Samba-3 has grown in capability, as well as in complexity. Linux administrators are keen to learn how better to manage Samba and how to meet the growing demand of network security and audit-ability. This series of articles will help administrators master Samba-3 management. In this first article in a six-part, two-month series, you'll find a description of the series and a tutorial on Windows network identity basics.
Introduction
I recently asked a few Windows networking administrators what they believe is needed to help drive down the cost of using Samba. They all said better management tools would be a great help.
After further discussion with these administrators, it became clear that while they were comfortable with Samba, they were unclear where Samba stores user, machine and group information, and how these relate to the network environment. Had the relationships been better understood, the functionality of available administration tools might be better understood and the request for better tools might not be so strong.
This series of articles will provide a better understanding of the relationship between Windows networking accounts and their equivalent on the Unix or Linux server that is running Samba.
I've described the topics in the series below. You can also click here to go directly to page two for the tip on Windows network identity.
Series overview
This series will cover the following subjects:
- Windows networking identity basics: The first article explores the ways in which Microsoft Windows users gain access to the operating system and how this affects access to network resources. It will also explore what a Samba server must do to handle incoming network connection requests from Windows workstations. Specifically, the article will show how Samba deals with identity issues, where it stores the data it uses and how each component of Windows networking identities can be managed. The article concludes with basic rules that make it possible to operate the Samba environment with a minimum of administrative overhead.
- A comparison of user rights and privilege management in Windows and Samba: The second article will explain how Windows workstation users gain, or can be denied, various local and network-wide rights and privileges. It then will examine how this can be implemented in a Samba environment.
- The creation of a network-wide remote management infrastructure: The next article focuses on how Samba can be configured to create an environment that is conducive to centralized network management. It will provide information on where to obtain detailed technical guidance, so that the necessary infrastructure can be implemented without undue difficulty.
- Use of the pdbedit utility to manage user accounts and to configure network security settings: The pdbedit utility has become a strategically important tool for managing Windows network user accounts. It is also important to sites that need to comply with the requirements of the Sarbanes-Oxley Act. The article will discuss how this tool can be used to set password expiration limits and reconfigure the location of a user's home folder or the location of the user's roaming profile, and so on. Additionally, the article will explain how to disable roaming profiles for all or for some users and will provide guidelines for Windows workstation configuration to bring sanity to network management.
- The use of the net utility to perform remote network management: The article will show how the net utility can be used to perform many essential network management and control operations. This versatile tool can be used to manage users, groups and group membership for Windows networking users. It can also be used to migrate servers and server resources across various Windows and Samba servers.
- The use of various remote management tools: This closing article will examine the leading solutions to the remote network management challenge. An overview will be provided covering the NT4 SRVTOOLS, the LDAP administrator, the IMC console, the LDAP Administration Manager (LAM), and a commercial tool (yet to be chosen).
No comments:
Post a Comment