20.8.07

Samba vs. Windows Server

Introduction:

In my current job role I work as an IT Manager for a Not for Profit company. Therefore cost of the enterprise is my main concern. The entire infrastructure used to run Windows NT Server. In time this became quite antiquated and I had to upgrade.

So my situation was to convince the powers that be that we should spend $15,000+ on MS Server licensing, or go with a "free" solution. Let’s stop for a moment and look at the Pro/Cons of an Open Source System.

Pros

  • Low Cost (nothing is free)
    • Although the software is free, there are no costs associated with the OS itself, one must realize that freely distributable Linux OS's are rarely out of the box solutions. You will likely have to spend a little time (time is money) to get the thing working just so. They are getting better and if you want to shell out for a licensed system from RedHat or Novell, you do have more "out of the box" solutions ready. It should also be noted that the licensing costs tend to be lower than Windows based servers.
  • Manageability
    • With closed source systems you tend to have less manageability. ie) usually forced to use the included management consoles and such, with open source systems, you have many options when it comes to OS add-ons (this COULD also be a bad thing).
  • customizable
    • Since the source is open, you can do pretty much anything you want with the software.
  • many available services
    • Again relating back to manageability, there are many OS add-ons you can download (WITH CAUTION)
  • Support
    • Open Source communities are great resources. That being said, one should most defiantly exhaust all other sources and read forums before posting questions. This tends to aggravate avid forum posters when basic questions that have already been answered are posted again. If you get RTFM you likely asked a question that has been answered in many different places or it was obvious you didn’t try on your own first.

Cons

  • Lack of configurability
    • Since the source is closed, you cannot do a lot of the custom configs one is able to do with open source solutions. Third party add-ons are not as available as they are with open source.
  • Cost
    • There is a price to pay for convenience. Since closed source solutions tend to be turn key or out of the box ready, you will pay for this. Licensing costs can add up and be quite hefty
  • lack of logging
    • This is more of a personal observation of mine. In the Linux/UNIX world, I just love the depth of some logging abilities. So when something goes bump in the night, its usually recorded dated and time stamped in some log somewhere.


So now I have weighted the pros and cons. The decision was quite easy for me. There are many other pros and cons, the list could be limitless, however these were they key items for me.

It came time to select a distro to use. I have used many distros, and decided that OpenSuSE would be a good release to use. Simply because of its YaST Manager. I don’t intend on working here for the rest of my life, so not knowing what kind of skills one would have who comes after me, I know SuSE has a great management interface. YaST! Let me give you this warning NOW! Use YaST or don’t use it at all! If you start making many manual edits to configs as I tend to do, this has a way of making YaST freak out and things don’t go bump in the night, but rather an earth shattering KABOOM in the day!

The SAMBA Server

  1. Install OpenSuSE on server
    • Installing SuSE is pretty straight forward. Be sure to use a good partition scheme for a server.
  2. Be sure Samba packages are selected
    • Nothing to be said here ;)
  3. Customize server environment
    • Are you going to use a login server, consolidated syslog, local security policy, configure any other services like DHCP, DNS etc... (I already had these running on another server)
  4. Customize Samba using YaST
    • Be sure to tell YaST Samba is going to be a PDC
  5. Manual edits of the /etc/samba/smb.conf
    • When it comes to setting up shares, I much prefer to edit the conf by hand. I do for most things, but as I said, this can be dangerous on OpenSuSE. Smb.conf seems to be ok with this. I will quote my smb.conf file below.
  6. adding accounts.
    • Adding accounts is easy. Be sure the user has a system account and is inserted in the right groups etc... then issue the smbpasswd -a username. The -a adds the account if not there and is ignored if it’s already there. Now set the initial user login password. This is the password used to log in the station. Note that a UNIX password is not necessary and its best if you set their login shell to /etc/nologin or /etc/false (your distro may use something different) since they will not require shell access.

Setting up the machine

  1. Add the machine account to Samba. This can be done as root for each computer. Issue the following command smbpasswd -a -m machine-name$ the $ represents a machine account.
  2. Login to the machine locally as administrator, join the domain and add the following local ADMINISTRATOR account. Since windows will not recognize root as an administrator, this must be done manually by adding a new user called domain\root with administrator privileges.
  3. Setting up a workstation from scratch is easy. If the user already has a profile on it, by joining a new domain will cause that profile to not be used and a new one generated. If you know a way to get around this, please let me know. So you will likely have to rebuild the profile on existing machines after joining the domain.
  4. Reboot and voila, you should be logging in on the domain.

If you are new to samba, I recommend some reading on UNIX permissions as these will be what’s governing your security settings by default.

Please see below for some links with good information.

In the end, this is my smb.conf.
________________________________________________
# // Samba Server Configuration File
# // Written by Ian Langdon
# // LAST UPDATE: Aug 7/2007

[global]
workgroup = institute
comment = Aquarius
netbios name = AQUARIUS
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw

map to guest = Bad User

add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$

domain logons = Yes
domain master = Yes
local master = Yes
os level = 65
preferred master = Yes
security = user

#wins support = yes

logon home =
logon path =

log level = 0

smb ports = 139

[homes]
comment = Home Directories
netbios name = Home Directories
volume = Home DirectoriesVOL
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
_________________________________________
Other shares I have removed for security reasons. Theoretically, machines can add themselves when supplied with the root credentials. I have done this once on this config, however, I like to do things my way. I guess that’s why I like to drive a manual ;)

The smb.conf has many many many options and some time with a few cups of coffee and the man page for smb.conf is in order. Making changes to the smb.conf *CAN* be done w/o restarting the service. After you have made changes and used the testparm to check your config file for problems you can use 'smbcontrol smbd reload-config'. This has worked for me, however, I am not confident that it works right. Changes can take some time to go into effect. I always prefer to '/etc/init.d/smb restart' but if you have MS Access users or people using accounting software who happen to post a batch post during this is, umm, BAD NEWS. Don’t ask, lesson learned ok!? ;)

There is a nice MINI-HOWTO located here: http://daniel.fiser.cz/?go=samba
The official Samba page is here: http://www.samba.org
amd the link to the main HOWTO is here: http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/

Have Fun and please share your experiences.
Ian.

14.8.07

Getting LPIC Level 1

Thanks for stopping by!

My intension's here are to talk about Linux. My career goal right now is to further develop my Linux skills. Although I am certified at LPIC-1, I am going to write my level 2 exams very soon.

I guess a great place to start this blog is to talk about the exam. If you are interested in LPI, perhaps you may learn something. So lets begin!

So you want to take the plunge. Maybe you are fed up with Windows stuff, maybe you just want to expand your horizons. I will tell you this, despite the flakiness of other certification tests, the LPIC is no walk in the park. There is only a 45% success rate on passing the first time. I consider myself lucky in that I am among that 45%.

The exams are designed to be exceptionally challenging and honestly, I respect that. I have worked in a career centre for a number of years now and we had the saying that every cabby in Toronto has their MCSE. Not to knock it, it HAS changed in the last few years, however the market became flooded with Microsoft Professionals.

The Linux Professional Institute has made this by design to be difficult. To get a relatively new certification recognized in the industry, you have to have good candidates emerging from it, very good ones. Otherwise there will be no respect from the industry. So if you are thinking of this, think serious. I was one of the lucky few that passed on my first go.

Each level has 2 exams. You must pass both at about 62% (see chart below). I am a great self study and did not think I needed any classes. Just give me the book! Well, on my first go, I was sorely surprised that despite my prepping, reading, rereading smooched up in a subway car, I still did not do as well as I had thought I would. I did pass.

My 101 exam I wrote in a testing centre. So it was very controlled, and organized. Its computer based testing and was just what you'd expect. My second, I wrote at Linux World at a reduced rate. That one was paper and pencil. Keep your eyes opened for group testing. Its about half the price the only down side is that you have to wait for your results. The questions are not simply multiple choice, they are much more difficult. you have:

  • Multiple Choice
  • Choose 2 (multiple choice)
  • Choose all that apply (multiple choice)
  • Fill in the blanks

It should also be noted that on the regular multiple choice questions, you often see 'All of the above' or 'none of the above' to further challenge you. The same style is used for all the exams.

Each section is weighted differently, so you had better pay attention when you are doing your studying. Here are a couple examples of what to expect.

1. You are installing software on a production server. The installation asks you to stop all file sharing for the next step. In a primary UNIX/Linux file sharing environment, which file contains a list of file systems to be shared? Fill in the blank with the full path and file name of that file.
________________________________________________________

2. After leasing a class C IP address range from a provider, you decide that you need to have 6 networks with as many hosts as possible on each network. Which of the following represents the subnet mask you should choose?

  1. 255.255.255.128
  2. 255.255.255.224
  3. 255.255.255.0
  4. 255.255.255.240
  5. 255.255.255.248

Answers are at the end of this article. As you can see they choose tough questions. On the first question you may be thinking Samba. Don’t! You have to read the questions well. They say Primarily UNIX/Linux file sharing. Think about this, Windows was not mentioned.

There are some great study materials, and I will list the ones I used. Look st the bottom of this article with the sources.

Here are the scores required to pass.

  • LPIC-1
    • 101 - 60%
    • 102 - 61.4%
  • LPIC-2
    • 201 - 60%
    • 202 - 64.61%

There is a Level 3, however I have not yet had the time to research this, as I am more concerned with Level 2 at the moment. For more detailed information you can visit, www.lpi.org/lpic

The exams were designed using a theory called Item Response Theory. I could go into great detail about this model, however its beyond the scope of this article. For more information, please see sources.

In closing, the LPIC designation I really like because its vendor neutral although DOES seem to prefer Redhat or Debian releases. In the 101 exam you have to choose between RPM and DEB packaging. So pick one and learn it well!

Good luck! If you have done your LPIC Please post your comments!

Talk to you next time.
Ian, Ian's Linux Pages.

Answers to sample questions:

  1. /etc/exports
  2. 2


Sources:

  • analysis method called Rasch IRT (Item Response Theory). Rasch ( http://en.wikipedia.org/wiki/Rasch_model)
  • LPIC1 Exam Cram 2, 2005, Que Publishing, ISBN: 0-7897-3127-4
  • LPI Linux Certification In a Nut Shell, Second Edition, 2006, O'Reily Media Inc. ISBN: 0-596-00528-8
  • www.lpi.org/lpic, Aug 12,2007
  • http://www.lpi.org/en/lpi/english/certification/faq, Aug 12, 2007