 |
|
||||
|
Samba 3: Linux File Serving for the Active Directory GenerationBy Steven J. Vaughan-NicholsAugust 11, 2003
Still, with this beta, it does have migration support for moving from NT 4 domains to a pure Samba 3 network. It's not as smooth as Active Directory Migration Tool 2, but, on the other hand, it's a lot easier than moving from NT 4 to AD under Windows 2000 ever was. Of course, considering how difficult that was, that isn't saying much! If you, and your IT cohort, already know Samba well, understand network management theory as well as you do its practice and write Perl scripts in your spare time, go for it. If that's not you, though, the high cost of picking up that expertise will probably overshadow Samba's low cost in the short run. In the future, Samba 3 exclusive networks might work for any company, but for now, I think your best deal will be to use Samba 3 in conjunction with either your existing Domain network or an AD network. Samba 3 and AD Fortunately, with this beta, Samba 3 has AD support. To be more precise, you can now join your Samba 3 server to an ADS tree as a member server without requiring that AD is running in mixed mode. Instead, AD can be running in native mode. You cannot, however, run it in Server 2003 mode, a superset of native mode which requires that all servers are running the Server 2003 operating system. For authentication purposes, you'll also need to set your AD server to support LDAP and Kerberos. That's a common enough setting. With W2K Server, LDAP interoperability with Linux LDAP Servers, typically OpenLDAP, can sometimes be troublesome. With Server 2003, however, you should have far less trouble. On the Samba side, you'll need to pay close attention to the HOWTO file to make sure that your Kerberos processes know how to talk to AD's Kerberos server. Once they're talking, you'll need to manually enter the Samba 3 Server into AD. With that done, you'll want to add file shares and printers using Samba's; usually with the SWAT Web interface but you can do it on the Unix command line as well. These resources should then appear in AD management consoles and to Windows 2000, XP and 2003 clients. What about 95, 98 or ME? Unfortunately, these operating system require the NT/LAN Manager (NTLM) challenge/response authentication protocol and AD's native mode doesn't support that. Instead, it relies entirely on Kerberos for user authentication. So, to make a long story short, if you still have those operating systems on your clients, you don't want to upgrade to AD or Samba 3 using AD native mode. For better, or worse, you still must use either a mixed mode or a pure domain system. If you're determined to combine W2K Server AD with Samba 3, you might be better off exploring the use of MKS AD4Unix. AD4Unix is a plug-in for AD Server that enables Unix-related authentication and user information to be stored in AD and managed via the Microsoft Management Console (MMC). This approach, however, is recommended only for those who know both AD and Unix administration extremely well. If you need to manage both Unix and Windows clients all the time and want one interface, this is an approach you should explore. In a typical office though, where the goal is simply to provide cheap file and printing services via Samba to Windows users, it would be overkill. Once you have Samba 3 and AD in place what can you expect? Well, while your overall network resources won't be as easy to manage as they would be under Server 2003 mode, you'll still have the advantage of lower prices for your available system resources. Samba 3, in my informal testing, dishes out files faster than W2K Server in this environment. But, it's slower than Server 2003 in delivering files. Still, for software that's still in beta, running in a new mode, its performance is quite impressive and I look forward to seeing its final edition on the file playing field. Is it ready for production use? No, it's not. Is it ready for you to start testing it for production? Yes, it is. And, if your company needs to add file server capacity, while keeping a close eye on the budget, it's well past the time for you to start testing Samba 3. It's that good now and its promise for tomorrow is looking even better. Discuss this article in the Enteprise IT Planet networking forum.
|
|
|
|
Email
Print
Digg This
Add to del.icio.us
