Implementing Samba 4

Table of Contents

Implementing Samba 4

Credits

Foreword

About the Author

Acknowledgments

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Installing the Samba 4 Server

Installing Debian 7.0 (Wheezy)

Installing and configuring Samba 4 Server's dependencies

Installing Samba 4 Server step by step

Basic validations of the Samba's installation

Summary

2. Provisioning Samba 4 as an AD Domain Controller

Highlighting the planning points for an AD service

Acquiring information for deploying an AD service

Availability, performance, and replication for the network service

Setting up Samba 4 as an AD Domain Controller

Validating the Samba 4 configuration

Summary

3. Managing the Samba Active Directory Server

Understanding the possible roles of the Samba 4 Server on the network

Implementing the AD authentication and authorization for GNU/Linux systems

Configuring the PAM and NSS libraries

Joining the Debian 7 GNU/Linux into our Active Directory Domain

Starting with the basic concepts for Group Policies on Samba 4

Allowing a user to create Group Policies

Allowing a user to link Group Policies to OUs

Creating a Group Policy

Trust relationships and replication with Samba 4

Summary

4. Replacing a Microsoft Windows Active Directory Server

Key points to consider before replacing an AD DC

Planning the replacement – tests and validations

Exporting directory entries

Comparing backup data against live data

Replacing the Active Directory Domain Controller

Replacement tests and validations

Summary

5. Upgrading from Samba Server Version 3

Distinguishing between Samba Versions 3 and 4

Key points for consideration before the upgrade

Establishing an upgrade plan

Creating tests and validations before the upgrade

Executing the Samba Server upgrade procedure

Stopping and disabling Samba and winbind daemons

Editing the Samba 4 configuration file

Configuring the reverse zone

Adding the profiles share to the configuration

Deciding the upgrade approach for Member Servers

Upgrading tests and validations for the PDC

Upgrading tests and validations for Member Servers

Summary

6. Printing and File Services

Introducing SMB/CIFS protocol versions and Samba 4

Introducing the Samba 4 file and print server daemons

Introducing Microsoft Windows print driver Versions 3 and 4

Configuring a printer on the Samba 4 Server host using CUPS

Sharing the printer on a Microsoft AD network using Samba

Introducing Microsoft Windows Point and Print Samba Server configuration

Sharing files using Samba 4

Summary

7. Extending the Active Directory Schema Using Samba 4

Planning an Active Directory schema extension

Exporting the current Active Directory schema configuration

Extending the Active Directory schema in practice

Extending the Active Directory schema

Testing and validating the Samba 4 Active Directory schema extension

Summary

8. Implementing a Highly Available Distributed File Server

Preparing the Debian GNU/Linux environment

Configuring GlusterFS for high availability and scalability

Integrating CTDB, GlusterFS, and the Samba 4 Server

Executing tests and validations on the highly available file server

Summary

9. The Samba 4 Python Scripting Interface

Open source development and collaborative work

Exploring and using the Python interface of the Samba 4 Server

Introducing Samba 4 Python bindings

Understanding the power of Python and the Samba 4 Server

Summary

A. References

Index

Implementing Samba 4

Implementing Samba 4

Copyright © 2014 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: April 2014

Production Reference: 1310314

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78216-658-0

www.packtpub.com

Cover Image by Marcelo Leal (<[email protected]>)

Credits

Author

Marcelo Leal

Reviewers

Kai Blin

Henry Gultom

Iulian-Nicu Șerbănoiu

Manikandan Somasundaram

Acquisition Editors

Akram Hussain

Nikhil Karkal

Content Development Editor

Athira Laji

Technical Editors

Manan Badani

Shali Sasidharan

Copy Editors

Tanvi Gaitonde

Aditya Nair

Stuti Srivastava

Project Coordinator

Sanghamitra Deb

Proofreaders

Mario Cecere

Maria Gould

Clyde Jenkins

Indexer

Monica Ajmera Mehta

Graphics

Sheetal Aute

Disha Haria

Yuvraj Mannari

Production Coordinator

Nilesh Bambardekar

Cover Work

Nilesh Bambardekar

Foreword

Shared, networked file and print services are the heart and blood of any office environment. They allow users of a network to store their files reliably, share them with each other, and bridge the gap between multiple places of work, multiple devices and tools, and multiple operating systems.

The latter aspect is key to a modern work environment: integrating the worlds of Unix/Linux and Mac OS X with the traditional Windows PC environment not only allows users of a foreign OS to collaborate in a Windows-dominated world, it also enables Windows environments to benefit from the power of Unix/Linux server environments with advanced networking, high availability, backup/recovery, and automation capabilities as well as integration with enterprise-class infrastructure and tools.

When Andrew Tridgell implemented the first version of Samba in 1991, he probably did not foresee the tremendous impact that his software would have on today's office productivity environments and the role it would fill as the bridge between two worlds that couldn't be more different from each other. Yet, this is exactly what makes Samba so fascinating: the power to integrate the Windows world with the Unix/Linux/Mac OS X world, the Rosetta Stone of filesystem protocols.

Wielding this power can be difficult and complicated. In today's hectic world of IT system administration, the pressure to deliver a robust, stable, highly available, and dependable infrastructure at a low cost has never been greater. Modern system administrators frequently don't have the time or training to understand every possible aspect of any given software, especially if it is a complex system that has grown over several decades. They need simple, practical, relevant advice on how to accomplish their day-to-day tasks, enabling them to get the basics of file and print services up and running. They need to do so quickly and efficiently, so they can concentrate on higher-level tasks, knowing that the key underlying infrastructure is in place and running reliably.

I'm very happy to see that Marcelo has accepted the challenge of boiling down heaps of documentation, white papers, and other collateral into a single, concise, practical guide to implementing Samba 4. Marcelo draws from over a decade of experience in running large-scale IT projects, from high-level planning to the nitty-gritty details of command-line options and complex troubleshooting.

And the result is a clear, concise, extremely useful step-by-step guide on how to set up your Samba 4 environment: from basic installation to AD Domain Controller setup and management, migration from an existing Windows server environment, upgrading from Samba 3, running file and print services, LDAP, clustering, and of course scripting. This guide has got you covered.

Of course, no guide can replace the full documentation or address the intricacies of every single corner case. But staying true to the Pareto principle, this is exactly the 20 percent of documentation that you need to read to get 80 percent of your Samba 4 work done. With Marcelo's expertise boiled down into a single book, you can get up and running quickly, then concentrate your energy into those aspects of your installation that are unique to your environment and that warrant your special attention.

IT system administrators often have an aura of IT wizards around them, as if they had the power to heal a broken computer with the touch of a hand. This magic really stems from decades of experience; hard-learned intuition; and the tedious, day-to-day work of getting IT stuff done. I hope that the virtual Marcelo distilled into this book can help you become such a Samba wizard, enabling you to ensure that your organization's productivity is covered, at least from a file and print perspective.

Constantin Gonzalez

IT, Unix and file system survivor

About the Author

Marcelo Leal studied at Unisinos, where he undertook a Bachelor's degree in Computing Science. Having worked in the IT industry for more than 15 years, he has gained experience as a network/system administrator, support manager, Unix/Linux specialist, storage architect, and most recently, as a solutions architect. He was involved in open source projects since the beginning of his career and has developed some open source tools and submitted patches to the GNU/Linux and FreeBSD kernel. In 2005, he was honored for his participation in the Prêmio TI e Governo for the project Metrópole, Porto Alegre/RS. He was one of the founders of the Porto Alegre OpenSolaris User Group (PoaOSUG) and was a contributor for the Open High Availability Cluster Community (OHAC) within the OpenSolaris Project; he was the first person outside Sun Microsystems to contribute code to the Open Cluster software. He received three prizes at the OpenSolaris innovation awards program (2007-2008), and presented a solution for Storage High Availability using nonshared disks at the first OHAC Summit in San Francisco/California, USA (2009). In 2013, he presented a highly available, scalable, and high performance three-layer storage solution at SNIA SpeedConf, Santa Clara/California, USA, which, besides adding a lot of value to the storage service, provided huge savings in capex and opex costs (millions of dollars in three years). He has led the architecture and development of a distributed Storage Appliance that, in three years, provided more than 1.5 million operations per second (CIFS, NFS, and iSCSI) for almost 10PB in an area available for a diverse range of products. In 2010, he wrote ZFS -Para usuários OpenSolaris, Windows, Mac e Linux, Brasport, the first book about ZFS in Brazilian Portuguese and actually one of the few books about ZFS available in a language other than English. He tries to write regularly on his blog at http://www.eall.com.br/blog.

Acknowledgments

First, I would like to thank the open source community for all the hackers involved in bringing lines and lines of code, documentation, and knowledge into the world. I would like to specifically thank the Samba project team and community! The Samba 4 software is a huge accomplishment and deserves all our appreciation for the effort taken in delivering such a great product. I would like to thank all the editors and reviewers who worked with me during the journey of this book; I would not have been able to do it without your help and invaluable inputs. I would like to thank my family: Ana, Júnior, Pedro, and Leonardo. It's all for you! Last but not least, a big thank you to my grandmother and my mother, Maria Leal. She is the reason I stand here today.

About the Reviewers

Kai Blin is a computational biologist by trade and an open source developer by passion. As he is more of a network and systems programmer in his spare time, the Samba Team member feels lucky to also be able to work on open source software in his day job. He holds a PhD in Microbiology from the University of Tübingen in Germany and is currently working on his post-doc in Cologne.

Henry Gultom is a Linux consultant for an IT company that operates out of Indonesia, Nigeria, and the Kingdom of Tonga. With more than 10 years' experience in Linux administration, he has acquired a deep technical background in the management, design, assessment, and systems integration of information technologies. Since 2010, he has been helping many IT companies in Indonesia to use Samba 4 and has been successful until now.

Iulian-Nicu Șerbănoiu is a graduate of Politehnica University of Bucharest. He also holds a master's degree in Advanced Computer Architectures from the same institution. He is a senior software engineer, with a specialization in imperative programming languages, such as Java, C++, and Python. He has a passion for free/libre software and always tries to be up to date with the latest technologies. He loves scripting languages and uses them to automate tasks as much as possible.

I would like to thank my family for giving me the opportunity to grow and become what I am today. Thank you very much for your support; without you, I'm nothing.

Manikandan Somasundaram has over three years of experience in the field of Linux administration. He is a BE Computer Science graduate. Being a Linux enthusiast, he has his specialization in RHCE (Red Hat Certified Engineer) and RHCSS (Red Hat Certified Security Specialist). He started his career as a Linux system engineer in a small, Chennai-based start-up company, where he had the freedom to explore/implement the world of open source, so he has migrated a number of software from proprietary to open source, such as the openfire intranet chat server. Then, he moved to SafeScrypt, a business unit part of Sify Technologies Limited, which is the India's first CA (Certificate Authority). Here, he had an opportunity to work with the PKI infrastructure and certification practices that helped him relate his RHCSS studies to reality in a better way. Currently, he is working for MindTree Ltd. as a Linux system administrator and pursuing an MS Software Systems degree from BITS Pilani, India. His main hobby is to provide freelance training on Linux administration, and his other hobbies are yoga, martial arts, gymnastics, and playing the guitar.

I wish to personally thank the following people for their contributions, and for inspiring me and providing me with knowledge and help in reviewing this book:

Well wishers: Prof Vishvanathan, A.V.C. College Of Engineering, Gerald Nathan, Principal Consultant, Corpus Software Pvt Ltd.

My family: Somasundaram (my father), Tamizarasi Somasundaram (my mother), and Durgadevi (my sister).

www.PacktPub.com

Support files, eBooks, discount offers, and more

You might want to visit www.PacktPub.com for support files and downloads related to your book.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

http://PacktLib.PacktPub.com

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print and bookmark content

On demand and accessible via web browser

Free access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.

Preface

After many years of hard work, coding, and testing, the open source community was presented with the Samba software Version 4 at the end of 2012. Whoever was involved in the Samba project or had participated in the community knows how much this version was awaited. Besides all the new features that the Samba Server Version 4 brings in this important release, the one that stands out unanimously is the Active Directory capabilities. Microsoft Active Directory Services is a very popular technology among different companies, from small or medium size organizations to big enterprises.

With the new Samba 4 software version, users and system administrators will be able to implement an Active Directory Server, file and print services, and deliver a broad range of network services using open source technology. Samba 4 has main built-in capabilities needed for the server side of the Active Directory services, such as the LDAP server, the Kerberos Key Distribution Center, and a simple DNS server.

This book is a practical guide intended to provide easy-to-use, step-by-step procedures to help users and system administrators implement Active Directory services on their networks using the freedom of open source software. We will learn how to use the Samba 4 Server as an Active Directory server, as well as understand the other roles this software can play in the organization environment.

What this book covers

Chapter 1, Installing the Samba 4 Server, provides us with a quick overview of the Debian GNU/Linux installation procedure, and we will learn how to install and configure all the Samba 4 dependencies needed for our Samba 4 use cases. In this chapter, the reader will learn how to validate the Samba 4 installation and how to execute basic tests to make sure that the Samba 4 installation is ready.

Chapter 2, Provisioning Samba 4 as an AD Domain Controller, talks about the basic tasks required to get a proper Samba 4 Active Directory as a Domain Controller configured on the network. This chapter will focus on minimal planning, checklists, and the key points to consider before starting the provisioning. We will learn how to provision the Samba 4 as an Active Directory Server in detail.

Chapter 3, Managing the Samba Active Directory Server, describes the different roles the Samba 4 Server can play on the network, and how to basically manage it using Microsoft Windows machines (for example, Microsoft Windows Server 2008 R2). The reader will learn how to integrate a Debian GNU/Linux client on the Samba 4 domain and to have the authentication and authorization working in this system. Also covered in this chapter are the replication and trust relationship characteristics of an Active Directory Domain Controller when running the Samba 4 Server at the present time.

Chapter 4, Replacing a Microsoft Windows Active Directory Server, intends to show you how to replace a Microsoft Windows Server Active Directory by a Samba 4 Server. We will learn the key consideration points, our example configuration scenario, some backup/recovery and rollback techniques, and in the end, the step-by-step procedure to execute the replacement of our Microsoft Windows Server 2008 R2 with the Samba 4 Server as the Active Directory Domain Controller. We will also learn about some basic tests and validations to make sure that the process is successful and the environment is fully functional.

Chapter 5, Upgrading from Samba Server Version 3, describes the main differences between Samba software Version 3 and Version 4 and the considerations before planning a successful upgrade. We will also learn about the plan, tests, validations, as well as a step-by-step procedure to execute the upgrade and all the commands and scripts that are needed to go from a Samba 3 Primary Domain Controller to a Samba 4 fully functional Active Directory Domain Controller.

Chapter 6, Printing and File Services, covers the file and printing services for the Samba 4 Server. We will learn about some differences between the file and printing capabilities of Samba Server Version 3 and Version 4. We will learn about the SMB/CIFS protocol versions of Samba 4, the Samba 4 file and print server daemons, Microsoft Windows print driver Version 3 and Version 4. We will learn how to configure a printer on the Samba 4 Server host using CUPS and how to share the printer on a Microsoft Active Directory network using Samba. We have introduced Microsoft Windows Point and Print Samba Server configuration and basic File sharing with Samba 4.

Chapter 7, Extending the Active Directory Schema Using Samba 4, describes how to extend the default Active Directory schema for some specific applications when using a built-in Samba 4 as the Active Directory Domain Controller.

Chapter 8, Implementing a Highly Available Distributed File Server, focuses on how to implement a highly available and distributed file server using Samba 4 Server, GlusterFS, and CTDB.

Chapter 9, The Samba 4 Python Scripting Interface, describes some basics about the Samba 4 internals, going through some code snippets and understanding the open source development and collaborative work. This chapter also provides us with an introduction to the Samba 4 Python bindings, teaches us how to explore and start using the new Python interface of the Samba 4 Server, and describes a practical example using the combined power of Python and Samba 4.

Appendix, References, provides the links for the references used in the book.

What you need for this book

This book is focused on the Samba 4 software and its installation on a Debian GNU/Linux operating system. So, the reader will need an Internet connection to download and install both the software and a CD/DVD with