Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Samba-3 Implementation Choices

Authentication Database/Backend

Samba-3 can use an external authentication backend:

  • Winbind (external Samba or NT4/200x server).

  • External server could use Active Directory or NT4 domain.

  • Can use pam_mkhomedir.so to autocreate home directories.

  • Samba-3 can use a local authentication backend: smbpasswd , tdbsam , ldapsam

Access Control Points

Samba permits Access Control points to be set:

  • On the share itself using share ACLs.

  • On the file system using UNIX permissions on files and directories.

    Note: Can enable Posix ACLs in file system also.

  • Through Samba share parameters not recommended except as last resort.

Policies (migrate or create new ones)

Exercise great caution when making registry changes; use the right tool and be aware that changes made through NT4-style NTConfig.POL files can leave permanent changes.

  • Using Group Policy Editor (NT4).

  • Watch out for tattoo effect.

User and Group Profiles

Platform-specific, so use platform tool to change from a local to a roaming profile. Can use new profiles tool to change SIDs (NTUser.DAT).

Logon Scripts

Know how they work.

User and Group Mapping to UNIX/Linux

User and group mapping code is new. Many problems have been experienced as network administrators who are familiar with Samba-2.2.x migrate to Samba-3. Carefully study the chapters that document the new password backend behavior and the new group mapping functionality.

  • The username map facility may be needed.

  • Use net groupmap to connect NT4 groups to UNIX groups.

  • Use pdbedit to set/change user configuration.

    When migrating to LDAP backend, it may be easier to dump the initial LDAP database to LDIF, edit, then reload into LDAP.

OS-Specific Scripts/Programs May be Needed

Every operating system has its peculiarities. These are the result of engineering decisions that were based on the experience of the designer and may have side effects that were not anticipated. Limitations that may bite the Windows network administrator include:

  • Add/Delete Users: Note OS limits on size of name (Linux 8 chars, NT4 up to 254 chars).

  • Add/Delete Machines: Applied only to domain members (Note: machine names may be limited to 16 characters).

  • Use net groupmap to connect NT4 groups to UNIX groups.

  • Add/Delete Groups: Note OS limits on size and nature. Linux limit is 16 char, no spaces, and no uppercase chars ( groupadd ).

Migration Tools

Domain Control (NT4-Style) Profiles, Policies, Access Controls, Security

  • Samba: net, rpcclient, smbpasswd, pdbedit, profiles

  • Windows: NT4 Domain User Manager, Server Manager (NEXUS)

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire