[Samba] Samba or NFS for a new domain member server
I have 10 XP clients authenticating against a Samba PDC, using passwd as the passdb backend. The Samba PDC provides several shares to the XP clients. Priviledges on the Samba PDC are controlled by *nix user and group permissions. I do not have any Windows servers on my network, so we do not use any of the Windows group capabilities beyond the default groups. My Samba PDC is running out of room, so I want to move the shares to a new server with more storage, but I want the Samba PDC to continue to authenticate my XP clients. Should I maintain the definition of the shares on the Samba PDC, but actually store the data on the new server and make it available to the PDC via NFS. In other words, do not use Samba on the new server, but use NFS instead? OR Should I use Samba and winbind on the new server to provide access to the shares and control permissions? Any thoughts or experiences are appreciated. Scott Rosa Debian-sarge, Samba 3.0.14 --- MY CURRENT EXPERIENCE SO FAR --- Note: I know that the simple solution would have been to make the new box the PDC, which I may still do. However, I may be adding a second member server soon, so I needed to figure out how to integrate the member server into my network anyway. I have been able to get samba on the new server to use the old PDC to authenticate the users. And, I have been able to verify with wbinfo -u. However, I run into a problem with group permissions. When I do a wbinfo -r username on the member server, I get a list of numeric group ids for the user. The count matches the number of groups that the user belongs to on the PDC. Having virtually no experience with samba, I thought that might not be a big deal, especially since I could determine the group name by using the following commands: wbinfo -G group-id wbinfo -s SID from the command above For, example: wbinfo -G 10012 returns S-1-5-21-...-3003 S-1-5-21-...-3003 returns PP+fl_staff 2 However, when I tried to set up one of the directories that I want to move from the existing PDC to the member server, I could not assign the appropriate group to the directory. For examble, on the member server: chgrp PP+fl_staff pub chgrp PP+fl_staff pub chgrp PP+fl_staff 2 pub all return an error: chgrp: invalid group name `PP+fl_staff' Now, if I change the group ownership to the appropriate GID (in this case, 10012), the chgrp command works and my XP clients can access the directory with the appropriate permissions, which I guess I can do. But, if something happens to winbind idmap tables and things get renumbered for some reason, I don't want to have to face the task of fixing the GIDs across some files and directories. Sent via the WebMail system at preventionpartners.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba or NFS for a new domain member server
Please forgive me if this post appears multiple times. I have had trouble posting and I cannot be sure if any of my other posts have made it to the list. I have 10 XP clients authenticating against a Samba PDC, using passwd as the passdb backend. The Samba PDC provides several shares to the XP clients. Priviledges on the Samba PDC are controlled by *nix user and group permissions. I do not have any Windows servers on my network, so we do not use any of the Windows group capabilities beyond the default groups. My Samba PDC is running out of room, so I want to move the shares to a new server with more storage, but I want the Samba PDC to continue to authenticate my XP clients. Should I maintain the definition of the shares on the Samba PDC, but actually store the data on the new server and make it available to the PDC via NFS. In other words, do not use Samba on the new server, but use NFS instead? OR Should I use Samba and winbind on the new server to provide access to the shares and control permissions? Any thoughts or experiences are appreciated. Scott Rosa Debian-sarge, Samba 3.0.14 --- MY CURRENT EXPERIENCE SO FAR --- Note: I know that the simple solution would have been to make the new box the PDC, which I may still do. However, I may be adding a second member server soon, so I needed to figure out how to integrate the member server into my network anyway. I have been able to get samba on the new server to use the old PDC to authenticate the users. And, I have been able to verify with wbinfo -u. However, I run into a problem with group permissions. When I do a wbinfo -r username on the member server, I get a list of numeric group ids for the user. The count matches the number of groups that the user belongs to on the PDC. Having virtually no experience with samba, I thought that might not be a big deal, especially since I could determine the group name by using the following commands: wbinfo -G group-id wbinfo -s SID from the command above For, example: wbinfo -G 10012 returns S-1-5-21-...-3003 S-1-5-21-...-3003 returns PP+fl_staff 2 However, when I tried to set up one of the directories that I want to move from the existing PDC to the member server, I could not assign the appropriate group to the directory. For examble, on the member server: chgrp PP+fl_staff pub chgrp PP+fl_staff pub chgrp PP+fl_staff 2 pub all return an error: chgrp: invalid group name `PP+fl_staff' Now, if I change the group ownership to the appropriate GID (in this case, 10012), the chgrp command works and my XP clients can access the directory with the appropriate permissions, which I guess I can do. But, if something happens to winbind idmap tables and things get renumbered for some reason, I don't want to have to face the task of fixing the GIDs across some files and directories. Sent via the WebMail system at preventionpartners.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba or NFS for a new domain member server
Please forgive me if this post appears multiple times. I have had trouble posting and I cannot be sure if any of my other posts have made it to the list. I have 10 XP clients authenticating against a Samba PDC, using passwd as the passdb backend. The Samba PDC provides several shares to the XP clients. Priviledges on the Samba PDC are controlled by *nix user and group permissions. I do not have any Windows servers on my network, so we do not use any of the Windows group capabilities beyond the default groups. My Samba PDC is running out of room, so I want to move the shares to a new server with more storage, but I want the Samba PDC to continue to authenticate my XP clients. Should I maintain the definition of the shares on the Samba PDC, but actually store the data on the new server and make it available to the PDC via NFS. In other words, do not use Samba on the new server, but use NFS instead? OR Should I use Samba and winbind on the new server to provide access to the shares and control permissions? Any thoughts or experiences are appreciated. Scott Rosa Debian-sarge, Samba 3.0.14 --- MY CURRENT EXPERIENCE SO FAR --- Note: I know that the simple solution would have been to make the new box the PDC, which I may still do. However, I may be adding a second member server soon, so I needed to figure out how to integrate the member server into my network anyway. I have been able to get samba on the new server to use the old PDC to authenticate the users. And, I have been able to verify with wbinfo -u. However, I run into a problem with group permissions. When I do a wbinfo -r username on the member server, I get a list of numeric group ids for the user. The count matches the number of groups that the user belongs to on the PDC. Having virtually no experience with samba, I thought that might not be a big deal, especially since I could determine the group name by using the following commands: wbinfo -G group-id wbinfo -s SID from the command above For, example: wbinfo -G 10012 returns S-1-5-21-...-3003 S-1-5-21-...-3003 returns PP+fl_staff 2 However, when I tried to set up one of the directories that I want to move from the existing PDC to the member server, I could not assign the appropriate group to the directory. For examble, on the member server: chgrp PP+fl_staff pub chgrp PP+fl_staff pub chgrp PP+fl_staff 2 pub all return an error: chgrp: invalid group name `PP+fl_staff' Now, if I change the group ownership to the appropriate GID (in this case, 10012), the chgrp command works and my XP clients can access the directory with the appropriate permissions, which I guess I can do. But, if something happens to winbind idmap tables and things get renumbered for some reason, I don't want to have to face the task of fixing the GIDs across some files and directories. Sent via the WebMail system at preventionpartners.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba or NFS for a new domain member server
Gary, Thanks for taking the time to respond. My network is really small right now, so I can live with having to add the *nix groups locally. For some reason, I just assumed that winbind, which provided usernames for the matching UID, would do the same for *nix groups. I guess I really need to be using ldap, but that learning curve is going to be longer than I have to get these two servers in place. Thanks again for your help. -- Original Message -- From: Gary Dale [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 09 May 2006 10:46:00 -0400 Samba Administrator wrote: Please forgive me if this post appears multiple times. I have had trouble posting and I cannot be sure if any of my other posts have made it to the list. I have 10 XP clients authenticating against a Samba PDC, using passwd as the passdb backend. The Samba PDC provides several shares to the XP clients. Priviledges on the Samba PDC are controlled by *nix user and group permissions. I do not have any Windows servers on my network, so we do not use any of the Windows group capabilities beyond the default groups. My Samba PDC is running out of room, so I want to move the shares to a new server with more storage, but I want the Samba PDC to continue to authenticate my XP clients. Should I maintain the definition of the shares on the Samba PDC, but actually store the data on the new server and make it available to the PDC via NFS. In other words, do not use Samba on the new server, but use NFS instead? OR Should I use Samba and winbind on the new server to provide access to the shares and control permissions? Any thoughts or experiences are appreciated. Scott Rosa Debian-sarge, Samba 3.0.14 --- MY CURRENT EXPERIENCE SO FAR --- Note: I know that the simple solution would have been to make the new box the PDC, which I may still do. However, I may be adding a second member server soon, so I needed to figure out how to integrate the member server into my network anyway. I have been able to get samba on the new server to use the old PDC to authenticate the users. And, I have been able to verify with wbinfo -u. However, I run into a problem with group permissions. When I do a wbinfo -r username on the member server, I get a list of numeric group ids for the user. The count matches the number of groups that the user belongs to on the PDC. Having virtually no experience with samba, I thought that might not be a big deal, especially since I could determine the group name by using the following commands: wbinfo -G group-id wbinfo -s SID from the command above For, example: wbinfo -G 10012 returns S-1-5-21-...-3003 S-1-5-21-...-3003 returns PP+fl_staff 2 However, when I tried to set up one of the directories that I want to move from the existing PDC to the member server, I could not assign the appropriate group to the directory. For examble, on the member server: chgrp PP+fl_staff pub chgrp PP+fl_staff pub chgrp PP+fl_staff 2 pub all return an error: chgrp: invalid group name `PP+fl_staff' Now, if I change the group ownership to the appropriate GID (in this case, 10012), the chgrp command works and my XP clients can access the directory with the appropriate permissions, which I guess I can do. But, if something happens to winbind idmap tables and things get renumbered for some reason, I don't want to have to face the task of fixing the GIDs across some files and directories. Sent via the WebMail system at preventionpartners.com I'd avoid using NFS in this situation. Why make the file access go through two servers? If you make the new server a domain controller, you get some redundancy in your authentication, in case your PDC has problems. To avoid remapping shares, you can rename your PDC and file server so that the shares continue to map the same server name. re. your group problem: it sounds like the group names don't exist on the new server. Since you say you are using *nix groups instead of Windows groups, that could be the problem. I don't think it's a big deal. As long as the group numbers match, things should work. To get the names to show, you need to add the *nix groups locally. You could try copying the /etc/group from your PDC, or at least the portion with group numbers 1. Sent via the WebMail system at preventionpartners.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
