SlideShare a Scribd company logo

Samba distributed env

M
Manfred Furuholmen
Technology
1 of 29
Download to read offline
Samba in a distributed environment manfred@zeropiu.it Samba Conference April 2006
Agenda • Starting Situation • Goals • Solution • Client Side • Server Side • Directory Server • Infrastructure • Network Design • Software • Directory Design • Configuration • Migration • Requirements • Procedure • Trouble • Result • Next Step Pagina 2
Overview Italsempione is nowadays the biggest Italian fully indipendent forwarding company covering any service related to transports and logistics with a worldwide agency network. Company: • Head Quarter in Italy • 16 Branch Office in Italy • 7 branch outside Italy • 400 PC , Windows XX • 150 PC , Linux • 8 Windows NT Domain • OpenVMS cluster • Microsoft Exchange • Wide Area Network • No IT stuff on the branch office Pagina 3
Project Goals • Cost Reduction • License • Hardware • Simplified management • Centralized User Profile • Centralized Management • Server Consolidation Pagina 4
Distributed environment In Distributed environment you need : • Ability to replicate information widely to increase • availability • reliability • Reducing response time. Perfect Solution are Directories Server: • Directories can manage all-size organizations, from small, focused user departments to global enterprises with millions of users. • Directories can store information about devices, applications, people and other aspects of a computer network. • Directories are based on a open standard technology (LDAP) for easy integration • Directory entries are arranged in a hierarchical tree-like structure. Traditionally, this structure reflected the geographic and/or organizational boundaries. • Directories are tuned to give quick response to high-volume lookup or search operations Don’t Use Directory when: • Your records change many times a day • Your records is plain to store in a relational database Pagina 5
Client Side Solution • Software OpenSource • PXES, remote Desktop for Windows Terminal Server • Linux Desktop • Hardware Thin Client • Low Price • Low power consumption • Low noise and heat Pagina 6
Server Side Solution • Software OpenSource • Linux • Linux Terminal Server Project (LTSP) • Samba Domain Controller • Network Service (DNS, DHCP, MAIL, ect) • Hardware • - Pagina 7
Simplified management Centrally administration “means” time and resource savings. • Centralized User Profile • Identity life cycle management • Secure password management • Role-based administration capability/Delegation • User Self Provisioning • Maintenance • Remote control (ex. ILo) • Automatic package distribution • Monitoring (ex. Centrilized log) • Server consolidation • Reduction number of system • Reduction rack space • Simplified backup and monitoring operations • Simplified update operation Pagina 8
Cost Comparison for a Basic, 100 Node Network Business Computing System HW Linux /Samba/LTSP Microsoft® Windows® Based PC Workstation/Server System Based System Item Quantity Price Totals Price Totals Hardware PC Workstations 100 $600 $60,000 $400 $40,000 File, Print Server 2 $4,000 $8,000 $4,000 $8,000 Email Server 2 $4,000 $8,000 $4,000 $8,000 Terminal Server 2 $5,000 $10,000 Subtotal $76,000 $66,000 Pagina 9
Cost Comparison for a Basic, 100 Node Network Business Computing System SW Linux Microsoft® Windows® Based PC Workstation/Server System Samba/LTSP Item Quantity Price Totals Price Totals Software Microsoft® Office Suite 100 $400 $40,000 $0 Microsoft® Server 2000 (with 5 CAL) 4 $1,000 $4,000 $370 $1,480 Microsoft® Exchange® 1 $700 $700 $0 $0 Microsoft® CALs (5) 19 $200 $3,800 $0 $0 Microsoft Windows XP (OEM) 100 $150 $15,000 $0 $0 Exchange® CALs 100 $67 $6,700 $0 $0 Subtotal $70,200 $1,480 Pagina 10
Use the Best Solution.. • Replace Domain Controller with Linux/Samba Server • Office with more 5 User Domain • Office where the number of Linux Desktop > Windows Desktop • Replace Windows Client with Linux Desktop (LTSP) • Employ with a executive job • Employ with light level of usage of Microsoft Office • Replace Windows Client with Windows Terminal Server • Employ with usage of custom windows application • Employ with heavy level of usage of Microsoft Office • Enterprise Directory • Centralize user profile Pagina 11
Design • Headquarter • One Directory Master in HQ • One Samba Domain Controller • 2 Samba File Server based on cluster • One “Master” NTP Server • Brach Office • One Directory slave in each branch office • One Samba Domain Controller in each branch office • One “Slave” NTP server • Enterprise Directory • Unix user same as Windows user Pagina 12
Software • Linux • Red Hat (kimberlite) Cluster for HQ office • Filesystem ext3 on LVM • Pam Ldap , NSS Ldap • Linux Terminal Server • PXES • Enterprise Directory • OpenLDAP 2.2.x • Gosa Interface • Samba 3.x • Ldap backend , ACL, CUPS, Quota • Monitor VFS module • External lib for password enforce (cracklib) • Mailserver • Postfix Mail Transfer Agent • Cyrus , mailbox delivery and IMAP/POP Services • Monitoring • Zabbix • Backup • Amanda Pagina 13
Enterprise Directory Ldap Design • User User Profile, Unix Account, User Windows Account, User Email Account, User Proxy Account,.. • Group Group Profile, Unix account, Windows Account, Email Shared Folder • Machine Account • Windows Machine Account • Branch Office • Domain Information • Office Information • Application • Administrative User • Application Attribute • User Role specific application Pagina 14
Pagina 15
Directory Information Tree (DIT) Pagina 16
Sample User Profile Unix Mail Samba • description: System User • sambaSID: S-1-5-21-963014146- • displayName: Manfred Furuholem • mail: manfred@italsempione.it 839875343-911163043-1229 • sn: Soncin • gosaMailServer: • sambaLogonTime: 1037577600 • givenName: Manfred imap://imap.italsempione.it • sambaLogoffTime: 1026432000 • o: Italsempione S.p.A. • gosaMailQuota: 500000 • ou: Edp • sambaAcctFlags: [UX ] • gosaMailDeliveryMode: [LV] • l: Vittuone • sambaHomeDrive: U: • gosaSpamSortLevel: 0 • st: Italy • sambaLogonScript: login.bat • telephoneNumber:xxxxxxxxxxx • gosaSpamMailbox: INBOX • sambaPrimaryGroupSID: S-1-5-21- • cn: Manfred Furuholmen • gosaVacationMessage: 963014146-839875343-911163043- • postalAddress: via Restelli,5 gosaMailAlternateAddress: 3009 • homeDirectory: manfred@is0404it20.italsempione.it /afs/italsempione.it/home/manfred • sambaDomainName: IS01DIT20 • gosaMailAlternateAddress: • loginShell: /bin/bash manfred.furuholmen@italsempione.it • sambaHomeDrive: U: • uid:manfred • sambaLogonScript: login.bat • uidNumber: 201203 • sambaPrimaryGroupSID: S-1-5-21- • gidNumber: 545 963014146-839875343-911163043- • gecos: Manfred Furuholmen 3009 • shadowMin: 0 • shadowMax: 0 • shadowWarning: 0 • shadowInactive: 0 • shadowLastChange: 13238 • Userpassword: xxxxxxxxx Pagina 17
Openldap Configuration • Syncronization • LDAP Sync Replication vs Slapd • refreshOnly vs refreshAndPersist • All data vs single Branch • Ldap Security • TLS/SASL • LDAP ACI/ACL • Grant users the ability to change their data • Grant application user to change their data • Deny read access to anyone attempting to query • Tuning • Attribute Index • sambaSID • sambaPrimaryGroupSID • sambaDomainName • sambaSIDList • Watch log • Berkeley Database backend tuning • Cache size ( slapd.conf ) • Transaction log (DB_CONFIG) • db_stat • Thread size • Concurrency Pagina 18
Samba Configuration • Ldap Backend • Branch Office is a organizational Unit (ou) used as suffix • Ldap Slave is the first server, Ldap master is configured as fall back (passdb backend = ldapsam:"ldap://127.0.0.1 ldap://10.1.21.247 “ ) • Write operation use referral to reach master server • Tuning search with suffix (ldap user suffix ,ldap machine suffix, ldap group suffix ) • Disable delete DN (ldap delete dn = no) • Ldap passwd sync • Custom Script (add machine, add group, add user to group, delete user from group , set primary group) • Add Gosa Schema • Add Italsempione Schema (Mail and application ) • Delay for Ldap Replication • Password Enforcement • CrackLib checking password • Costum script for password validation (check password script ) Pagina 19
Linux Configuration • LDAP support • System Databases and Name Service Switch (nss_switch.conf) • Pluggable Authentication Modules (PAM) • ldap.conf Configuration • Name services cache daemon nscd (nscd) • Cache TTL • positive-time-to-live, positive entries (successful queries) • negative-time-to-live, negative entries (unsuccessful queries) • Cache Size • Disable File check • Ext3 • Access Control List (ACL) support • Quota support • Tuning • Elvtune Pagina 20
Samba Cluster • Cluster • 2 node Active-Active • Disk shared • Kimberlite • Network HA (bond) • Samba • Individual per-service samba configuration file, /etc/samba/smb.conf.sh arename • Dedicated IP per-share Pagina 21
Provisioning Tool Gosa automatically creates, modifies and deletes user accounts on multiple, heterogeneous systems or applications. • Advanced graphical user interface • Wide spectrum of platform coverage • Password management • Ldap back end • Extensible Pagina 22
Migration Requirements • Seamless Migration • Without rejoin machine • User access with same password • Share access with same names • Maintain File Permission and ACL on share • Access log on special share • Introduce Password enforcement Pagina 23
Migration Procedure • Catalogize Shares and Printers • Pwdump2 vs Vampire • Build LDIF from SAM information • User acconut SID and Password • Computer account SID and Password • Group account • User and Group mapping • Install ldap infrastructure • Populate ldap • Install Samba Domain controller • Share Migration • Switch Domain Controller • Test user Login, login script and share acccess • Set Password Policy Pagina 24
Troubles • Ldap • Slave sometime disconnects to master (ldapsync) and loses synchronization • Berckley db corruption, sometime we need to rebuild the database by hand • When TLS is in use the cost of connection setup and binding is likely to far outweigh the search load. • A large pool of clients will also result in many hundreds of connections being held open, with a big usage of file descriptors. • PAM module • CHAGE command didn’t read shadow parameter from Ldap, replace with pwdutils • Samba • Failure to join new computer to domain in Branch Office, latency in Directory replication • Locking file (old samba Version) • Backup Filesystems ACL • ACLs are not handled from amanda backup system you need a separate script for dump to text file. Pagina 25
Current Status • Implementation • 7 Samba Domain Controller • 350 Linux Desktop ( LTSP) on 11 Server • 70 Windows Terminal Client on 3 Server • 130 Windows client • Reduction Cost • Direct impact on help desk costs, achieving 60% time reduction • License Reduction 50% • Benefit • Increase performance (Server and Desktop) • Increase security • Single sign-on • Reduced down time Pagina 26
Next Step • Fedora Ldap Server • Multimaster • Better performance • Robust • Samba 3.0.23 • Printer Configuration • LTSP 4.2 • Faster, 22 sec boot time • LTSPFS, local device • Multicast Boot, for pxes image • Bacula Backup system Pagina 27
Next Step (Under Testing) • Fileserver with Distributed Filesystem • AFS vs GFS • AFS single file system cross network • GFS high performance in local network • Samba with AFS module • Kerberos V • Heimdal with ldap bckend • AFS with 2b ticket support • Kerberos Password for Unix System • Load Balancing / HA • LVS • OpenSSI • Xen Pagina 28
The End For Further Questions: Fabrizio Manfredi Zeropiu Via Fra Luca Pacioli n.3 20144 Milano (Italy) manfred@zeropiu.it http://www.zeropiu.com Pagina 29

Recommended

Inexpensive storage
Inexpensive storageInexpensive storage
Inexpensive storage
Manfred Furuholmen
 
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded #DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
SDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speedSDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speed
Korea Sdec
 
Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08
gameaxt
 
NOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the CloudNOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the Cloud
boorad
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
Virtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and AvailabilityVirtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and Availability
Damir Bersinic
 
Workflow Manager Tips & Tricks
Workflow Manager Tips & TricksWorkflow Manager Tips & Tricks
Workflow Manager Tips & Tricks
Mai Omar Desouki
 

Recommended

Inexpensive storage
Inexpensive storageInexpensive storage
Inexpensive storage
Manfred Furuholmen
 
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded #DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
SDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speedSDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speed
Korea Sdec
 
Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08
gameaxt
 
NOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the CloudNOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the Cloud
boorad
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
Virtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and AvailabilityVirtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and Availability
Damir Bersinic
 
Workflow Manager Tips & Tricks
Workflow Manager Tips & TricksWorkflow Manager Tips & Tricks
Workflow Manager Tips & Tricks
Mai Omar Desouki
 
LAN Fundamentals
LAN FundamentalsLAN Fundamentals
LAN Fundamentals
Steven Baule
 
Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messages
feng1212
 
Spring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using CouchbaseSpring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using Couchbase
Intae Kim
 
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
Michael Noel
 
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Michael Noel
 
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxMYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
Pythian
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Ofer Zelig
 
Best Practice SharePoint Architecture
Best Practice SharePoint ArchitectureBest Practice SharePoint Architecture
Best Practice SharePoint Architecture
Michael Noel
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions
Alfresco Software
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Library
rajivkumarmca
 
Dutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning PresentationDutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning Presentation
Vladislav Tatarincev
 
Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010
hagestadwt
 
Soccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM ConnectionsSoccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM Connections
panagenda
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
Christoph Adler
 
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
dominion
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
Howard Greenberg
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
John Adams
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - ReloadedEngage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
panagenda
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
LetsConnect
 
What's new in SharePoint 2016
What's new in SharePoint 2016What's new in SharePoint 2016
What's new in SharePoint 2016
Giuseppe Marchi
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
Wiliam Ferraciolli
 

More Related Content

What's hot

Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messages
feng1212
 
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
Michael Noel
 
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Michael Noel
 

What's hot (10)

LAN Fundamentals
LAN FundamentalsLAN Fundamentals
LAN Fundamentals
 
Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messages
 
Spring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using CouchbaseSpring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using Couchbase
 
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
 
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
 
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxMYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 
Best Practice SharePoint Architecture
Best Practice SharePoint ArchitectureBest Practice SharePoint Architecture
Best Practice SharePoint Architecture
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Library
 

Similar to Samba distributed env

Soccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM ConnectionsSoccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM Connections
panagenda
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
Christoph Adler
 
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
dominion
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
Howard Greenberg
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - ReloadedEngage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
panagenda
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
Wiliam Ferraciolli
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
Nitin Mehta
 
CollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientCollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes Client
Christoph Adler
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance Boost
Christoph Adler
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
drewz lin
 
Facebook的架构
Facebook的架构Facebook的架构
Facebook的架构
yiditushe
 

Similar to Samba distributed env (20)

Dutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning PresentationDutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning Presentation
 
Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010
 
Soccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM ConnectionsSoccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM Connections
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
 
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - ReloadedEngage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 
What's new in SharePoint 2016
What's new in SharePoint 2016What's new in SharePoint 2016
What's new in SharePoint 2016
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
CollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientCollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes Client
 
Windows Azure introduction
Windows Azure introductionWindows Azure introduction
Windows Azure introduction
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance Boost
 
Designs, Lessons and Advice from Building Large Distributed Systems
Designs, Lessons and Advice from Building Large Distributed SystemsDesigns, Lessons and Advice from Building Large Distributed Systems
Designs, Lessons and Advice from Building Large Distributed Systems
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
 
Facebook的架构
Facebook的架构Facebook的架构
Facebook的架构
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
 

More from Manfred Furuholmen

Winbind as Identity Management Connector
Winbind as Identity Management ConnectorWinbind as Identity Management Connector
Winbind as Identity Management Connector
Manfred Furuholmen
 
Use Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierUse Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage Tier
Manfred Furuholmen
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load Websites
Manfred Furuholmen
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
Manfred Furuholmen
 

More from Manfred Furuholmen (19)

Pisa
PisaPisa
Pisa
 
Samba4 Introduction
Samba4 IntroductionSamba4 Introduction
Samba4 Introduction
 
Restfs internals
Restfs internalsRestfs internals
Restfs internals
 
Introduction to message_queue
Introduction to message_queueIntroduction to message_queue
Introduction to message_queue
 
Restfs
RestfsRestfs
Restfs
 
Winbind as Identity Management Connector
Winbind as Identity Management ConnectorWinbind as Identity Management Connector
Winbind as Identity Management Connector
 
Use Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierUse Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage Tier
 
Managing OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDMManaging OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDM
 
Afs manager
Afs managerAfs manager
Afs manager
 
Pt server ng
Pt server ngPt server ng
Pt server ng
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load Websites
 
Be lazy... make automation
Be lazy... make automationBe lazy... make automation
Be lazy... make automation
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
 
Domestic cloud
Domestic cloudDomestic cloud
Domestic cloud
 
Samba management Console
Samba management ConsoleSamba management Console
Samba management Console
 
Link Samba to Cloud Storage
Link Samba to Cloud StorageLink Samba to Cloud Storage
Link Samba to Cloud Storage
 
Samba as a gateway to OpenAFS
Samba as a gateway to OpenAFSSamba as a gateway to OpenAFS
Samba as a gateway to OpenAFS
 
AFS introduction
AFS introductionAFS introduction
AFS introduction
 
AFS case study
AFS case studyAFS case study
AFS case study
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Samba distributed env

  • 1. Samba in a distributed environment manfred@zeropiu.it Samba Conference April 2006
  • 2. Agenda • Starting Situation • Goals • Solution • Client Side • Server Side • Directory Server • Infrastructure • Network Design • Software • Directory Design • Configuration • Migration • Requirements • Procedure • Trouble • Result • Next Step Pagina 2
  • 3. Overview Italsempione is nowadays the biggest Italian fully indipendent forwarding company covering any service related to transports and logistics with a worldwide agency network. Company: • Head Quarter in Italy • 16 Branch Office in Italy • 7 branch outside Italy • 400 PC , Windows XX • 150 PC , Linux • 8 Windows NT Domain • OpenVMS cluster • Microsoft Exchange • Wide Area Network • No IT stuff on the branch office Pagina 3
  • 4. Project Goals • Cost Reduction • License • Hardware • Simplified management • Centralized User Profile • Centralized Management • Server Consolidation Pagina 4
  • 5. Distributed environment In Distributed environment you need : • Ability to replicate information widely to increase • availability • reliability • Reducing response time. Perfect Solution are Directories Server: • Directories can manage all-size organizations, from small, focused user departments to global enterprises with millions of users. • Directories can store information about devices, applications, people and other aspects of a computer network. • Directories are based on a open standard technology (LDAP) for easy integration • Directory entries are arranged in a hierarchical tree-like structure. Traditionally, this structure reflected the geographic and/or organizational boundaries. • Directories are tuned to give quick response to high-volume lookup or search operations Don’t Use Directory when: • Your records change many times a day • Your records is plain to store in a relational database Pagina 5
  • 6. Client Side Solution • Software OpenSource • PXES, remote Desktop for Windows Terminal Server • Linux Desktop • Hardware Thin Client • Low Price • Low power consumption • Low noise and heat Pagina 6
  • 7. Server Side Solution • Software OpenSource • Linux • Linux Terminal Server Project (LTSP) • Samba Domain Controller • Network Service (DNS, DHCP, MAIL, ect) • Hardware • - Pagina 7
  • 8. Simplified management Centrally administration “means” time and resource savings. • Centralized User Profile • Identity life cycle management • Secure password management • Role-based administration capability/Delegation • User Self Provisioning • Maintenance • Remote control (ex. ILo) • Automatic package distribution • Monitoring (ex. Centrilized log) • Server consolidation • Reduction number of system • Reduction rack space • Simplified backup and monitoring operations • Simplified update operation Pagina 8
  • 9. Cost Comparison for a Basic, 100 Node Network Business Computing System HW Linux /Samba/LTSP Microsoft® Windows® Based PC Workstation/Server System Based System Item Quantity Price Totals Price Totals Hardware PC Workstations 100 $600 $60,000 $400 $40,000 File, Print Server 2 $4,000 $8,000 $4,000 $8,000 Email Server 2 $4,000 $8,000 $4,000 $8,000 Terminal Server 2 $5,000 $10,000 Subtotal $76,000 $66,000 Pagina 9
  • 10. Cost Comparison for a Basic, 100 Node Network Business Computing System SW Linux Microsoft® Windows® Based PC Workstation/Server System Samba/LTSP Item Quantity Price Totals Price Totals Software Microsoft® Office Suite 100 $400 $40,000 $0 Microsoft® Server 2000 (with 5 CAL) 4 $1,000 $4,000 $370 $1,480 Microsoft® Exchange® 1 $700 $700 $0 $0 Microsoft® CALs (5) 19 $200 $3,800 $0 $0 Microsoft Windows XP (OEM) 100 $150 $15,000 $0 $0 Exchange® CALs 100 $67 $6,700 $0 $0 Subtotal $70,200 $1,480 Pagina 10
  • 11. Use the Best Solution.. • Replace Domain Controller with Linux/Samba Server • Office with more 5 User Domain • Office where the number of Linux Desktop > Windows Desktop • Replace Windows Client with Linux Desktop (LTSP) • Employ with a executive job • Employ with light level of usage of Microsoft Office • Replace Windows Client with Windows Terminal Server • Employ with usage of custom windows application • Employ with heavy level of usage of Microsoft Office • Enterprise Directory • Centralize user profile Pagina 11
  • 12. Design • Headquarter • One Directory Master in HQ • One Samba Domain Controller • 2 Samba File Server based on cluster • One “Master” NTP Server • Brach Office • One Directory slave in each branch office • One Samba Domain Controller in each branch office • One “Slave” NTP server • Enterprise Directory • Unix user same as Windows user Pagina 12
  • 13. Software • Linux • Red Hat (kimberlite) Cluster for HQ office • Filesystem ext3 on LVM • Pam Ldap , NSS Ldap • Linux Terminal Server • PXES • Enterprise Directory • OpenLDAP 2.2.x • Gosa Interface • Samba 3.x • Ldap backend , ACL, CUPS, Quota • Monitor VFS module • External lib for password enforce (cracklib) • Mailserver • Postfix Mail Transfer Agent • Cyrus , mailbox delivery and IMAP/POP Services • Monitoring • Zabbix • Backup • Amanda Pagina 13
  • 14. Enterprise Directory Ldap Design • User User Profile, Unix Account, User Windows Account, User Email Account, User Proxy Account,.. • Group Group Profile, Unix account, Windows Account, Email Shared Folder • Machine Account • Windows Machine Account • Branch Office • Domain Information • Office Information • Application • Administrative User • Application Attribute • User Role specific application Pagina 14
  • 16. Directory Information Tree (DIT) Pagina 16
  • 17. Sample User Profile Unix Mail Samba • description: System User • sambaSID: S-1-5-21-963014146- • displayName: Manfred Furuholem • mail: manfred@italsempione.it 839875343-911163043-1229 • sn: Soncin • gosaMailServer: • sambaLogonTime: 1037577600 • givenName: Manfred imap://imap.italsempione.it • sambaLogoffTime: 1026432000 • o: Italsempione S.p.A. • gosaMailQuota: 500000 • ou: Edp • sambaAcctFlags: [UX ] • gosaMailDeliveryMode: [LV] • l: Vittuone • sambaHomeDrive: U: • gosaSpamSortLevel: 0 • st: Italy • sambaLogonScript: login.bat • telephoneNumber:xxxxxxxxxxx • gosaSpamMailbox: INBOX • sambaPrimaryGroupSID: S-1-5-21- • cn: Manfred Furuholmen • gosaVacationMessage: 963014146-839875343-911163043- • postalAddress: via Restelli,5 gosaMailAlternateAddress: 3009 • homeDirectory: manfred@is0404it20.italsempione.it /afs/italsempione.it/home/manfred • sambaDomainName: IS01DIT20 • gosaMailAlternateAddress: • loginShell: /bin/bash manfred.furuholmen@italsempione.it • sambaHomeDrive: U: • uid:manfred • sambaLogonScript: login.bat • uidNumber: 201203 • sambaPrimaryGroupSID: S-1-5-21- • gidNumber: 545 963014146-839875343-911163043- • gecos: Manfred Furuholmen 3009 • shadowMin: 0 • shadowMax: 0 • shadowWarning: 0 • shadowInactive: 0 • shadowLastChange: 13238 • Userpassword: xxxxxxxxx Pagina 17
  • 18. Openldap Configuration • Syncronization • LDAP Sync Replication vs Slapd • refreshOnly vs refreshAndPersist • All data vs single Branch • Ldap Security • TLS/SASL • LDAP ACI/ACL • Grant users the ability to change their data • Grant application user to change their data • Deny read access to anyone attempting to query • Tuning • Attribute Index • sambaSID • sambaPrimaryGroupSID • sambaDomainName • sambaSIDList • Watch log • Berkeley Database backend tuning • Cache size ( slapd.conf ) • Transaction log (DB_CONFIG) • db_stat • Thread size • Concurrency Pagina 18
  • 19. Samba Configuration • Ldap Backend • Branch Office is a organizational Unit (ou) used as suffix • Ldap Slave is the first server, Ldap master is configured as fall back (passdb backend = ldapsam:"ldap://127.0.0.1 ldap://10.1.21.247 “ ) • Write operation use referral to reach master server • Tuning search with suffix (ldap user suffix ,ldap machine suffix, ldap group suffix ) • Disable delete DN (ldap delete dn = no) • Ldap passwd sync • Custom Script (add machine, add group, add user to group, delete user from group , set primary group) • Add Gosa Schema • Add Italsempione Schema (Mail and application ) • Delay for Ldap Replication • Password Enforcement • CrackLib checking password • Costum script for password validation (check password script ) Pagina 19
  • 20. Linux Configuration • LDAP support • System Databases and Name Service Switch (nss_switch.conf) • Pluggable Authentication Modules (PAM) • ldap.conf Configuration • Name services cache daemon nscd (nscd) • Cache TTL • positive-time-to-live, positive entries (successful queries) • negative-time-to-live, negative entries (unsuccessful queries) • Cache Size • Disable File check • Ext3 • Access Control List (ACL) support • Quota support • Tuning • Elvtune Pagina 20
  • 21. Samba Cluster • Cluster • 2 node Active-Active • Disk shared • Kimberlite • Network HA (bond) • Samba • Individual per-service samba configuration file, /etc/samba/smb.conf.sh arename • Dedicated IP per-share Pagina 21
  • 22. Provisioning Tool Gosa automatically creates, modifies and deletes user accounts on multiple, heterogeneous systems or applications. • Advanced graphical user interface • Wide spectrum of platform coverage • Password management • Ldap back end • Extensible Pagina 22
  • 23. Migration Requirements • Seamless Migration • Without rejoin machine • User access with same password • Share access with same names • Maintain File Permission and ACL on share • Access log on special share • Introduce Password enforcement Pagina 23
  • 24. Migration Procedure • Catalogize Shares and Printers • Pwdump2 vs Vampire • Build LDIF from SAM information • User acconut SID and Password • Computer account SID and Password • Group account • User and Group mapping • Install ldap infrastructure • Populate ldap • Install Samba Domain controller • Share Migration • Switch Domain Controller • Test user Login, login script and share acccess • Set Password Policy Pagina 24
  • 25. Troubles • Ldap • Slave sometime disconnects to master (ldapsync) and loses synchronization • Berckley db corruption, sometime we need to rebuild the database by hand • When TLS is in use the cost of connection setup and binding is likely to far outweigh the search load. • A large pool of clients will also result in many hundreds of connections being held open, with a big usage of file descriptors. • PAM module • CHAGE command didn’t read shadow parameter from Ldap, replace with pwdutils • Samba • Failure to join new computer to domain in Branch Office, latency in Directory replication • Locking file (old samba Version) • Backup Filesystems ACL • ACLs are not handled from amanda backup system you need a separate script for dump to text file. Pagina 25
  • 26. Current Status • Implementation • 7 Samba Domain Controller • 350 Linux Desktop ( LTSP) on 11 Server • 70 Windows Terminal Client on 3 Server • 130 Windows client • Reduction Cost • Direct impact on help desk costs, achieving 60% time reduction • License Reduction 50% • Benefit • Increase performance (Server and Desktop) • Increase security • Single sign-on • Reduced down time Pagina 26
  • 27. Next Step • Fedora Ldap Server • Multimaster • Better performance • Robust • Samba 3.0.23 • Printer Configuration • LTSP 4.2 • Faster, 22 sec boot time • LTSPFS, local device • Multicast Boot, for pxes image • Bacula Backup system Pagina 27
  • 28. Next Step (Under Testing) • Fileserver with Distributed Filesystem • AFS vs GFS • AFS single file system cross network • GFS high performance in local network • Samba with AFS module • Kerberos V • Heimdal with ldap bckend • AFS with 2b ticket support • Kerberos Password for Unix System • Load Balancing / HA • LVS • OpenSSI • Xen Pagina 28
  • 29. The End For Further Questions: Fabrizio Manfredi Zeropiu Via Fra Luca Pacioli n.3 20144 Milano (Italy) manfred@zeropiu.it http://www.zeropiu.com Pagina 29