Samba 3: Linux File Serving for the Active Directory Generation - Page 2

By Steven J. Vaughan-Nichols | Posted Aug 27, 2003
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Still, with this beta, Samba does have migration support for moving from NT 4 domains to a pure Samba 3 network. It's not as smooth as Active Directory Migration Tool 2, but on the other hand, it's a lot easier than moving from NT 4 to AD under Windows 2000 ever was. Of course, considering how difficult that was, this isn't saying much!

If you and your IT cohort already know Samba well, understand network management theory as well as its practice, and like to write Perl scripts in your spare time, go for it. If, however, this doesn't sound like you, the high cost of picking up that expertise will probably overshadow Samba's low cost in the short run. In the future, Samba 3-exclusive networks might work for any company, but for now, I think your best deal will be to use Samba 3 in conjunction with either your existing Domain network or an AD network.

Samba 3 and AD

Fortunately, with this beta, Samba 3 has AD support. To be more precise, you can now join your Samba 3 server to an ADS tree as a member server without requiring that AD be running in mixed mode. Instead, AD can be running in native mode. You cannot, however, run it in Server 2003 mode, a superset of native mode which requires that all servers are running the Server 2003 operating system.

For authentication purposes, you'll also need to set your AD server to support LDAP and Kerberos, which is a common enough setting. With W2K Server, LDAP interoperability with Linux LDAP Servers, typically OpenLDAP, can sometimes be troublesome. With Server 2003, however, you should have far less trouble.

On the Samba side, you'll need to pay close attention to the HOWTO file to make sure that your Kerberos processes know how to talk to AD's Kerberos server. Once they're talking, you'll need to manually enter the Samba 3 Server into AD. With that done, you'll want to add file shares and printers using Samba's — typically with the SWAT Web interface, but you can do it via the Unix command line as well. These resources should then appear in AD management consoles and to Windows 2000, XP, and 2003 clients.

What about 95, 98, or ME? Unfortunately, these operating system require the NT/LAN Manager (NTLM) challenge/response authentication protocol and AD's native mode doesn't support that. Instead, it relies entirely on Kerberos for user authentication. So to make a long story short, if you still have those operating systems on your clients, you don't want to upgrade to AD or Samba 3 using AD native mode. For better or worse, you still must use either a mixed mode or a pure domain system.

If you're determined to combine W2K Server AD with Samba 3, you might be better off exploring the use of MKS AD4Unix. AD4Unix is a plug-in for AD Server that enables Unix-related authentication and user information to be stored in AD and managed via the Microsoft Management Console (MMC).

This approach, however, is recommended only for those who know both AD and Unix administration extremely well. If you need to manage both Unix and Windows clients all the time and want one interface, this is an approach you should explore. In a typical office, though, where the goal is to simply provide cheap file and printing services via Samba to Windows users, it would be overkill.

Once you have Samba 3 and AD in place, what can you expect? Well, while your overall network resources won't be as easy to manage as they would be under Server 2003 mode, you'll still have the advantage of lower prices for your available system resources.

Samba 3, in my informal testing, dishes out files faster than W2K Server in this environment, But it's slower than Server 2003 in delivering files. Still, for software that's still in beta, running in a new mode, its performance is quite impressive, and I look forward to seeing how the official release fares on the file playing field.

Is it ready for production use? No, it's not. Is it ready for you to start testing for production? Yes, it is. And if your company needs to add file server capacity, while keeping a close eye on the budget, it's well past the time for you to start testing Samba 3. It's that good now and its promise for tomorrow is looking even better.

This feature originally appeared on Enterprise IT Planet.

Back to Enterprise Storage Forum

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter