Re: [Samba] file server or member server?
On Tue, 2013-07-02 at 09:28 +0200, steve wrote: [SNIP] Do I have this? 1. is a domain controller and a file server. 2. is a member server and a file server. Yes, that is what you have. Another question, why do you say: '...its a domain server (or domain controller).' Which _is_ it? If it's the same thing then why does it have two names? It's English, every word has multiple meanings and the same thing can be described with multiple words. It is what makes English one of the most expressive languages there is. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
I'll have a go :) My 2p: A Windows domain is an authentication-and-authorisation space, defined by a database of all usernames known within that space, together with their passwords, group memberships and much more related stuff. The username database (held as a set of files of course) is managed by one or more servers dedicated to the task of processing logon attempts, verifying passwords, authorising filesystem access requests, etc. This type of server is known as a domain controller (or domain server if you like). The domain will also contain, in general, many workstations used by the end-users, and a number of servers holding files, services and other objects available for the use of the users. The files and services have permission settings which define which users can access them and in which ways. The permission settings reference the usernames defined in the username database. Any machine (workstation or server) needing to make use of the username database must be joined to the domain (which means exchanging keys, so that secure communication can occur); we call such machines members of the domain member servers, member workstations. In a medium to large organisation there are usually quite a few member servers dedicated to file serving, some to web serving, some to print serving, and a few to more esoteric tasks (SQL, DNS, DHCP, WINS [does that still exist ?], etc. etc.). You could refer to these servers as fileservers, webservers, printservers, SQLservers, DNS servers, etc. you see the pattern here ? :-) You /can/ combine some of these server roles (including domain controller) in one physical server, but you must be careful about performance, especially in geographically dispersed networks. Note that all access requests must ultimately effectively be processed and approved by the domain controllers, which can make them pretty busy machines - so that job is often done by dedicated servers. There may also be other Windows servers owned by the organisation, which are not members or controllers of the domain - these servers are known as stand-alone servers, and their users will not share the same username password database as is used within the domain. Steve Are there any guidelines for this sort of stuff? Yes. In the Microsoft world, typically the sysadmins all go on [gulp] MCSE (Microsoft Certified System Engineer) training programmes, where all this stuff is taught in some detail - including how to estimate performance requirements from expected user population required data flows, and thus how to arrive at an effective network and domain design. Usually you discover that you need an unbelievable number of servers, and that the cost of server licenses and client access licenses (an iniquitous concept) is likely to bankrupt your employer ;-) After your boss has had a heart attack, you think about Samba I don't know whether or not there are FOSS-world courses which teach the same (CIFS/SMB/AD) concepts. You can also find any number of $50 text books on the subject (Windows Active Directory) in any decent bookstore. e.g. http://shop.oreilly.com/product/0636920028932.do Active Directory Cookbook, 4th Edition Solutions for Administrators Developers (but they will usually be focused on Microsoft products). BTW: if you don't already know about it, you really should also try to learn as much of the stuff on this website as you possibly can : http://ubiqx.org/cifs/ It's more about the protocols, rather than domain design - but still important for a sysadmin (and it's by one of the Samba team). [I hope this helped ... maybe you already know all this stuff, and I didn't understand your question .. it was fun trying anyway :)] Good luck. Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 19:55 -0500, Ricky Nance wrote: I feel like I am saying what has already been said, so if you could be more specific about what kind of hierarchy you have, I could give you a more specific answer. For the most part, if its serving files and in a domain, but not providing authentication itself, its a 'member server', if its NOT in a domain, but simply serving files to any and all windows clients, its a simple file server, if its in a domain and providing the domain with username/password authentication its a domain server (or domain controller). Phew, I think I'm getting there. OK, I have: 1. a 4.0.6 DC It serves these files selfishly: [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No 2. A 4.0.6 box joined to the domain. It serves profiles, home directories, stuff that groups can rw to and anything else you can throw at it e.g. [users] path = /home/users read only = No [profiles] path = /home/profiles read only = No [shared] path = /home/shared read only = No /home/profiles and /home/shared have ace's set to mimic what we would otherwise have to set in smb.conf Do I have this? 1. is a domain controller and a file server. 2. is a member server and a file server. Another question, why do you say: '...its a domain server (or domain controller).' Which _is_ it? If it's the same thing then why does it have two names? This thread may seem like a waste of space to many, but it's merely the tip of the iceberg for us. Our main problem is that we are not dealing with native English speakers. The grammatical and interpretational problems which this list and the samba documentation in general throw up are at times insurmountable. Thank you all for the patience which you afford us. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
Hi Steve On 2 July 2013 09:28, steve st...@steve-ss.com wrote: On Mon, 2013-07-01 at 19:55 -0500, Ricky Nance wrote: I feel like I am saying what has already been said, so if you could be more specific about what kind of hierarchy you have, I could give you a more specific answer. For the most part, if its serving files and in a domain, but not providing authentication itself, its a 'member server', if its NOT in a domain, but simply serving files to any and all windows clients, its a simple file server, if its in a domain and providing the domain with username/password authentication its a domain server (or domain controller). Phew, I think I'm getting there. OK, I have: 1. a 4.0.6 DC It serves these files selfishly: [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No 2. A 4.0.6 box joined to the domain. It serves profiles, home directories, stuff that groups can rw to and anything else you can throw at it e.g. [users] path = /home/users read only = No [profiles] path = /home/profiles read only = No [shared] path = /home/shared read only = No /home/profiles and /home/shared have ace's set to mimic what we would otherwise have to set in smb.conf Do I have this? 1. is a domain controller and a file server. Yes, I suppose so, although most people would not really call it a file server, because the files it's serving are just related to the DC functionality. (Or at least that's how I look at it.) It's not a general anything else you can throw at it file server. 2. is a member server and a file server. Yes. And as hinted at in some of the other messages, you could have a standalone server (i.e. not joined to a domain, and therefore not a member server) that serves file. This would also be a file server, but (as mentioned) not a member server. Also you could have a server (whether joined to the domain or not) that does not serve files at all, but only printers. This would be a print server. Of course a server could also be a file and print server. Another question, why do you say: '...its a domain server (or domain controller).' Which _is_ it? If it's the same thing then why does it have two names? He's using or in the sense of: You can call it a domain server, or you can call it a domain controller. It's the same thing. Personally, I have not come across the term domain server and it seems rather ambiguous to me. I would avoid using it and stick with domain controller. This thread may seem like a waste of space to many, but it's merely the tip of the iceberg for us. Our main problem is that we are not dealing with native English speakers. The grammatical and interpretational problems which this list and the samba documentation in general throw up are at times insurmountable. Thank you all for the patience which you afford us. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Tue, 2013-07-02 at 11:02 +0200, Michael Wood wrote: Hi Steve On 2 July 2013 09:28, steve st...@steve-ss.com wrote: On Mon, 2013-07-01 at 19:55 -0500, Ricky Nance wrote: I feel like I am saying what has already been said, so if you could be more specific about what kind of hierarchy you have, I could give you a more specific answer. For the most part, if its serving files and in a domain, but not providing authentication itself, its a 'member server', if its NOT in a domain, but simply serving files to any and all windows clients, its a simple file server, if its in a domain and providing the domain with username/password authentication its a domain server (or domain controller). Phew, I think I'm getting there. OK, I have: 1. a 4.0.6 DC It serves these files selfishly: [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No 2. A 4.0.6 box joined to the domain. It serves profiles, home directories, stuff that groups can rw to and anything else you can throw at it e.g. [users] path = /home/users read only = No [profiles] path = /home/profiles read only = No [shared] path = /home/shared read only = No /home/profiles and /home/shared have ace's set to mimic what we would otherwise have to set in smb.conf Do I have this? 1. is a domain controller and a file server. Yes, I suppose so, although most people would not really call it a file server, because the files it's serving are just related to the DC functionality. (Or at least that's how I look at it.) It's not a general anything else you can throw at it file server. 2. is a member server and a file server. Yes. The two Yes's there are wonderful to read. We're going to pretend that you didn't add the 'I suppose so'. This introduces another question for which I suppose I should start another thread but there may be some relevance here. I think we're making the wrong decision given 2 boxes to make the domain. We're using the more powerful box with the bigger disk as the DC but it sits there with hardly any load all the time. The member server hits smbd hard all day. top gives high %CPU and %MEM a lot of the time, especially when we're doing photos. It doesn't seem to slow things down much and the other thing we see is that when everyone logs on at the same time, it's slow. The latter is the DC but it still doesn't show much activity. Could that be because it's reading the profile for windows and the home folder for Linux? Are there any guidelines for this sort of stuff? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file server or member server?
Hi everyone What's the difference between a file server and a member server? I have a 4.0.6 DC which is a file server for sysvol. I also have a 4.0.6 file server for the other folders which go out to the clients. Do I have a member server? Or is a member server one upon which all files are served from the DC? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On a very general level , a member server is joined to the domain so that it can use the domain accounts.A member server is typically a file server but does not have to be (you could be using it as a web server, or application server or even a workstation.) A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. A server that is not a member server or a domain controller is considered to be a standalone server.These concepts apply to Windows/Samba domains whether you are running domains based on Samba 3, Samba 4, Windows 200x or Windows NT. On 07/01/13 04:27, steve wrote: Hi everyone What's the difference between a file server and a member server? I have a 4.0.6 DC which is a file server for sysvol. I also have a 4.0.6 file server for the other folders which go out to the clients. Do I have a member server? Or is a member server one upon which all files are served from the DC? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 09:59 -0400, Gaiseric Vandal wrote: [SNIP] A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. The profile directories can be located on a server other than a domain controller. This is true for both NT4 style PDC/BDC and Active Directory servers. If you have a lot of users in your domain this is highly desirable. As the profile location is a setting in the directory, you can even have different users profiles on different servers which allows you to shard the profiles if you have a really large number of users. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 17:04 +0100, Jonathan Buzzard wrote: On Mon, 2013-07-01 at 09:59 -0400, Gaiseric Vandal wrote: [SNIP] A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. The profile directories can be located on a server other than a domain controller. Hi Our profile directories are stored on what I call our file server. Does that make it a member server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
I don't think it necessarily makes it a member a member server BUT if it isn't a member server it is going to be pretty useless for serving profiles. I have not worked with Samba4 myself- I have worked with Samba 3 (and Windows 200x AD , and NT4) so you may want to review the samba 4 specific docn fir basic config. In samba 3 a quick review of the smb.conf file (or the output of testparm -v will reveal the type of setup. Did you inherit these machines from someone else? On 07/01/13 14:18, steve wrote: On Mon, 2013-07-01 at 17:04 +0100, Jonathan Buzzard wrote: On Mon, 2013-07-01 at 09:59 -0400, Gaiseric Vandal wrote: [SNIP] A domain controller can be a file server, although in many cases a domain controller will only provide authentication and logon functions.It does need to have file shares to provide access to to the logon scripts and profile directories used by Windows clients but that doesn't really make a a file server. The profile directories can be located on a server other than a domain controller. Hi Our profile directories are stored on what I call our file server. Does that make it a member server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 14:35 -0400, Gaiseric Vandal wrote: I don't think it necessarily makes it a member a member server BUT if it isn't a member server it is going to be pretty useless for serving profiles. Ok, so if a samba 4 box can serve profiles, then it is called a member server, whether that be the DC or a separate 'file server'??? I have not worked with Samba4 myself- I have worked with Samba 3 (and Windows 200x AD , and NT4) so you may want to review the samba 4 specific docn fir basic config. In samba 3 a quick review of the smb.conf file (or the output of testparm -v will reveal the type of setup. Did you inherit these machines from someone else? Yes. We take stand alone machines and network them by adding a DC and what we call a file server. What I'd like to know is why some guys here call what seems to be what we call a file server, a member server. I feel we're missing out on something. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On 01/07/13 19:56, steve wrote: [SNIP] Yes. We take stand alone machines and network them by adding a DC and what we call a file server. What I'd like to know is why some guys here call what seems to be what we call a file server, a member server. I feel we're missing out on something. In both NT4 style and AD domains you have servers called domain servers that serve identification information and provide authentication services. These servers may also do other things such as serve files, but it is the identification and authentication services that make them domain servers. Any server providing identification and authentication services is a domain server regardless of anything else it does. You can then have other servers, such as file servers, print servers, web servers etc. that are joined to the domain, and thus you can use your domain credentials to authenticate to these servers, in the case of an AD domain using the Kerberos ticket you got when you logged onto your workstation. However crucially they don't provide identification or authentication services. These servers are called member servers. With larger domains it makes sense to separate out your file and print servers from your domain servers, so that the domain servers are effectively only providing the identification and authentication services and your file and print services are handed off to dedicated machines for the task. There is no way a domain server is going to cope at a large University for example with tens of thousands of users. This however is very basic Windows domain terminology/knowledge which I would expect anyone offering advice on Samba to fully understand first. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
Good explanation. Better than mine. I tend to think of the roaming profiles as part of the logon experience, since they sync with your computer when you logon. Actually, I found roaming profiles to be more trouble than they were worth so I don't use them anyway. On 07/01/13 17:36, Jonathan Buzzard wrote: On 01/07/13 19:56, steve wrote: [SNIP] Yes. We take stand alone machines and network them by adding a DC and what we call a file server. What I'd like to know is why some guys here call what seems to be what we call a file server, a member server. I feel we're missing out on something. In both NT4 style and AD domains you have servers called domain servers that serve identification information and provide authentication services. These servers may also do other things such as serve files, but it is the identification and authentication services that make them domain servers. Any server providing identification and authentication services is a domain server regardless of anything else it does. You can then have other servers, such as file servers, print servers, web servers etc. that are joined to the domain, and thus you can use your domain credentials to authenticate to these servers, in the case of an AD domain using the Kerberos ticket you got when you logged onto your workstation. However crucially they don't provide identification or authentication services. These servers are called member servers. With larger domains it makes sense to separate out your file and print servers from your domain servers, so that the domain servers are effectively only providing the identification and authentication services and your file and print services are handed off to dedicated machines for the task. There is no way a domain server is going to cope at a large University for example with tens of thousands of users. This however is very basic Windows domain terminology/knowledge which I would expect anyone offering advice on Samba to fully understand first. JAB. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
On Mon, 2013-07-01 at 22:36 +0100, Jonathan Buzzard wrote: Thanks for the input. But. . . In both NT4 style and AD domains you have servers called domain servers . . .now you've introduced yet another term. What's a domain server? I could make a guess and I'm almost certain it would be correct. But would I? Can anyone simply give a plain English definition on any of these in a samba context: - file server - member server and now - domain server I know that language evolves, but having to move the goalposts so often depending on what post you read is a nightmare for non native English speakers. It would help enormously over here, if we all stuck to calling a spade a spade. Thanks for reading, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] file server or member server?
Steve, in simplest terms, a member server is just that, a member of the domain serving something (print services, file services, etc). A file server is generally part of either a member server, or it can be part of the domain server, its simply the part of the server that is handling how the files are transferred. A domain server would be either a PDC or AD DC, something that handles authentication, in some environments, you will find a NT4 style PDC (Primary Domain Controller), in others you will find AD DC's (Active Directory Domain Controllers), and still yet, there will be others that are just simple authentication (simple file servers, mainly used in home networks). With all that said, you can mix and match somewhat, all DC's (Domain Controller, AKA domain server) have the capability of serving files (file server), but a member server MUST be part of the domain as it does not provide authentication, it only checks with a DC to see what parts of the file server it can access. I feel like I am saying what has already been said, so if you could be more specific about what kind of hierarchy you have, I could give you a more specific answer. For the most part, if its serving files and in a domain, but not providing authentication itself, its a 'member server', if its NOT in a domain, but simply serving files to any and all windows clients, its a simple file server, if its in a domain and providing the domain with username/password authentication its a domain server (or domain controller). Hope that helps, Ricky On Mon, Jul 1, 2013 at 5:34 PM, steve st...@steve-ss.com wrote: On Mon, 2013-07-01 at 22:36 +0100, Jonathan Buzzard wrote: Thanks for the input. But. . . In both NT4 style and AD domains you have servers called domain servers . . .now you've introduced yet another term. What's a domain server? I could make a guess and I'm almost certain it would be correct. But would I? Can anyone simply give a plain English definition on any of these in a samba context: - file server - member server and now - domain server I know that language evolves, but having to move the goalposts so often depending on what post you read is a nightmare for non native English speakers. It would help enormously over here, if we all stuck to calling a spade a spade. Thanks for reading, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba