.2.4 Changing the LDAP Suffix C Documentation Updates 83 Contents 5 6 OES2 SP3: Samba Administration Guide About This Guide This guide describes the Novell implementation of Samba included in Open Enterprise Server (OES) 2 Linux, and includes instructions for performing basic configuration and setup tasks. This guide includes the following sections: Overview of Samba on page 9. What s New in Samba for OES 2 on page 13 Installing Samba for OES 2 on page 17. Running Samba in a Virtualized Environment on page 23. Using Samba in OES 2 on page 61. Samba Caveats on page 73. Samba Configuration Files on page 77. Troubleshooting Samba on page 65. Audience This guide is intended for network administrators. Feedback We want to hear your comments and suggestions about this guide and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to and enter your comments there. Documentation Updates For the most recent version of this and other guides for OES 2, visit the OES 2 Documentation Web site (http://www.novell.com/documentation/oes2). Additional Documentation Samba is an Open Source initiative and has extensive documentation on the Web, including that found at Samba.org (http://www.samba.org). OES and SLES Platform References in This Guide All references to OES 2 and SLES 10 in this guide refer to the versions of those products that are released with the version of OES 2 indicated in the guide title. For example, the release of OES 2 SP3 includes SLES 10 SP4, and the references to SLES 10 refer to SLES 10 SP4 unless otherwise indicated. The Support Pack version of a release is only mentioned in those cases where the distinction is important, for example, when a support pack has a new feature not available in earlier versions. About This Guide 7 8 OES2 SP3: Samba Administration Guide 1 1Overview of Samba Samba is an open source software suite that lets Linux and other non-windows servers provide file and print services to clients that support the Microsoft SMB (Server Message Block) and CIFS (Common Internet File System) protocols. This guide focuses on the Samba implementation in Open Enterprise Server (OES) 2 Linux. For more information about the Samba open source initiative, see Section 1.4, Web Links, on page 12. This section covers the following topics: Section 1.1, Samba Basics, on page 9 Section 1.2, Samba Functionality in OES 2, on page 10 Section 1.3, Samba and NSS Volumes, on page 12 Section 1.4, Web Links, on page Samba Basics The open source Samba software is included as part of SUSE Linux Enterprise Server (SLES) 10, which is the base operating system for OES 2 services. When working with Samba in an OES 2 environment, it is important to understand the basic features of Samba and how Samba is configured on OES Linux servers. This section provides an overview of Samba s basic functionality. Section 1.2, Samba Functionality in OES 2, on page 10 explains what is different when Samba is configured for OES. Using Samba, a Linux machine can be configured as a file and print server for clients that support the SMB and CIFS protocols. Client operating systems that support SMB/CIFS include Windows, OS/2, and Mac OS X. These clients can use their familiar native interfaces to access files on OES Linux servers. For example, Samba lets Windows users access files on an OES Linux server by using Windows Explorer, My Network Places, and mapped drives. The Samba server software consists of two daemons: smbd for SMB/CIFS services and nmbd for naming services. SUSE Linux includes a kernel module that allows the integration of SMB resources at the Linux system level. You do not need to run any daemon for Samba clients. SUSE Linux includes the smbclient utility, which is a simple FTP-like SMB client that can be used on Linux systems to connect to remote SMB shares, transfer files, and send files to remote shared printers. Samba servers provide disk storage space to their clients by means of shares. A share is a directory on the server that is exported as a mount point and accessed by an assigned share name. The share provides access to the directory and its subdirectories. Shares can also be created for Windows printers, which clients can also access by their assigned share names. Samba shares and other configuration options are defined in the smb.conf file located in the /etc/samba directory. In a non-oes environment, you can edit the configuration file directly, use the management tools SUSE Linux provides in YaST, or use the browser-based SWAT (Samba Web Administration Tool) interface that is included with Samba. Overview of Samba 9 In a non-oes environment, authentication to Samba shares is controlled by means of the smbpasswd tool. This tool is used to manage user accounts and passwords on the Samba server. Samba version 3 also includes support for NT-style domain authentication. In a non-oes environment, the Linux server running Samba can be configured as a domain controller. For more information about configuring and managing Samba in a non-oes environment, see the SLES 10 Administration Guide (http://www.novell.com/documentation/sles10/sles_admin/data/ cha_samba.html). 1.2 Samba Functionality in OES 2 This section covers the following topics: Section 1.2.1, Samba Differences in OES 2, on page 10 Section 1.2.2, Software Installed with the Novell Samba Pattern, on page 11 Section 1.2.3, Other OES Services That Work with Samba, on page 11 Section 1.2.4, Samba Users Are Both Windows and edirectory Users, on page Samba Differences in OES 2 The open source Samba software described in earlier sections is installed automatically on every SLES 10 server. OES 2 uses this base Samba software, but configures it differently and installs additional software to take advantage of enhanced services available in OES 2. The main differences between base Samba on SLES 10 and OES 2 are: Samba on OES 2 is configured to use the edirectory LDAP server for secure user authentication. In order for edirectory users to be able to access shares on an OES 2 server, they must be created in a container with a Samba-compliant password policy assigned to it and be members of a group that has been properly Linux-enabled. OES 2 includes a new Samba Management plug-in for imanager that simplifies the process of enabling users for Samba access by automatically making users members of the default Samba Users group that is created for every OES 2 Samba server. See Chapter 7, Managing Samba Servers, Shares, and Users, on page 47 for more information. With OES 2, Samba shares can be created on Novell Storage Services (NSS) volumes or on NetWare Core Protocol (NCP) volumes on Linux POSIX file systems. This allows access to be controlled by the Novell Trustee Model, which offers more robust and flexible security. OES 2 does not support Samba running in NT 4 domain mode as either a primary or backup domain controller. Samba on OES 2 should be managed by using the tools provided with OES, such as the imanager Samba Management plug-in, and not the tools available in SLES 10, such as the YaST Samba Server tool and the browser-based SWAT utility. Although Samba can also provide Windows print services, OES print services are provided by iprint, not by Samba. A general overview of Samba, in context with other file services in OES, is provided in Novell Samba in the OES 2 SP3: Planning and Implementation Guide. 10 OES2 SP3: Samba Administration Guide 1.2.2 Software Installed with the Novell Samba Pattern In an OES 2 server installation, the Novell Samba pattern is available for selection in the OES Services category. Selecting this pattern installs the following packages: novell-samba-cim (Samba Management Loadable CIM Module) This package is the CIM (Common Information Model) provider required for the Samba Management plug-in for imanager. novell-samba-config (Samba Config for Novell Open Enterprise Server) This package configures Samba for integration with Novell edirectory. yast2-samba-server (YaST2 Samba Server Configuration) This package contains the YaST2 component for Samba server configuration. Selecting the Novell Samba pattern automatically selects Novell Backup/Storage Management Services (SMS), Novell Linux User Management (LUM), and Novell Remote Manager (NRM) Other OES Services That Work with Samba Depending on what you want to do with Samba, you can select other patterns from the OES Services category: Novell Cluster Services (NCS): Select this pattern if you want to include this server in a high availability cluster. Novell edirectory: Samba in OES 2 requires edirectory. Novell imanager: To manage Samba shares and users, Novell imanager must be installed on at least one server in the network. Novell NCP Server/Dynamic Storage Technology: Select this pattern if you want to create NCP volumes on NSS or on a Linux POSIX file system such as Reiser or ext3. Novell Storage Services (NSS): Select this pattern if you want to create Samba shares on NSS volumes. (NCP Server is automatically selected when you select this pattern.) IMPORTANT: You cannot select Novell Domain Services for Windows along with the Novell Samba pattern. Domain Services for Windows requires its own specialized configuration of the base Samba software, which is incompatible with the standard OES 2 Linux configuration. For more information, see the OES 2: Domain Services for Windows Administration Guide Samba Users Are Both Windows and edirectory Users As stated earlier, the purpose of Samba in OES is to allow Windows client users to access data directories on OES Linux servers. Both the Windows workstations and the OES Linux servers require authenticated access. On the Windows workstation, users log in using their Windows usernames and passwords. When they log in to the OES Linux server, they use their edirectory usernames and passwords. Samba requires that these usernames and passwords match. In other words, the Windows usernames on your network workstations and the edirectory usernames you create for Samba access must be the same and must have the same password. Overview of Samba 11 For example, if you have a Windows workstation user with the username of jsmith and password abcd*1234 that you want to be a Samba user, you must create an edirectory user with the username of jsmith and password abcd*1234. One advantage of Samba is that Windows users who have matching edirectory accounts can access shares on OES 2 servers without having the Novell Client for Windows installed on the workstation. After authenticating to Windows, users can see the Samba shares they have rights to access via native Windows interfaces, such as Windows Explorer and My Network Places. As long as the Novell NCP Server software is installed on the OES 2 server, Windows users that have the Novell Client software installed can continue to access files they have rights to on the Linux server via standard Novell interfaces, such as drive mappings. 1.3 Samba and NSS Volumes You should be aware of the following when using Samba to access NSS volumes on an OES 2 server Samba on NSS Can Be a Good Combination for Performance If you will have more than 2,000 files and folders accessed through Samba, you should consider using NSS as the underlying file system. Above that number, Samba on NSS outperforms Samba on traditional Linux volumes, such as EXT3 or ReiserFS. As you add more files and directories above the 2,000 mark, the performance advantage increases Share Access Requires NSS Trustee Rights Samba-enabled users cannot access an NSS volume using Samba until they are granted NSS trustee rights to the files and directories on that volume. Rights are automatically granted for home directories on NSS volumes that are created in imanager. For other work directories that you want to set up as Samba shares, you must grant users the appropriate access rights. OES 2 provides numerous tools for granting NSS trustee rights to users and groups. For more information, see Section 7.5, Typical Samba Configuration Scenarios, on page NSS Volumes Should Be Mounted as Case Insensitive for Use with Samba Because Windows is case insensitive, it is recommended that NSS volumes be mounted as case insensitive (Lookup Namespace set to Long) when they are to be accessed through Samba. 1.4 Web Links For more information about the origin, purposes, and functionality of Samba, refer to the following links: (http://www.samba.org) (http:// (http://www.unav.es/cti/ldap-smb/ldapsmb-2_2-howto.html) 12 OES2 SP3: Samba Administration Guide 2 2What s New in Samba for OES 2 This section outlines the new and enhanced features for Samba in a Novell Open Enterprise Server 2 (OES 2) Linux environment. Section 2.1, What s New (April 2013 Patches), on page 13 Section 2.2, What s New (January 2013 Patches), on page 13 Section 2.3, What s New (OES 2 Initial Release), on page What s New (April 2013 Patches) Upgrade to edirectory An upgrade to Novell edirectory 8.8 SP7 is available in the April 2013 Scheduled Maintenance for OES 2 SP3. For information about the edirectory upgrade, see TID (http://www.novell.com/ support/kb/doc.php?id= ) in the Novell Knowledgebase. There will be no further edirectory 8.8 SP6 patches for the O
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks