In my experience, these are three (3) most common issues with NFS+Samba ...
1. Locking issues Typically quotes: "UNIX/Linux and Windows users are stepping on each others files" "Windows users can't access files in use by UNIX users" (Vice-versa) Root cause: Samba is mis-configured to support UNIX lockd correctly Core professional ignorance (which exams should _harp_on_ ;-): Different Samba locking modes (including oplocks) Technical detail: Kernel NFS uses the same locking mechanisms as the local Linux filesystem. If Samba locking is mis-configured, it will not only not work with NFS, but it will not work with the local UNIX filesystems locking mechanisms either. NFS isn't the problem, as it would affect local file access on the server itself. So Samba has been mis-configured. In fact, most Windows administrators are ignorant of oplocks (especially since Microsoft only offers 1 type for all shares or only allows them to be disabled for all shares via a registry hack). 2. Permission issues Typical quotes: "UNIX/Linux users are writing the wrong group" "UNIX/Linux users are writing the wrong permissions" "Only the first Windows user can write a file to a directory" "Only the Windows creator of the file can change a file" (countless others) Root cause: Improper handling of filesystem permissions and bits. Especially using Samba to trump proper filesystem security. Core professional ignorance (which exams should _harp_on_ ;-): UNIX filesystem permissions and bits Technical detail: This isn't an issue limited to Linux Samba servers, but Windows as well. In fact, filesystem v. share security is _the_ initial focus of Microsoft's MCSA/MCSE "Server" exam. The guiding principle is *NEVER* use share-level security to trump filesystem-level security, and in many cases, you can't even do it on a Windows server like you can with Samba. NFS often _exposes_ mis-configured Samba servers. 3. Object mapping (especially user/group) Typical quotes: "The owner of a file is different on different systems, especially between UNIX and Windows" " Root cause: Improper ID management across multiple systems Failure to synchronize all systems to the same "authority(ies)" Core professional ignorance (which exams should _harp_on_ ;-): Only using basic Samba service (smbd) and legacy naming (nmbd) Technical detail: Welcome to enterprise management people! For LPIC-1/2, not knowing this is acceptable. But if you think you can "get away" with setting up a "standalone" Samba server or "rely on ADS" and "call it a day" with LPIC-3, you are _greatly_mistaken_! Unless you want to "throw out" proper Samba authentication and naming detail, and the greater understanding of it (and configuring it at the core Linux platform level), then I'd say "suck it up" and learn it! CASE-IN-POINT: We're not building LPIC-3 to be an exam so anyone who has read a HOWTO and "it seems to work" (even though there might be gross mis-configuration of Samba) can pass. We're building an exam that tests people who know how to _properly_ configure a server. And that means people need to _understand_ how to configure options, not what "just seemed to work" -- even though they still have have problems and "unexplained symptomps" they often blame on Windows (when, in fact, it's their mis-configuration of Samba ;-). With that said, for those that work in the "real world," I have *NEVER* seen a properly configured Samba server *EVER* have issues with NFS, _period_. That's because NFS merely uses the _native_ Linux platform facilities for _all_ of its services. Every single "real world" professional I've helped that has had issues with NFS _already_ had issues with their Samba configuration, and NFS was merely exposing it at the local Linux server level (authentication, filesystem, naming, object mapping, etc...). Yes, you can "get away" with mis-configurations in the "real world." But we're _not_ going to test practices that "barely work." We're going to test practices that "do work." And what I mean by "practices" is that at some point, we have to _narrow_ down what we can test. Yes, we can piecemeal authentication, schema and naming, etc... (especially with the separate Exam 301). But at some point, when we tackle authentication as well as IDMAP for Samba, we have to discuss the _base_ Linux platform configuration details at the /etc file as well as filesystem meta-data level. And that's when you basically cover NFSv4 already. ;-> -- Bryan J. Smith Professional, Technical Annoyance [EMAIL PROTECTED] http://thebs413.blogspot.com -------------------------------------------------- Fission Power: An Inconvenient Solution _______________________________________________ lpi-discuss mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-discuss
