Tip

Taking Samba-3 beyond file and print serving, part two

John H. Terpstra, site expert

Welcome to the world of Windows, Unix and Linux under one IT roof. This tip reviews key factors in the interoperability between the host platform that Samba is running on, which is typically Linux, and the Microsoft Windows environment.

In part one,

    Requires Free Membership to View

I covered the interoperability challenges inherent in heterogeneous IT environments and Active Directory domain membership. In part two, I offer tips on Windows NT 4 domain replacement and SQUID integration with Windows networking.

NT4 domain replacement

Microsoft has been sending out notifications over a number of years that it NT4 operating system support will cease. Now, it's official, and Microsoft will provide no further updates. This has caused many businesses to seriously consider either replacement of NT4 with Active Directory or else with Samba-3 operating as an NT4-style domain controller.

Sites that require NT4 domain controllers will typically require a primary domain controller (PDC), as well as one or more backup domain controllers (BDCs). At this time, the only reliable method for implementing Samba-3 domain controllers (PDC plus BDCs) involves use of LDAP to store the user, group and machine account information.

The use of LDAP with Samba-3 domain control provides a more scalable NT4 domain architecture than was ever possible with Microsoft Windows NT4 itself. Samba-3 can be configured to use multiple concurrent LDAP directories, each of which can perform directory redirection and/or referrals.

An example that demonstrates the deployment of Samba-3 with an LDAP directory based account backend is given in chapter 6 of the book, Samba-3 by Example.

Samba-3 domain member servers in a Samba-3 domain may be configured to use winbind or to use LDAP to provide the IDMAP facility and resources. Examples are provided in chapter 9 of Samba-3 by Example.

Squid integration with Windows networking

Squid is a popular web and FTP proxy server that has support for server-side plug-in modules. One such plug-in module provides transparent authentication to restrict user access from Windows clients that use Microsoft Internet Explorer.

The protocol used is known as ntlm_auth and provides the NTLMSSP (NT LanManager Security Service Protocol). This module uses Samba's winbind to perform NT/LM authentication. Detailed information regarding the protocol can be found at Squid's web site.

An example that demonstrates use of this facility is given in chapter 11 of Samba-3 by Example. It should be noted that this module effectively only validates that the user is a member of a single domain that is specified in the Squid configuration file. The administrator should refer to the man page for the ntlm_auth module for specific additional configuration examples.

Summary

Samba has many features that are specifically directed at providing interoperability beyond the immediate purposes of file and print sharing. The foregoing discussion provides helpful references to assist the Windows network administrator to find information that will help in the selection of features that may be useful as well as how to use them.


Go back to part one.

About the author: John H. Terpstra is CTP of IT an consulting firm, Primastasys Inc., as well as author of several IT books and Ask the Expert advisor for SearchEnterpriseLinux.com.


This was first published in February 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.