[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Switching from Server 2003 to Samba

Update: on Samba and distro change

This is all working now with much thanks to the initial advice gleaned on
this list.

I was bashing my ahead against some inexplicable issues and in desperation
I decided to try my Samba recipe on CentOS 7. As a result, I've decided
that this will be my platform of choice for this particular deployment. I'm
no guru and don't want to knock Ubuntu (which I run on all my Amazon
servers and many in-house servers), but it just seems like the Ubuntu folks
have made some little adjustments to things like certain file locations
which unless you really, really know what to look for, things break and
cannot be fixed by a lesser mortal like me. I never managed to resolve the
"getent" issue on Ubuntu that I asked about previously. That was the
deciding factor in the switch to CentOS.

Not trying to start a flame war, just sharing my experience that if anyone
else tries this, they may get better mileage on CentOS, unless they're an
expert, unlike me. Actually it was great to learn a little bit about a
different distro, since Ubuntu had become my default go-to since until this
Samba experience, given it has "just worked" for me in the past. It's kinda
interesting that I switched my desktop to Debian about 18 months back 'cos
Ubuntu (GUI desktop) broke so often I could hardly get my work done -
seemed like there was a regression in every second darn update. Is there a
pattern here? OK, maybe I am trying to start a flame war.

The only issue that really messed me around on CentOS was firewalld. Took
me a day to realize that's what was stopping me from adding Windows ACL's
to my my shares. I was a little surprised to find a firewall running that I
had not installed or activated. Oh well, I guess it's just part of a
minimal CentOS installation. Stopped firewalld and never looked back. Oh
yes, there was one other issue: CentOS struggled to install on our old HP
ML350 servers due to the RAID card - had to add a kernel parameter to load
the older drivers.

Anyway, now that my shares are working with Windows ACL's, my next step is
backup. I've opted for simple crontab with rsync  to USB HDD's, along with
autofs to mount the drives appropriately when the office manager replaces
them each day. I still need to build a nice, elegant script for this: for
now, it's ugly but it works.

And then, as a nice to have, I believe there's a way to get an equivalent
of Windows shadow copy on Linux. I'll be taking a look at that at some
point in the future.

This Samba setup, now that it appears to be viable, serves to remove
Windows Server 2003 from our 18 regional offices! I will feel a LOT more
comfortable knowing that we have Linux under the hood out there.

And one day ... one day ... I hope to Linux replace our Active Directory in
its entirety. I cannot wait for our next Micro$haft audit so that I can rub
their noses in why we suddenly have such a steep reduction in Windows
servers. bwaahaahaa ...

cheers and thanks again for all the help.

On Fri, Oct 3, 2014 at 2:41 PM, Edward Holcroft <eholcroft at mkainc.com>

> OK, so here's where this things stands right now.
> I have Ubuntu 14.04 running Samba 4.1 as a member server on my AD domain.
> I can access Windows shares, including home shares from my Windows clients
> using Windows ACL's as if accessing a Windows server.
> The Samba wiki, starting here, was very helpful:
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
> Now, I've encountered a glitch that I hope someone can help me with:
> If I do a gentent passwd, I am able to see all the users from my AD,
> EXCEPT the ones that I have created since joining this server to the
> domain. Is there I command I need to run to update the user list on the
> Ubuntu box? I don't recall doing anything special before. Just installed
> libnss-winbind and lipam-winbind and bang, getent passwd just worked, fully
> populated with AD users.
> What is interesting, is that getent group, shows these newly created users
> as added to appropriate groups, which makes it all the more perplexing to
> me.
> If I do a wbinfo -u I get a list of all domain users, including the newly
> created ones.
> If I do id smbtest1, I get "no such user". Other users (all those created
> before today) work fine e.g. id eholcroft
> uid=10019(eholcroft) gid=10004(domain users) groups=10004(domain
> users),10057(atlanta),10067(accessusers),10047(mkastaff),10078(it),10162,10001(BUILTIN\users)
> This seems to be the only issue standing between me and getting my shares
> fully functional. All users can access shares as expected, EXCEPT those
> that do not show up in getent passwd - for these users, the Windows client
> gets stuck on username and password prompt when trying to access a share
> (providing the credentials does not help)
> cheers
> ed
> On Thu, Jul 10, 2014 at 3:53 PM, Edward Holcroft <eholcroft at mkainc.com>
> wrote:
>> All,
>> The time has finally come to ditch our Micro$haft file servers as another
>> increment towards weaning ourselves of our Windows habit. For now, I have
>> to keep Active Directory in the picture, although I have managed to reduce
>> the AD server footprint from 18 servers down to 4. Corporate mindset issues
>> demand small steps.
>> Question: Is it better to go with an "appliance solution" such as FreeNAS
>> vs. distro+Samba?
>> I played around with FreeNAS a bit and while it has great automation of
>> things like AD integration (which I will need to do for now) and a great
>> web interface, it seems less flexible when it comes to e.g. backup options.
>> It seems a simple Ubuntu/Samba box gives me many options on how to handle
>> our daily backups to USB, while FreeNAS can potentially close doors to me,
>> or at least make things harder. That's just one example that I ran into.
>> So, I'd like to hear from you about experiences/pros-cons of
>> appliance-type options vs the manual way. I've tried both at a simple test
>> level. They both seem viable and I really want to like FreeNAS, but just
>> cannot seem to get comfortable with it - little glitches seem to pop up
>> that have the potential to be major sticking points. So right now I'm
>> leaning towards distro+Samba.
>> Feel free to suggest other options besides the two mentioned here.
>> Whatever solution I deploy I have to be able to use Windows ACL's on the
>> shares ... for now.
>> cheers
>> ed
>> --
>> Edward Holcroft | Madsen Kneppers & Associates Inc.
>> 11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097
>> O (770) 446-9606 | M (770) 630-0949
> --
> Edward Holcroft | Madsen Kneppers & Associates Inc.
> 11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097
> O (770) 446-9606 | M (770) 630-0949

Edward Holcroft | Madsen Kneppers & Associates Inc.
11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097
O (770) 446-9606 | M (770) 630-0949

NOTICE: This message may be confidential and/or privileged. If you are not 
the intended recipient, please notify the sender immediately then delete it 
- you should not copy or use it for any purpose or disclose its content to 
any other person. Internet communications are not secure. You should scan 
this message and any attachments for viruses. Any unauthorized use or 
interception of this e-mail is illegal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141115/c334fae8/attachment.html>