Introduction to Samba
Although you don't need to be a Samba expert to complete this tutorial, a basic knowledge of common administrative tasks is helpful, including tasks such as copying and moving files, creating user accounts, and setting permissions.
Upon completion of this tutorial you will know how to:
- Install Samba using the Redhat package manager (RPM) or by compiling the program from source.
- Configure the Samba server as a PDC (Primary Domain Controller).
- Configure the server to support roaming profiles.
- Configure the server to support netlogons.
- Create the required administrative directories on the server, and set their permissions as appropriate.
- Create user and machine (trust) accounts on the domain controller.
- Configure the client machines to join the domain.
- And troubleshoot any basic problems that may arise in the above process.
Samba is arguably one of the most successful Open Source projects ever created. It began like so many other similar projects: as a need. Andrew Tridgell needed a fileserver program for his local network that supported an old DEC protocol from Digital Pathworks. Unbeknownst to Andrew, this same protocol later became SMB--the language of Microsoft filesystems. In the 11 years since its inception, Samba has evolved into a stable, reliable product, and has been ported to numerous platforms (AIX, HP-UX, BSD, Linux, DigitalUnix, IRIX, SCO, VMS, OSF, and Solaris). Once installed and configured, Samba provides an almost seamless integration with an existing Windows networks, and for all intents and purposes from the user's perspective, is simply another Windows fileserver, printer server, or domain controller. Best of all, Samba is free and there are no traditional licensing issues to contend with. Regarding PDC functionality, the topic of this tutorial, Samba currently supports:
- Domain logon from Windows NT/2000 clients.
- User level security for Windows 9x/ME clients (Win9x/ME clients have no concept of domain-level security; they simply know how to logon to a domain controller).
- Roaming profiles.
- NT4-style system polices.
- Browse lists.
- Retrieve of user and group lists stored on a Samba PDC.
The current stable release of Samba at the time of this writing is version 2.2.3a, which is used as the basis of this tutorial. Note that the current SAMBA_2_2 CVS development tree is close to release (slated for mid-April 2002), which will become 2.2.4. Check Samba's Web site (www.samba.org) for release notes and details; if Samba 2.2.4 is avaiable, use it--it includes several important bug fixes relating to printing and domain controller functionality.
While the functionality in Samba compares favorably with Windows NT/2000 server, Samba does have some limitations you should be aware of:
- Samba cannot function in the role of a BDC (Backup Domain Controller). There is currently no way to establish a "trust" relationship between a Samba domain controller and a Windows NT/2000 controller. Having said that, Scott Merrill has devised a way to simulate a PDC/BDC environment using two Samba machines. See the Resources section for details and a URL.
- Along similar lines, Samba cannot replicate SAM (user authentication information) with a Windows NT/2000 server (or visa-versa).
- Samba cannot yet read or utilize Windows Active Directory (AD).
- Samba does not support adding users via the Windows User Manager for Domains (primarily due to the above limitations).
Stay tuned, however. Many of the above limitations (primarily the ability to talk to an AD tree and SAM replication) will vanish with Samba 3.0, which is currently in active development (release is slated for late-summer 2002). In addition to connectivity with Windows AD, Samba 3.0 will also (likely) feature: Microsoft Kerberos authentication, a completely re-written and configurable authentication subsystem, a Microsoft-like "NET" command for terminal access to a variety of network resources, improved printing support, and the usual bug fixes and stability enhancements.
For more details on the status of Samba 3.0 and other developmental projects, see www.samba.org/samba/.
On the whole, Samba is an extraordinarily efficient program, and consumes very few system resources for the amount of work it does. But like any front-line software program, it really comes down to scale--you cannot expect to run 200 Samba users off a Pentium 166 with 64MB of RAM and a 10GB IDE hard drive without complication (and a whole slew of upset users). On the other hand, that same Pentium 166 acting as a Samba file server for a small home office will probably do an admirable job given the file transfer load is light.
Generally speaking, from a hardware perspective I recommend the following:
- Lots of memory--the more the better. Every user connection spawns a Samba daemon, so the more users you plan to host off a machine, the more memory it should have.
- Disk access is critical. I've built perfectly adequate Samba file servers from old workstations (PII-400) by simply adding a SCSI subsystem and a good quality SCSI hard drive. Again, think scale--the more users you plan to serve, the higher quality your disk subsystem should be.
- My personal preference is for SMP file servers. Multiple processors do not necessarily make for a faster machine, but it does make for a machine that does not slow down under load. And when you consider the fact you can build a dual Celeron system for about the same cost as a high-end single P4 processor system, to me the choice is a no-brainer.
For the record, the hardware used to write and test this tutorial consisted of one of IBM's new xSeries servers: An xSeries model 220, dual Pentium 3 1.2GHz CPUs, an IBM ServeRAID hardware RAID controller, 1GB of SDRAM, and three 10,000 RPM 18GB hard drives in RAID5 configuration (netting approximately 36GB of useable hard disk space). The machine performed admirably in all regards, and continues to do so without error or failure.
For more details on IBM's server product line, see the eServer Developer Domain or for xSeries specific information, the xSeries Intel processor based servers site. There is also an excellent IBM Redbook titled Samba Installation, Configuration, and Sizing Guide (SG24-6004-00) that has a good section on hardware requirements and sizing.
Installing Samba and configuring it as a PDC requires that certain steps must be followed. Although the reader does not need to be a Samba expert to benefit from this tutorial, a basic knowledge of common administrative tasks such as copying and moving files, creating user accounts and setting permissions is helpful.
If you want to follow through the examples you need the following configuration and tools:
- This tutorial is based on Redhat 7.2 with all the current errata applied (see Redhat's Errata page for details). You can, of course, use any UNIX or Linux distribution you choose (heck, you can even use HP-UX or Solaris!)--just be aware that file locations and paths noted are Redhat specific. Make sure, however, that whatever distribution you choose is working as advertised before attempting to install and configure Samba.
- Working knowledge of a text editor like vi is a good skill to have and/or develop. There is a browser-based configuration tool discussed (SWAT), and information on this tool can be found in the Troubleshooting and SWAT information section.
- If you plan to compile Samba from source, which is the recommended and demonstrated approach, ensure that gcc is installed and correctly configured on your machine.