[Samba] what OS do you use for Samba?
James A. Dinkel
server. I like that there is a deb repo for Debian from samba.org, but
I'm more comfortable with CentOS (Redhat). I just want to be sure I
have a well supported Samba server and I need at least the 3.0.20
version so I can use the "inherit owner" property. I also want
automatic updates for bugfixes and security (not to concerned about new
features though). Any insight?
James Dinkel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Aaron Kincer
bullet or truly "best" distro out there. If you are unsure and/or want
something that is easy to configure and has support if you want or need
it, I would suggest checking out Ubuntu server. I've had great luck with
it and out of the box it only installs what you need. In other words, it
doesn't come with a GUI by default, but with apt-get, you could get one
up and running in very short order if you wanted one post-install.
I haven't tried the latest 6.10 (Edgy) release for server yet. Version
6.06 (Dapper) works great and comes with Samba 3.0.22 by default.
Nathan Vidican
> I'm trying to decide on a linux distro to use for our enterprise Samba
> server. I like that there is a deb repo for Debian from samba.org, but
> I'm more comfortable with CentOS (Redhat). I just want to be sure I
> have a well supported Samba server and I need at least the 3.0.20
> version so I can use the "inherit owner" property. I also want
> automatic updates for bugfixes and security (not to concerned about new
> features though). Any insight?
>
> James Dinkel
>
>
>
directory services with unified logon for Windows, Unix, and
Intranet/Groupware for several years now, easy to upgrade, and
rock-solid stability (server uptimes > 370 days).
--
Nathan Vidican
nvid...@wmptl.com
James A. Dinkel
> Hi, we are using Debian since 2 years for Samba with about 200 users.
> Yes, it is possible to do automatic Updates with Debian. We are
> currently running Samba 3.0.23c in two Domains without any problems.
> Version 3.0.23c is currently in 'testing' of Debian. So security
updates
> will start with the next stable release of Debian.
Are you using it with Active Directory for authentication? Do you
update to the latest Samba from another place, or have you just been
using what is in the "stable" repo?
From: Aaron Kincer [mailto:kin...@gmail.com]
> I think this comes down to what works best for you. There isn't a
magic
> bullet or truly "best" distro out there. If you are unsure and/or want
> something that is easy to configure and has support if you want or
need
> it, I would suggest checking out Ubuntu server. I've had great luck
with
> it and out of the box it only installs what you need. In other words,
it
> doesn't come with a GUI by default, but with apt-get, you could get
one
> up and running in very short order if you wanted one post-install.
>
> I haven't tried the latest 6.10 (Edgy) release for server yet. Version
> 6.06 (Dapper) works great and comes with Samba 3.0.22 by default.
Yeah, I thought about going with Ubuntu 6.06 (I'd stick with that for
the LTS), but it's so new. I would feel better going with something
with a longer, proven track record. However, it is nice being able to
install and set up Ubuntu for free but then have Canonical there in case
I have an issue I just can't figure out on my own.
From: Nathan Vidican
> http://www.FreeBSD.org/ <-- check it out, been running Samba+LDAP
> directory services with unified logon for Windows, Unix, and
> Intranet/Groupware for several years now, easy to upgrade, and
> rock-solid stability (server uptimes > 370 days).
By Samba+LDAP do you mean you are using Samba as a PDC? I take it you
don't use Active Directory then?
Aaron Kincer
>
>
> Are you using it with Active Directory for authentication? Do you
> update to the latest Samba from another place, or have you just been
> using what is in the "stable" repo?
>
> Yeah, I thought about going with Ubuntu 6.06 (I'd stick with that for
> the LTS), but it's so new. I would feel better going with something
> with a longer, proven track record. However, it is nice being able to
> install and set up Ubuntu for free but then have Canonical there in case
> I have an issue I just can't figure out on my own.
>
>
>
I've been using it as our primary file server for about 3 or 4 months
now. Other than the famed archive bit problem, there really hasn't been
an issue. My only regret is that Samba 4 isn't out so I still have to
run 2003 as domain controllers.
Nathan Vidican
> I'm trying to decide on a linux distro to use for our enterprise Samba
> server. I like that there is a deb repo for Debian from samba.org, but
> I'm more comfortable with CentOS (Redhat). I just want to be sure I
> have a well supported Samba server and I need at least the 3.0.20
> version so I can use the "inherit owner" property. I also want
> automatic updates for bugfixes and security (not to concerned about new
> features though). Any insight?
>
> James Dinkel
>
>
>
directory services with unified logon for Windows, Unix, and
Intranet/Groupware for several years now, easy to upgrade, and
rock-solid stability (server uptimes > 370 days).
--
Nathan Vidican
nvid...@wmptl.com
Nathan Vidican
No, not using active directory. Am using samba as both a PDC, and a BDC
with nss_ldap, and pam_ldap on the unix boxes/servers, ldap_auth for
Squid, and some custom Perl handlers in Apache::mod_perl - so everything
authenticates via an LDAP tree. The likes of which is synchronized using
slurpd from one primary to two secondary LDAP servers (running
openldap). We utilize rsync to sync the data/shares between the domain
controllers nightly, should one fail the other is at the very worst -
one day behind in terms of users' roaming profiles, etc. Has worked VERY
well for us, serving approx 75 users and a little over half a terabyte
of user data. Not the largest setup out there, but it's just perfect for
a company this size and has yet to let us down.
--
Nathan Vidican
nvid...@wmptl.com
Martin Sundmacher
> From: Martin Sundmacher
>
>
>> Hi, we are using Debian since 2 years for Samba with about 200 users.
>> Yes, it is possible to do automatic Updates with Debian. We are
>> currently running Samba 3.0.23c in two Domains without any problems.
>> Version 3.0.23c is currently in 'testing' of Debian. So security updates
>>
>> will start with the next stable release of Debian.
>>
>
> Are you using it with Active Directory for authentication?
> Do you
> update to the latest Samba from another place, or have you just been
> using what is in the "stable" repo?
>
official Debian testing (Etch). http://packages.debian.org/testing/net/samba
We don't do fully automagic updates with that Server. We are manually
testing on a different System before we update the productive Server.
Greetings
Gautier, B (Bob)
> -----Original Message-----
> From: samba-bounces+bob.gautier=raboba...@lists.samba.org
> [mailto:samba-bounces+bob.gautier=raboba...@lists.samba.org
] On Behalf Of Aaron Kincer
> Sent: 21 November 2006 21:20
> To: James A. Dinkel
> Cc: sa...@lists.samba.org
> Subject: Re: [Samba] what OS do you use for Samba?
>
> James A. Dinkel wrote:
> >
> >
> > Are you using it with Active Directory for authentication? Do you
> > update to the latest Samba from another place, or have you
> just been
> > using what is in the "stable" repo?
> >
> As a matter of fact, I do. In a 2003 native AD domain.
We use Samba (winbind) for authentication against multiple AD domains.
We are
currently using 3.0.23c with a patch to make the trusted domains work
(see BZ3661).
This is running on RHEL4 and in the past it's been tested on Solaris
too.
Bob G
>
> > Yeah, I thought about going with Ubuntu 6.06 (I'd stick
> with that for
> > the LTS), but it's so new. I would feel better going with
> something
> > with a longer, proven track record. However, it is nice
> being able to
> > install and set up Ubuntu for free but then have Canonical there in
> > case I have an issue I just can't figure out on my own.
> >
> >
> >
> I've been using it as our primary file server for about 3 or
> 4 months now. Other than the famed archive bit problem, there
> really hasn't been an issue. My only regret is that Samba 4
> isn't out so I still have to run 2003 as domain controllers.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
_____________________________________________________________
This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat.
_____________________________________________________________
Dave Moore
> I'm trying to decide on a linux distro to use for our enterprise Samba
I've used CentOS, and it was a pretty painless process. Everything
worked well out of the box.
On 11/21/06, Aaron Kincer <kin...@gmail.com> wrote:
> I haven't tried the latest 6.10 (Edgy) release for server yet. Version
> 6.06 (Dapper) works great and comes with Samba 3.0.22 by default.
I just finished setting up 3.0.22 on 6.10. Worked like a champ, aside
from a minor hardware incompatibility issue with my crappy Dell tower.
Dave
Nathan Vidican
>> http://www.FreeBSD.org/ <-- check it out, been running Samba+LDAP
>> directory services with unified logon for Windows, Unix, and
>> Intranet/Groupware for several years now, easy to upgrade, and
>> rock-solid stability (server uptimes > 370 days).
>
>
> Ben giving serious thought to giving FreeBSD a try for Samba - is
> there a good HowTo for getting Samba+LDAP working on FreeBSD that you
> know of?
>
> Thanks,
>
Personally, I always prefer to compile my own apps using the ports
collection, so to install Samba+LDAP via the ports collection for FreeBSD:
freebsd# cd /usr/ports/net/openldap23-server
freebsd# make && make install
...
freebsd# cd /usr/ports/net/samba3/
freebsd# make && make install
...
freebsd# vi /usr/local/etc/openldap/slapd.conf
freebsd# echo 'slapd_enable="YES"' >> /etc/rc.conf
freebsd# /usr/local/etc/rc.d/slapd.sh start
freebsd# vi /usr/local/etc/smb.conf
freebsd# echo 'samba_enable="YES"' >> /etc/rc.conf
freebsd# /usr/local/etc/rc.d/samba.sh start
That's it! (in a nutshell; assuming you follow the docs and modify
according to your requirements)
Optionally, if you wish to make the FreeBSD users (local/unix users)
also authenticate and obtain session information from LDAP, (which
you'll probably want to do), then:
freebsd# cd /usr/ports/security/pam_ldap
freebsd# make && make install
...
- make sure local ldap connections work (check/edit
/usr/local/etc/ldap.conf as required, do 'ldapsearch -x')
...
freebsd# cd /etc/pam.d
freebsd# vi system
- add two lines that looks like this towards the top of the file:
auth sufficient pam_ldap.so
account sufficient pam_ldap.so
- alternatively, edit other places you want to (ie: ftpd)
- editing pam.d/* files will take effect almost immediately
freebsd# cd /usr/ports/net/nss_ldap
freebsd# make && make install
freebsd# vi /etc/nsswitch.conf
- change the line for passwd, and groups like so:
passwd: files ldap
group: files ldap
That should be it; mind you there are some blanks to be filled in... but
that's the basic process. You'll have all users, passwords, groups, and
account information binding to ldap from both samba and FreeBSD this
way. I'd also reccomend going to /usr/ports/net/lam and installing 'LDAP
Account Manager' - simple to use php/web-based app for managing the LDAP
directory (used to create/modify accounts, groups, passwords in the
database - also has a nifty pdf/reporting utility).
Anyhow, that's a quick start... try it on your own, and post a more
specific question should you run into anything. It really is fairly
painless though ;)
Marcello Romani
> I'm trying to decide on a linux distro to use for our enterprise Samba
> server. I like that there is a deb repo for Debian from samba.org, but
> I'm more comfortable with CentOS (Redhat). I just want to be sure I
> have a well supported Samba server and I need at least the 3.0.20
> version so I can use the "inherit owner" property. I also want
> automatic updates for bugfixes and security (not to concerned about new
> features though). Any insight?
>
> James Dinkel
>
>
We are using Gentoo Linux on a custom made P-IV-based raid1 scsi box.
Currently, gentoo offers 3.0.22-r3
Gentoo portage is technically very different from rpm, but once you get
used to it, it's just as simple (IMHO even simpler wrt package
dependencies).
It basically comes down to:
emerge --sync # to get the latest version
emerge samba # dowload, compile and install
rc-update add samba default # start samba at boot
Configuration is just standard smb.conf editing (or webmin, if installed).
Just my 2 (euro)cents.
--
Marcello Romani
Responsabile IT
Ottotecnica s.r.l.
http://www.ottotecnica.com
Chris Smith
> I like that there is a deb repo for Debian from samba.org, but
> I'm more comfortable with CentOS (Redhat). I just want to be sure I
> have a well supported Samba server and I need at least the 3.0.20
> version so I can use the "inherit owner" property. I also want
> automatic updates for bugfixes and security (not to concerned about new
> features though). Any insight?
I use Gentoo Linux for the flexibility.
Which OS is probably less important than the level that you learn to work with
it. When you are very comfortable with an OS a level of freedom exists beyond
what the packagers may provide.
Notice that many times there's a big difference in what a distro labels
as "stable" and what the app developers labels as "stable". A new Samba is
released with this phrase: "This is the latest stable release of Samba. This
is the version that production Samba servers should be running for all
current bug-fixes." Distros that don't update key packages until the next
release may put some functionality in jeopardy. Since Samba is, at times,
chasing Microsoft updates (which tend to break things) it's fairly imperitive
to remain current if it's a critical package for you; such as when it is the
PDC for your entire network.
The most critical packages for my customers are Samba and Cups, and since the
client systems all run Windows I find it important to keep up to date with
these packages in order to provide them with the fewest problems and the most
features, creating a seamless environment where everything just works and
they're not presented with problems that call attention to the fact that
their server is not running Windows.
Since I'm comfortable with the Gentoo packaging system I'm not tied down, in
most cases, to the release timing from the Gentoo devs; I can create my own
ebuild and install the latest release (plus patches when necessary) when it
becomes available. The nice thing here is that I get both customization and
use of the distros packaging system, as opposed to compiling and installing
outside of the packaging system which I've found in the past to be generally
less than desirable. As an example, due to the temporary hiatus of the
Gentoo's Samba dev the "official" ebuild is a bit out of date, but that
doesn't prevent me from running the latest release. Plus the ebuild is really
available to all as it's posted on a bug report.
If I decided to change to a binary distro at this point I would most surely
learn how to build packages for it in order to not be tied down to the
distros package release timetable.
If you just want easy pre-built binary installs than pick a distro that
releases your needed critical packages on a timely basis, or one in which the
application devs release binaries for. For Samba I think Redhat/Fedora is
probably the choice as the Samba team seems to always make those available
close to the same time as source. Although the Debian and Ubuntu Samba
releases are currently timely it hasn't always been that way.
Chris
James A. Dinkel
out Debian, but the packages are so old and I wasn't sure about messing
with the backports repository.
The partition containing the file share is on a SAN, so if for some
reason I don't like Ubuntu, I can just set up a Debian server (probably
after Etch comes out) and attach the SAN lun to the new server.
Thanks for all your input. I just wanted to be sure I didn't put
something in place that turned out to have some funky distro-specifi
weirdness that caused problems. It sounds, though, like at least a few
people are using Ubuntu without any hassles.
James Dinkel
Network Engineer
Butler County of Kansas
Rhiannon...@sungard.com
with trusted AD domains using Kerberos authentication. Should I upgrade
to 3.0.23c? It seems like many have had issues with the latest samba
release so I have been hesitant to upgrade, though cannot figure out why
samba cannot pull client credentials from the other trusted domain. Any
advice/suggestions would be greatly appreciated. Thanks.
Rhiannon
Bob G
Confidentiality Notice: This email transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that arrangements can be made for proper delivery, and then please delete the message from your in-box.
Gautier, B (Bob)
> -----Original Message-----
> From: samba-bounces+bob.gautier=raboba...@lists.samba.org
> [mailto:samba-bounces+bob.gautier=raboba...@lists.samba.org
> Sent: 28 November 2006 16:31
> To: sa...@lists.samba.org
> Subject: RE: [Samba] what OS do you use for Samba?
>
> I am currently running samba 3.0.10-1.4E.9 on RHEL 4 and
> having problems with trusted AD domains using Kerberos
> authentication. Should I upgrade to 3.0.23c? It seems like
> many have had issues with the latest samba release so I have
> been hesitant to upgrade, though cannot figure out why samba
> cannot pull client credentials from the other trusted domain.
> Any advice/suggestions would be greatly appreciated. Thanks.
Well, as far as I could see, without a fix to BZ3661 the ability to pull
client credentials from trusted domains is just plain absent, not just
buggy
or unreliable: winbindd can't do it because the code simply isn't there.
So, IMHO you need to upgrade or at least port the patch, if you want to
use
the idmap_ad backend.
3.0.10 is very old anyway.
Bob G
James A. Dinkel
set up and moved one department over to it. I'm planning on upgrading
to Etch when it comes out anyway, so I think I'll stick to that plan and
use this repo at that point.
James Dinkel
-----Original Message-----
From: James Zuelow [mailto:James_...@ci.juneau.ak.us]
Oh, I've been busy and don't usually get into the OS discussions.
But you don't have to use backports for Samba on Debian Sarge. I'm not
sure why anyone would even do that, since the Samba team maintain their
own Sarge apt repository. If you still have a Sarge box to test, add
this to your /etc/apt/sources.list
deb http://us5.samba.org/samba/ftp/Binary_Packages/Debian sarge samba
And you'll track the latest stable release.
I have a production Debian Sarge server that does just this.
Just don't do it with Etch, since in a few days time you'll get the same
package from Debian that you got from Samba, except that the Debian
packages have a few files moved from samba to samba-common. That
confuses apt. So with Etch I'd recommend staying plain vanilla Debian
in sources.list until it goes stable and the version number freezes.
Then you can move to using the Samba team repository.
Ubuntu is cool too, especially the LTS version -- you probably won't go
wrong either way.
James Zuelow....................CBJ MIS (907)586-0236
Network Specialist...Registered Linux User No. 186591
Jon Theil Nielsen
>
> Anyhow, that's a quick start... try it on your own, and post a more
> specific question should you run into anything. It really is fairly
> painless though ;)
>
> --
> Nathan Vidican
> nvidican <at> wmptl.com
Hmm, this might be sligthly OT, but does this "howto" exist somewhere
as a web page? I have been using FreeBSD for a couple a years now
(mainly as a small scale web server and Samba only for experiments) and
have been looking for an up-to-date description of how to do LDAP
authentication both for Samba and the OS.
I can only agree that FreeBSD is very solid and that the ports system
makes almost any functionality possible.
Regards, Jon Theil Nielsen
David Schulz
fileserver has an uptime of 345 days now.
> !DSPAM:1084,45755c506579958317260!
simo
> On Tuesday 28 November 2006 13:59, James A. Dinkel wrote:
> > deb http://us5.samba.org/samba/ftp/Binary_Packages/Debian sarge samba
> >
> > And you'll track the latest stable release.
> >
> > I have a production Debian Sarge server that does just this.
> >
> > Just don't do it with Etch, since in a few days time you'll get the same
> > package from Debian that you got from Samba, except that the Debian
> > packages have a few files moved from samba to samba-common. That
> > confuses apt. So with Etch I'd recommend staying plain vanilla Debian
> > in sources.list until it goes stable and the version number freezes.
> > Then you can move to using the Samba team repository.
> >
> > Ubuntu is cool too, especially the LTS version -- you probably won't go
> > wrong either way.
>
> elected not to move to Ubuntu servers - when I first examined the possibility
> they were stuck on 3.0.14 for the longest time. Also CUPS, the other major
> component I need for supporting Windows clients, on Ubuntu is stuck at 1.2.4,
> whereas I run 1.2.7 on Gentoo.
>
> Do the Sarge releases from the Samba team work properly with this (or any)
> version of Ubuntu?
I have never tested the sarge releases on ubuntu. Edgy seem to have a
lot more updated libraries, you would have to test that everything work
as expected.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: id...@samba.org
http://samba.org
Chris Smith
>
> And you'll track the latest stable release.
>
> I have a production Debian Sarge server that does just this.
>
> Just don't do it with Etch, since in a few days time you'll get the same
> package from Debian that you got from Samba, except that the Debian
> packages have a few files moved from samba to samba-common. That
> confuses apt. So with Etch I'd recommend staying plain vanilla Debian
> in sources.list until it goes stable and the version number freezes.
> Then you can move to using the Samba team repository.
>
> Ubuntu is cool too, especially the LTS version -- you probably won't go
> wrong either way.
Ubuntu (Edgy Eft) seems to be stuck at 3.0.22. Which is one of the reasons I
elected not to move to Ubuntu servers - when I first examined the possibility
they were stuck on 3.0.14 for the longest time. Also CUPS, the other major
component I need for supporting Windows clients, on Ubuntu is stuck at 1.2.4,
whereas I run 1.2.7 on Gentoo.
Do the Sarge releases from the Samba team work properly with this (or any)
version of Ubuntu?
Chris
James A. Dinkel
> From: Chris Smith
> Sent: Wednesday, December 06, 2006 12:06 PM
>
> Ubuntu (Edgy Eft) seems to be stuck at 3.0.22. Which is one of the
reasons
> I
> elected not to move to Ubuntu servers - when I first examined the
> possibility
> they were stuck on 3.0.14 for the longest time. Also CUPS, the other
major
> component I need for supporting Windows clients, on Ubuntu is stuck at
> 1.2.4,
> whereas I run 1.2.7 on Gentoo.
>
> Do the Sarge releases from the Samba team work properly with this (or
any)
> version of Ubuntu?
>
> Chris
Ubuntu, and Debian, will always be "stuck" at the version included at
the time of release. This is by design, so "breakage" is not
introduced, but it does still get security and bug fixes. Just FYI.
I'm having a problem with "nested groups" (you may have noticed on this
mailing list) and I'm also wondering if updating to the latest Samba and
Winbind would take care of my issue.
Backporting from a newer distro such as Feisty for Ubuntu, or Etch for
Debian, would be one way to manually get the newer packages. I believe
there is a tool to make backporting easy on Ubuntu, I'm not sure I would
trust this approach though.
Aaron Kincer
servers integrated into Active Directory, you would expect similar
behavior configurations notwithstanding. As we've discussed earlier, I
have no problems with nested groups. I think you're barking up the wrong
tree thinking upgrading will solver your problem. I'm unconvinced.
Out of curiosity, do you have any explicit group denial settings on the
target folder that the user in question might have membership? I believe
denies overrule grants, but I'm not positive.