Sams Teach Yourself Samba in 24 Hours
Hour 10: Server-Side Automation
Previous
Hour
|
Sections in this Chapter: |
|
|
|
||
|
||
|
||
|
|
Sams Teach Yourself Samba in 24 Hours |
|
||||||||||||||||
|
Hour 10: Server-Side Automation |
|
||||||||||||||||
|
|
||
|
The netbios aliases parameter was mentioned in Hour 5, although at the time it was not explained why anyone would want the same server to appear in browse lists using multiple names. As you remember, the %L variable expands to the name the client used in the connection to the Samba server.
The include parameter enables you to lexically insert text at any point in the configuration file. It is perfectly valid to use variables in the filename given to the include directive. When it's used with the %L variable, you can include different settings based on who the client was attempting to connect to. The combination of variables and the include parameter provides an extreme amount of flexibility in the server's behavior based on the calling (%m) or the called (%L) name.
If you have ever written a computer program in C, you will be familiar with the #include filename preprocessor directive. This directive tells the preprocessor to include the entire text of the given file lexically into the source code at the point. Samba's include parameter performs the same function.
The parameter's value is a path to a file whose contents will replace the current occurrence of the include line. If Samba cannot open the file specified, the include parameter has no effect.
Let's use this sample smb.conf file:
; smb.conf
[global]
netbios name = EAGLE
workgroup = FOWLPLAY
security = user
password level = 4
include = /usr/local/samba/lib/shares.conf
Here are the contents of /usr/local/samba/lib/shares.conf:
; shares.conf
[foo]
comment = example disk share
path = /export/smb/foo
[homes]
writeable = yes
valid user = %S
The resulting file after parsing would be
; smb.conf
[global]
netbios name = EAGLE
workgroup = FOWLPLAY
security = user
password level = 4
; shares.conf
[foo]
comment = example disk share
path = /export/smb/foo
[homes]
writeable = yes
valid user = %S
What difference does this make and why would you want to do something like this? Suppose that you have three departments: Accounting, Personnel, and Administration. Also suppose that each department has a group share that is accessed by its UNIX server through the network file system (NFS) and a central passwd file that is distributed using some mechanism such as rdist or the network information service (NIS). Each UNIX box also acts as a Samba server for the PCs in that particular department. From time to time, a person from one department needs temporary access to a group share from a machine in another department. The most maintainable solution would be to define all the group shares in one configuration file and then include that at run time into the main smb.conf file, as shown in Listings 10.1 and 10.2.
; smb.conf file to manage group shares via the include parameter
[global]
netbios name = <fill in the machine name>
workgroup = <fill in the department workgroup name>
security = user
password level = 4
[homes]
comment = <department names> home directory
writeable = yes
path = /export/home/%U
; include the group shares
include = /opt/admin/sys/group_shares.conf
[acctgrp]
comment = Acccounting departmental share
Path = /export/acct/acctgrp
create mode = 0660
directory mode = 0770
valid users = @acct
; Personel group share
[persgrp]
comment = Personel departmental share
path = /export/personel/persgrp
create mode = 0660
directory mode = 0770
valid users = @personel
; Administration group share
[admingrp]
comment = Administration departmental share
path = /export/admin/admingrp
create mode = 0660
directory mode = 0770
valid users = @admin
Because I said you had NFS service to all the servers, it's only a small stretch to include NFS automount support as well. Each server uses this smb.conf file tailored to its machine settings such as the NetBIOS name and workgroup name. The group_shares.conf file is located on an automounted share (Solaris uses /opt as the mount on demand point, so I will use that as well by force of habit). This environment enables you to make changes to the group share configuration file and the changes to be seen by all three servers.
Figure 10.2 gives a pictorial explanation of the smb.conf file that was previously listed. All three servers, ACCT-1, PERSON-1, and ADMIN-1, have a local configuration file similar to Listing 10.1. The include directive at the end tells Samba to insert the text of /opt/admin/sys/group_shares.conf, which is shown at the top of the diagram. All the servers will include the same file. Therefore, if a change must be made to a group share definition, it needs be changed only in group_shares.conf and will be seen by all three servers as a result.
Figure
10.2
Managing group shares by using the include parameter.
Although the previous example of using included files was perfectly valid, perhaps a more common scenario is to use variables in the included filename to change the behavior of the server based on the client settings. Here is a simple example that enables you to use encrypted passwords for Windows NT clients and plain text passwords for Windows 95 clients:
){kind=link}
; smb.conf
[global]
netbios name = EAGLE
workgroup = FOWLPLAY
include = /usr/local/samba/lib/%a.conf
; service definition go next
...
Remember that the %a variable expands to the name of the client's operating system. You'll assume that only Windows 9x (win95) or Windows NT (winNT) clients will be connecting. Here are the configuration files needed to support these two clients. The Windows 95 configuration file looks like this:
; win95.conf encrypt passwords = no password level = 4
The Windows NT client uses
; winNT.conf encrypt passwords = yes smb passwd file = /etc/smbpasswd
I hope that the more you use the include parameter, the more the rationalization for using the netbios aliases parameter will become clearer. Remember that the %L variable is expanded to the NetBIOS name of the server that the client used in the session setup request. By using the %L variable in the name of the file to include, the same machine can appear as very different Samba servers.
Return to the previous example using the three departments. Suppose that your company bandwidth increases to enable you to use a central server for all departments. How can you use the include parameter with NetBIOS aliases to make the change transparent to the users and your job easier?
The first thing to do is to configure the Samba server using its primary NetBIOS name:
; smb.conf
netbios name = server1
workgroup = COMPANY-GRP
security = user
password level = 4
; Accounting group share
[acctgrp]
comment = Acccounting departmental share
Path = /export/acct/acctgrp
create mode = 0660
directory mode = 0770
valid users = @acct
; Personel group share
[persgrp]
comment = Personel departmental share
path = /export/personel/persgrp
create mode = 0660
directory mode = 0770
valid users = @personel
; Administration group share
[admingrp]
comment = Administration departmental share
path = /export/admin/admingrp
create mode = 0660
directory mode = 0770
valid users = @admin
Next add the names of the existing departmental servers as netbios aliases:
netbios aliases = acct-1 person-1 admin-1
Then copy the existing configuration files from the departmental servers and name them acct-1.conf, person-1.conf, and admin-1.conf respectively. You still want to keep the home directories separate, so when you move them to the new server's disk, divide them into /export/acct, /export/personel, and /export/admin. Now you need to tell Samba to load the configuration file that matches the name the client used during connection:
include = /usr/local/samba/lib/%L.conf
The three configuration files are given in Listings 10.3, 10.4, and 10.5.
; acct-1.conf
[homes]
comment = Accounting home directories
path = /export/acct/%U
valid users = %S
[docs]
comment = department documentation
path = /export/acct/docs
writeable = no
; person-1.conf
[homes]
comment = Personel home directories
path = /export/personel/%U
valid users = %S
[forms]
comment = personel forms
path = /export/personel/forms
; admin-1.conf
[homes]
comment = Administration home directories
path = /export/admin/%U
valid users = %S
Figure 10.3 shows the results of browsing the network. There are physically only two machines available. QUESO is a Windows 95 client and SERVER1 is a Linux box. The other three entries--ACCT-1, ADMIN-1, and PERSON-1--are created by the netbios aliases parameter in smb.conf. Figures 10.4, 10.5, and 10.6 display the shares offered by each server. Notice that each server is slightly different, yet all have the common group shares.
Figure
10.3
Browsing each of the three configurations of the Samba server. QUESO is the Windows 95 machine used to browse the network. SERVER1 is the primary NetBIOS name of the server.
Figure
10.4
Browsing the shares available on ACCT-1.
Figure
10.5
Browsing the shares available on ADMIN-1.
Figure
10.6
Browsing the shares available on PERSON-1.
You might have already recognized a glitch. I said that you wanted the transition to be transparent to the user, but we went from three workgroups to one! I admit that I skipped over this. Currently there is no way to make Samba take part in more than one workgroup simultaneously. Therefore, for your example, I assumed that users were accessing their respective server directly using UNC network paths in the form of \\servername\sharename.
|
Sams Teach Yourself Samba in 24 Hours |
|
||||||||||||||||
|
Hour 10: Server-Side Automation |
|
||||||||||||||||
|
© Copyright Macmillan USA. All rights reserved.
){kind=link}
){kind=link}
){kind=link}
){kind=link}