DOCSLIB.ORG

Samba-3 by Example

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Samba-3 by Example Practical Exercises in Successful Samba Deployment John H. Terpstra May 27, 2009 ABOUT THE COVER ARTWORK The cover artwork of this book continues the freedom theme of the first edition of \Samba-3 by Example". The history of civilization demonstrates the fragile nature of freedom. It can be lost in a moment, and once lost, the cost of recovering liberty can be incredible. The last edition cover featured Alfred the Great who liberated England from the constant assault of Vikings and Norsemen. Events in England that finally liberated the common people came about in small steps, but the result should not be under-estimated. Today, as always, freedom and liberty are seldom appreciated until they are lost. If we can not quantify what is the value of freedom, we shall be little motivated to protect it. Samba-3 by Example Cover Artwork: The British houses of parliament are a symbol of the Westminster system of government. This form of government permits the people to govern themselves at the lowest level, yet it provides for courts of appeal that are designed to protect freedom and to hold back all forces of tyranny. The clock is a pertinent symbol of the importance of time and place. The information technology industry is being challenged by the imposition of new laws, hostile litigation, and the imposition of significant constraint of practice that threatens to remove the freedom to develop and deploy open source software solutions. Samba is a software solution that epitomizes freedom of choice in network interoperability for Microsoft Windows clients. I hope you will take the time needed to deploy it well, and that you may realize the greatest benefits that may be obtained. You are free to use it in ways never considered, but in doing so there may be some obstacles. Every obstacle that is overcome adds to the freedom you can enjoy. Use Samba well, and it will serve you well. vii ACKNOWLEDGMENTS Samba-3 by Example would not have been written except as a result of feedback provided by reviewers and readers of the book The Official Samba- 3 HOWTO and Reference Guide. This second edition was made possible by generous feedback from Samba users. I hope this book more than answers the challenge and needs of many more networks that are languishing for a better networking solution. I am deeply indebted to a large group of diligent people. Space prevents me from listing all of them, but a few stand out as worthy of mention. Jelmer Vernooij made the notable contribution of building the XML production environment and thereby made possible the typesetting of this book. Samba would not have come into existence if Andrew Tridgell had not taken the first steps. He continues to lead the project. Under the shadow of his mantle are some great folks who never give up and are always ready to help. Thank you to: Jeremy Allison, Jerry Carter, Andrew Bartlett, Jelmer Vernooij, Alexander Bokovoy, Volker Lendecke, and other team members who answered my continuous stream of questions | all of which resulted in improved content in this book. My heartfelt thanks go out also to a small set of reviewers (alphabetically listed) who gave substantial feedback and significant suggestions for im- provement: Tony Earnshaw, William Enestvedt, Eric Hines, Roland Gru- ber, Gavin Henry, Steven Henry, Luke Howard, Tarjei Huse, Jon Johnston, Alan Munter, Mike MacIsaac, Scott Mann, Ed Riddle, Geoff Scott, Santos Soler, Misty Stanley-Jones, Mark Taylor, and J´er^omeTournier. My appreciation is extended to a team of more than 30 additional reviewers who helped me to find my way around dark corners. Particular mention is due to Lyndell, Amos, and Melissa who gave me the latitude necessary to spend nearly an entire year writing Samba documen- tation, and then gave more so this second edition could be created. viii CONTENTS Contents ABOUT THE COVER ARTWORK vii ACKNOWLEDGMENTS viii LIST OF EXAMPLES xix LIST OF FIGURES xxv LIST OF TABLES xxvii FOREWORD xxix PREFACE xxxii Part I Example Network Configurations xli EXAMPLE NETWORK CONFIGURATIONS1 Chapter1 NO-FRILLS SAMBA SERVERS3 1.1 Introduction3 1.2 Assignment Tasks4 1.2.1 Drafting Office4 1.2.1.1 Dissection and Discussion5 1.2.1.2 Implementation6 1.2.1.3 Validation7 1.2.2 Charity Administration Office9 1.2.2.1 Dissection and Discussion 10 1.2.2.2 Implementation 11 1.2.2.3 Validation 19 1.2.3 Accounting Office 19 1.2.3.1 Dissection and Discussion 20 1.2.3.2 Implementation 20 1.3 Questions and Answers 25 ix x Contents Chapter2 SMALL OFFICE NETWORKING 29 2.1 Introduction 30 2.1.1 Assignment Tasks 30 2.2 Dissection and Discussion 31 2.2.1 Technical Issues 31 2.2.2 Political Issues 33 2.3 Implementation 33 2.3.1 Validation 39 2.3.2 Notebook Computers: A Special Case 44 2.3.3 Key Points Learned 44 2.4 Questions and Answers 45 Chapter3 SECURE OFFICE NETWORKING 53 3.1 Introduction 53 3.1.1 Assignment Tasks 54 3.2 Dissection and Discussion 56 3.2.1 Technical Issues 56 3.2.1.1 Hardware Requirements 59 3.2.2 Political Issues 61 3.3 Implementation 61 3.3.1 Basic System Configuration 63 3.3.2 Samba Configuration 66 3.3.3 Configuration of DHCP and DNS Servers 71 3.3.4 Printer Configuration 72 3.3.5 Process Startup Configuration 74 3.3.6 Validation 75 3.3.7 Application Share Configuration 84 3.3.7.1 Comments Regarding Software Terms of Use 85 3.3.8 Windows Client Configuration 86 3.3.9 Key Points Learned 88 3.4 Questions and Answers 89 Chapter4 THE 500-USER OFFICE 105 4.1 Introduction 106 4.1.1 Assignment Tasks 107 4.2 Dissection and Discussion 108 4.2.1 Technical Issues 108 4.2.2 Political Issues 110 4.3 Implementation 110 4.3.1 Installation of DHCP, DNS, and Samba Control Files 110 Contents xi 4.3.2 Server Preparation: All Servers 110 4.3.3 Server-Specific Preparation 115 4.3.3.1 Configuration for Server: MASSIVE 116 4.3.3.2 Configuration Specific to Domain Member Servers: BLDG1, BLDG2 120 4.3.4 Process Startup Configuration 121 4.3.5 Windows Client Configuration 125 4.3.6 Key Points Learned 127 4.4 Questions and Answers 128 Chapter5 MAKING HAPPY USERS 143 5.1 Regarding LDAP Directories and Windows Computer Accounts147 5.2 Introduction 147 5.2.1 Assignment Tasks 149 5.3 Dissection and Discussion 149 5.3.1 Technical Issues 152 5.3.1.1 Addition of Machines to the Domain 154 5.3.1.2 Roaming Profile Background 155 5.3.1.3 The Local Group Policy 156 5.3.1.4 Profile Changes 156 5.3.1.5 Using a Network Default User Profile 156 5.3.1.6 Installation of Printer Driver Auto-Download 157 5.3.1.7 Avoiding Failures: Solving Problems Before They Happen 158 5.3.2 Political Issues 165 5.3.3 Installation Checklist 165 5.4 Samba Server Implementation 167 5.4.1 OpenLDAP Server Configuration 168 5.4.2 PAM and NSS Client Configuration 170 5.4.3 Samba-3 PDC Configuration 173 5.4.4 Install and Configure Idealx smbldap-tools Scripts 176 5.4.4.1 Installation of smbldap-tools from the Tarball 177 5.4.4.2 Installing smbldap-tools from the RPM Pack- age 178 5.4.4.3 Configuration of smbldap-tools 180 5.4.5 LDAP Initialization and Creation of User and Group Accounts 183 5.4.6 Printer Configuration 196 5.5 Samba-3 BDC Configuration 198 5.6 Miscellaneous Server Preparation Tasks 203 xii Contents 5.6.1 Configuring Directory Share Point Roots 203 5.6.2 Configuring Profile Directories 204 5.6.3 Preparation of Logon Scripts 205 5.6.4 Assigning User Rights and Privileges 206 5.7 Windows Client Configuration 208 5.7.1 Configuration of Default Profile with Folder Redirection209 5.7.2 Configuration of MS Outlook to Relocate PST File 210 5.7.3 Configure Delete Cached Profiles on Logout 214 5.7.4 Uploading Printer Drivers to Samba Servers 214 5.7.5 Software Installation 216 5.7.6 Roll-out Image Creation 217 5.8 Key Points Learned 217 5.9 Questions and Answers 218 Chapter6 A DISTRIBUTED 2000-USER NETWORK 233 6.1 Introduction 234 6.1.1 Assignment Tasks 234 6.2 Dissection and Discussion 235 6.2.1 Technical Issues 236 6.2.1.1 User Needs 237 6.2.1.2 The Nature of Windows Networking Protocols238 6.2.1.3 Identity Management Needs 240 6.2.2 Political Issues 243 6.3 Implementation 243 6.3.1 Key Points Learned 250 6.4 Questions and Answers 250 Part II Domain Members, Updating Samba and Migra- tion 263 DOMAIN MEMBERS, UPDATING SAMBA AND MIGRA- TION 265 Chapter7 ADDING DOMAIN MEMBER SERVERS AND CLIENTS 267 7.1 Introduction 267 7.1.1 Assignment Tasks 268 7.2 Dissection and Discussion 269 7.2.1 Technical Issues 269 Contents xiii 7.2.2 Political Issues 272 7.3 Implementation 272 7.3.1 Samba Domain with Samba Domain Member Server | Using NSS LDAP 273 7.3.2 NT4/Samba Domain with Samba Domain Member Server: Using NSS and Winbind 280 7.3.3 NT4/Samba Domain with Samba Domain Member Server without NSS Support 284 7.3.4 Active Directory Domain with Samba Domain Mem- ber Server 285 7.3.4.1 IDMAP RID with Winbind 298 7.3.4.2 IDMAP Storage in LDAP using Winbind 300 7.3.4.3 IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension 304 7.3.5 UNIX/Linux Client Domain Member 305 7.3.5.1 NT4 Domain Member 307 7.3.5.2 ADS Domain Member 307 7.3.6 Key Points Learned 308 7.4 Questions and Answers 309 Chapter8 UPDATING SAMBA-3 323 8.1 Introduction 324 8.1.1 Cautions and Notes 325 8.1.1.1 Security Identifiers (SIDs) 325 8.1.1.2 Change of hostname 329 8.1.1.3 Change of Workgroup (Domain) Name 330 8.1.1.4 Location of config files 330 8.1.1.5 International Language Support 332 8.1.1.6 Updates and Changes in Idealx smbldap-tools 332 8.2 Upgrading from Samba 1.x and 2.x to Samba-3 333 8.2.1 Samba 1.9.x and 2.x Versions Without LDAP 333 8.2.2 Applicable to All Samba 2.x to Samba-3 Upgrades 335 8.2.3 Samba-2.x with LDAP Support 336 8.3 Updating
Recommended publications
  • Today's Howtos Today's Howtos

    Today's Howtos Today's Howtos

    Published on Tux Machines (http://www.tuxmachines.org) Home > content > today's howtos today's howtos By Roy Schestowitz Created 09/12/2020 - 5:46am Submitted by Roy Schestowitz on Wednesday 9th of December 2020 05:46:15 AM Filed under HowTos [1] How to Install Nginx with Google PageSpeed on Ubuntu 20.04 [2] Nginx is a free and open-source web server that powers many sites on the internet. It can be used as a reverse proxy and load balancer. It is known for its high-performance and stability. ngx_pagespeed is an open-source Nginx module that can be used to optimize your website performance. It is developed by Google and reduces the page load time and speed up the website response time. Install and Configure ZFS on FreeBSD ? Linux Hint [3] This article will demonstrate how to set up FreeBSD 12.0, the latest version, on Zettabyte File System, or ZFS. The method we?ll employ is going to use BSDinstall and consequently allocate all of the disks to host the FreeBSD system. How to Share Files Between Windows and Linux [4] File sharing is the action of sending a file or more from one computer to another. In theory, it?s a simple thing. The process is quite simple and straightforward if both of the computers are running the same operating system. When it?s different, things get a bit complicated. How To Install Firefox on CentOS 8 - idroot [5] In this tutorial, we will show you how to install Firefox on CentOS 8. For those of you who didn?t know, Firefox is the default web browser in a number of Linux distributions and CentOS is one of them.
  • Mcafee Foundstone Fsl Update

    Mcafee Foundstone Fsl Update

    2017-JUL-27 FSL version 7.5.946 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 22152 - (JSA10802) Juniper Junos Insufficient Authentication Security Bypass Vulnerability Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-10601 Description A security-bypass vulnerability is present in some versions of Juniper Junos OS. Observation Juniper Junos OS is an operating system used in Juniper devices. A security-bypass vulnerability is present in some versions of Juniper Junos OS. The flaw lies in the Juniper Junos OS. Successful exploitation could allow a remote attacker to bypass authentication and gain access on the target system. 22161 - (JSA10791) Juniper Junos SRX Hardcoded Credentials Vulnerability Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-2343 Description An information disclosure vulnerability is present in some versions of Juniper Junos OS. Observation Juniper Junos OS is an operating system used in Juniper devices. An information disclosure vulnerability is present in some versions of Juniper Junos OS. The flaw lies in the UserFW services authentication API. Successful exploitation could allow an unauthenticated, remote attacker to gain access to sensitive information. 141631 - Red Hat Enterprise Linux RHSA-2017-1798 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-7895 Description The scan detected that the host is missing the following update: RHSA-2017-1798 Observation Updates often remediate critical security problems that should be quickly addressed.
  • CIFS/NFS) Administrator's Guide

    CIFS/NFS) Administrator's Guide

    Hitachi Data Ingestor File System Protocols (CIFS/NFS) Administrator's Guide Product Version Getting Help Contents MK-90HDI035-13 © 2013- 2015 Hitachi, Ltd. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or stored in a database or retrieval system for any purpose without the express written permission of Hitachi, Ltd. Hitachi, Ltd., reserves the right to make changes to this document at any time without notice and assume no responsibility for its use. This document contains the most current information available at the time of publication. When new or revised information becomes available, this entire document will be updated and distributed to all registered users. Some of the features described in this document might not be currently available. Refer to the most recent product announcement for information about feature and product availability, or contact Hitachi Data Systems Corporation at https://portal.hds.com. Notice: Hitachi, Ltd., products and services can be ordered only under the terms and conditions of the applicable Hitachi Data Systems Corporation agreements. he use of Hitachi, Ltd., products is governed by the terms of your agreements with Hitachi Data Systems Corporation. Hitachi is a registered trademark of Hitachi, Ltd., in the United States and other countries. Hitachi Data Systems is a registered trademark and service mark of Hitachi, Ltd., in the United States and other countries. Archivas, Essential NAS Platform, HiCommand, Hi-Track, ShadowImage, Tagmaserve, Tagmasoft, Tagmasolve, Tagmastore, TrueCopy, Universal Star Network, and Universal Storage Platform are registered trademarks of Hitachi Data Systems Corporation.
  • KC Administrator Manual Release 8.0.0

    KC Administrator Manual Release 8.0.0

    KC Administrator Manual Release 8.0.0 Kopano BV Jul 01, 2021 Contents 1 Abstract 2 2 Introduction 3 2.1 Intended Audience..........................................3 2.2 Architecture.............................................3 2.3 Components.............................................4 2.4 Protocols and Connections......................................5 3 Installing 6 3.1 System Requirements........................................6 3.2 Installation..............................................9 3.3 Troubleshooting Installation Issues................................. 11 3.4 SSL.................................................. 12 4 Upgrading 14 4.1 Preparing............................................... 14 4.2 Creating backups........................................... 15 4.3 KC 8 dependencies.......................................... 16 4.4 Performing the Upgrade on RPM based distributions........................ 16 4.5 Performing the Upgrade on Debian based distributions....................... 16 4.6 Finalizing the upgrade........................................ 18 5 Configure KC Components 20 5.1 Configure the Kopano Server.................................... 20 5.2 Configure Kopano Konnect..................................... 27 5.3 Configure Kopano Kraph....................................... 30 5.4 Configure the Kopano Spooler.................................... 31 5.5 Configure Kopano Caldav...................................... 32 5.6 Configure Kopano Gateway (IMAP and POP3)........................... 33 5.7 Configure Kopano Quota Manager.................................
  • Getting Ready for Samba4

    Getting Ready for Samba4

    Getting Ready for Samba4 Samba Team member Andrew Bartlett explores the world of Samba4, its development status, what you can (and can’t) do with Samba4, and — most importantly– when you can expect to start using Samba4 in a production environment. Andrew Bartlett Thursday, April 3rd, 2008 Ever wanted to run an Active Directory Domain Controller on your Linux server? Did you run a Samba 3.0 DC, but had to move to Active Directory, or worried you might need to? Interested in the leading edge of Samba development, and wondering what the preceding questions mean? Without Samba, Linux, Windows and Macintosh computers could not share files and printers with each other, and networks of windows computers could only use Microsoft’s products to implement consistent user names and passwords across an organisation, something known as domain control. Since Samba was last covered by Linux Magazine in 2002, it seems the whole world has changed. Yet for members of the Samba Team the task remains to provide the Free Software community with a solid implementation of the Common Internet File System (CIFS) protocol, and with that a bridge into the Windows world. It is in that pursuit of interoperability that the Samba Team has continued, soon (at the time of writing) releasing version 3.2.0 of Samba, and alpha releases of Samba4. But Samba4 is more than just a new version of Samba, and more akin to a new development effort. Largely rewritten to handle the problems of interacting with modern versions of Microsoft’s Windows suite, Samba4 has been a storehouse of testing and innovation.
  • Univerzita Pardubice Fakulta Elektrotechniky a Informatiky

    Univerzita Pardubice Fakulta Elektrotechniky a Informatiky

    Univerzita Pardubice Fakulta elektrotechniky a informatiky Multiplatformní správa uživatelských účtů Bubák Miroslav Bakalářská práce 2008 ZDE BUDE ZADÁNÍ ZDE BUDE ZADÁNÍ Souhrn Tato bakalářská práce se zabývá centralizovanou správou uživatelských účtů. Má za cíl navrhnout nekomerční řešení pro malé/střední firmy. Popsáno je několik nejrozšířenějších metod pro uložení informací o uživateli na straně serveru. Klíčová slova multipatformní, uživatelský účet, LDAP, Samba, správa Title Multiplatform user accounts management Abstract This bachelor work deals with central user accounts management. It aims to project noncommercial solution which could be used in small/middle company. This paper describes the most common methods used to store user informations on the server side. Keywords multipatform, user accounts, LDAP, Samba, management Obsah Úvod..............................................................................................................................9 1. Teoretický rozbor....................................................................................................10 1.1. Co ukládat – informace o uživateli.................................................................10 1.1.1. Unix.........................................................................................................10 1.1.2. Windows..................................................................................................10 1.1.3. Společné informace.................................................................................11 1.2. Možnosti
  • Chapter 2: Installing Samba on a Unix System

    Chapter 2: Installing Samba on a Unix System

    ,ch02.26865 Page 31 Friday, November 19, 1999 3:28 PM Chapter 2 2 Installing Samba on a Unix System Now that you know what Samba can do for you and your users, it’s time to get your own network set up. Let’s start with the installation of Samba itself on a Unix system. When dancing the samba, one learns by taking small steps. It’s just the same when installing Samba; we need to teach it step by step. This chapter will help you to start off on the right foot. For illustrative purposes, we will be installing the 2.0.4 version of the Samba server on a Linux* system running version 2.0.31 of the kernel. However, the installation steps are the same for all of the platforms that Samba supports. A typical installa- tion will take about an hour to complete, including downloading the source files and compiling them, setting up the configuration files, and testing the server. Here is an overview of the steps: 1. Download the source or binary files. 2. Read the installation documentation. 3. Configure a makefile. 4. Compile the server code. 5. Install the server files. 6. Create a Samba configuration file. 7. Test the configuration file. 8. Start the Samba daemons. 9. Test the Samba daemons. * If you haven’t heard of Linux yet, then you’re in for a treat. Linux is a freely distributed Unix-like oper- ating system that runs on the Intel x86, Motorola PowerPC, and Sun Sparc platforms. The operating sys- tem is relatively easy to configure, extremely robust, and is gaining in popularity.
  • Linux Networking Cookbook.Pdf

    Linux Networking Cookbook.Pdf

    Linux Networking Cookbook ™ Carla Schroder Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Linux Networking Cookbook™ by Carla Schroder Copyright © 2008 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Indexer: John Bickelhaupt Production Editor: Sumita Mukherji Cover Designer: Karen Montgomery Copyeditor: Derek Di Matteo Interior Designer: David Futato Proofreader: Sumita Mukherji Illustrator: Jessamyn Read Printing History: November 2007: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Cookbook series designations, Linux Networking Cookbook, the image of a female blacksmith, and related trade dress are trademarks of O’Reilly Media, Inc. Java™ is a trademark of Sun Microsystems, Inc. .NET is a registered trademark of Microsoft Corporation. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
  • Samba's AD DC: Samba 4.2 and Beyond

    Samba's AD DC: Samba 4.2 and Beyond

    Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me ● Andrew Bartlett ● Samba Team member since 2001 ● Working on the AD DC since 2006 ● These views are my own, but I do with to thank: – My employer: Catalyst – My fellow Samba Team members Open Source Technologies Samba's AD DC ● The combination of many years work – File server – Print server – Active Directory Domain controller – (and many other features) ● First Release Dec 2012 ● Now on the road to Samba 4.2 – Due for RC1 on Monday Sep 22 Re-opening the heart of the network ● Samba's AD DC brings open source to the heart of the network again ● Samba has long provided a Domain Controller – But without support for Group Policy and other AD features like Kerberos ● Organizations again have a practical choice other than Microsoft Windows The flexibility to innovate ● Open Source lets you do more ● Just as Samba is in many NAS devices, including NETGEAR's ReadyNAS ● Samba inside Catalyst's print server – No CALs, multi-device access ● Imagine – What if was also an AD DC? – Instant branch office solution – Perhaps managed from the cloud? Breaking vendor lock in ● Samba can migrate to and from Microsoft Windows based AD domains – Without loss of data – Without password resets or domain joins ● Samba 4.0 can upgrade existing Samba 3.x domains to AD – And you can even migrate that to a Microsoft Windows AD if you want to – We won't hold you against your will! Uses Native Microsoft Admin tools ● Microsoft Management Console snap-ins – In general, fully
  • Client Side Samba Linux Clients in Microsoft Windows Environments

    Client Side Samba Linux Clients in Microsoft Windows Environments

    Client Side Samba Linux Clients in Microsoft Windows Environments Ralf Haferkamp OpenLDAP Team Lars Müller Samba Team May 8, 2006 Motivation Operating Systems Market Share (Client and Server) 1,80% 2,70% Microsoft Apple Linux 95,50% 2 © Novell Inc, Confidential & Proprietary Mandatory Requirements Overview • Domain join • Single Sign On Authentication • Name Service Switch (NSS) • X11 Display Manager integration (KDM, GDM) 3 © Novell Inc, Confidential & Proprietary Mandatory Requirement Authentication • Seamless PAM Integration – Let PAM winbind behave like other PAM modules – Mapping Microsoft to PAM error messages and codes • Kerberized PAM Winbind – Automatic ticket refresh and renew • Account Policies – Password – Logon hours – Lockout 4 © Novell Inc, Confidential & Proprietary Architecture Overview 5 © Novell Inc, Confidential & Proprietary Supplementary Requirements • Winbind Offline mode • Kerberized Client Applications – web browsers (konqueror, FireFox) – MUA (KMail) • File Access – libsmbclient using apps (konqueror, nautilus) – CIFS system wide? • Printing 6 © Novell Inc, Confidential & Proprietary YaST Integration (1) 7 © Novell Inc, Confidential & Proprietary YaST Integration (2) 8 © Novell Inc, Confidential & Proprietary Samba Winbind AD Integration Demo To do • Acessing CIFS Home Directory • Machine Account Password Changes • Localisation • GUI integration for Services For UNIX (SFU) • Group Policy Support (GPO) • Roaming Profiles • Logon Scripts 10 © Novell Inc, Confidential & Proprietary Available Resources • SUSE Linux Enterprise Desktop 10 • http://openSUSE.org/Samba • Samba.org samba-docs subversion Questions & Answers ? 11 © Novell Inc, Confidential & Proprietary Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments.
  • SMB Analysis

    SMB Analysis

    NAP-3 Microsoft SMB Troubleshooting Rolf Leutert, Leutert NetServices, Switzerland © Leutert NetServices 2013 www.wireshark.ch Server Message Block (SMB) Protokoll SMB History Server Message Block (SMB) is Microsoft's client-server protocol and is most commonly used in networked environments where Windows® operating systems are in place. Invented by IBM in 1983, SMB has become Microsoft’s core protocol for shared services like files, printers etc. Initially SMB was running on top of non routable NetBIOS/NetBEUI API and was designed to work in small to medium size workgroups. 1996 Microsoft renamed SMB to Common Internet File System (CIFS) and added more features like larger file sizes, Windows RPC, the NT domain service and many more. Samba is the open source SMB/CIFS implementation for Unix and Linux systems 2 © Leutert NetServices 2013 www.wireshark.ch Server Message Block (SMB) Protokoll SMB over TCP/UDP/IP SMB over NetBIOS over UDP/TCP SMB / NetBIOS was made routable by running Application over TCP/IP (NBT) using encapsulation over 137/138 139 TCP/UDP-Ports 137–139 .. Port 137 = NetBIOS Name Service (NS) Port 138 = NetBIOS Datagram Service (DGM) Port 139 = NetBIOS Session Service (SS) Data Link Ethernet, WLAN etc. Since Windows 2000, SMB runs, by default, with a thin layer, the NBT's Session Service, on SMB “naked” over TCP top of TCP-Port 445. Application 445 DNS and LLMNR (Link Local Multicast Name . Resolution) is used for name resolution. Port 445 = Microsoft Directory Services (DS) SMB File Sharing, Windows Shares, Data Link Ethernet, WLAN etc. Printer Sharing, Active Directory 3 © Leutert NetServices 2013 www.wireshark.ch Server Message Block (SMB) Protokoll NetBIOS / SMB History NetBIOS Name Service (UDP Port 137) Application • Using NetBIOS names for clients and services.
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb

    Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb

    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae