Ugo Bellavance <ugob@xxxxxxxxxxxxxx> wrote: > I started reading the Samba doc, but it is rather long. Of course. ;-> Samba has settings to emulate just about every detail of any release of Server Message Block (SMB) from old LAN Manager to Windows Server 2003. Microsoft's "canned," server-wide settings in their server versions are usually an issue for various clients. Hence why most enterprises with SMB experts prefer Samba over stock SMB in Windows Server. > I planned on using this server as a PDC so that it is not > too different from using their former windows 2000 server. <anal> FYI, the term Primary Domain Controller (PDC) is deprecated because it refers to the legacy CIFS NT 4.0 term. We typically call modern CIFS/SMB, including ActiveDirectory Services (ADS) integration, as a Domain Controller (DC). Although I noted that the more legacy Samba docs still call it a PDC. </anal> Note that newer DC services aren't just Samba. Samba just provides the Windows client Remote Procedure Call (RPC) services to the Windows clients when they access it as a file server. Samba can authenticate and authorize against other services. If you start reading a lot of Windows 2000 / ADS / Samba schtuff, you're going to see people talking about MS Kerberos and native Windows DC integration. That _only_ applies when you are integrating Samba servers with _native_ ADS DC servers (as you've heard me say before, "making UNIX ADS' bitch"). In your case, you're not using a native Windows ADS DC, so Samba is the authority. How you wish to maintain authentication and directory services is up to you. The Samba 3.0 By Example book gives you a lot of "cookbook methods" to setting up LDAP Schema for Windows clients. You can choose to do such if you wish. In general, there is a _massive_ "learning curve" associated with this, because you have to understand how Windows clients really work at the authentication, directory and file services level -- as well as how UNIX does. > I'll be managing this server, which is currently a staging > server for web development (php/mysql/cvs). Oh. Do you really need SMB then? Should they be doing CVS or Subversion/WebDAV-DeltaV check-ins instead? > Anyone has a opinion on this, or better ideas? Well, if you don't have native Windows ADS servers, then it's actually pretty easy to do. Samba can and will emulate a lot of different RPC services for the Windows clients. Tweaking those settings will be all you'll need to do. How you handle the directory services is up to you -- you can even just use local UNIX accounts (although I don't recommend that for future growth and more servers). Years ago I would have just used NIS (with Kerberos if I needed authentication security), but since NsDS 7.1, now FDS 7.1, became available earlier in the year, I've been recommending it (with or without Kerberos, your choice). Especially with the multi-master replication. The nice thing about building a network with NsDS is that if your organization should force native Windows ADS on you, you can still keep your authentication and control segmented, while synchronizing with ADS accounts. > My backups will be based on utilities and mondorescue, Be careful with Mondo Rescue. Hugo's a good guy, but his stuff tends to not work on all systems -- just a fact that systems differ and he can't test for everything. > kept on a internal (cold-swap drawer) hard-drive that I > would take every week (2-drawers rotation). As long as you are keeping the disks active regularly, then that's okay. Although longer-term storage (3+ months) really should go to a media like DVD-R, or tape if you can afford it. > Any recommendations welcome, will provide more details if > needed. The scope -- number of servers, types of users, why you need SMB and/or NFS (if you have UNIX desktops) access, CVS or Subversion details, etc... -- Bryan J. Smith | Sent from Yahoo Mail mailto:b.j.smith@xxxxxxxx | (please excuse any http://thebs413.blogspot.com/ | missing headers)