SlideShare una empresa de Scribd logo

Samba distributed env

M
Manfred Furuholmen
Tecnología
1 de 29
Descargar para leer sin conexión
Samba in a distributed environment manfred@zeropiu.it Samba Conference April 2006
Agenda • Starting Situation • Goals • Solution • Client Side • Server Side • Directory Server • Infrastructure • Network Design • Software • Directory Design • Configuration • Migration • Requirements • Procedure • Trouble • Result • Next Step Pagina 2
Overview Italsempione is nowadays the biggest Italian fully indipendent forwarding company covering any service related to transports and logistics with a worldwide agency network. Company: • Head Quarter in Italy • 16 Branch Office in Italy • 7 branch outside Italy • 400 PC , Windows XX • 150 PC , Linux • 8 Windows NT Domain • OpenVMS cluster • Microsoft Exchange • Wide Area Network • No IT stuff on the branch office Pagina 3
Project Goals • Cost Reduction • License • Hardware • Simplified management • Centralized User Profile • Centralized Management • Server Consolidation Pagina 4
Distributed environment In Distributed environment you need : • Ability to replicate information widely to increase • availability • reliability • Reducing response time. Perfect Solution are Directories Server: • Directories can manage all-size organizations, from small, focused user departments to global enterprises with millions of users. • Directories can store information about devices, applications, people and other aspects of a computer network. • Directories are based on a open standard technology (LDAP) for easy integration • Directory entries are arranged in a hierarchical tree-like structure. Traditionally, this structure reflected the geographic and/or organizational boundaries. • Directories are tuned to give quick response to high-volume lookup or search operations Don’t Use Directory when: • Your records change many times a day • Your records is plain to store in a relational database Pagina 5
Client Side Solution • Software OpenSource • PXES, remote Desktop for Windows Terminal Server • Linux Desktop • Hardware Thin Client • Low Price • Low power consumption • Low noise and heat Pagina 6
Server Side Solution • Software OpenSource • Linux • Linux Terminal Server Project (LTSP) • Samba Domain Controller • Network Service (DNS, DHCP, MAIL, ect) • Hardware • - Pagina 7
Simplified management Centrally administration “means” time and resource savings. • Centralized User Profile • Identity life cycle management • Secure password management • Role-based administration capability/Delegation • User Self Provisioning • Maintenance • Remote control (ex. ILo) • Automatic package distribution • Monitoring (ex. Centrilized log) • Server consolidation • Reduction number of system • Reduction rack space • Simplified backup and monitoring operations • Simplified update operation Pagina 8
Cost Comparison for a Basic, 100 Node Network Business Computing System HW Linux /Samba/LTSP Microsoft® Windows® Based PC Workstation/Server System Based System Item Quantity Price Totals Price Totals Hardware PC Workstations 100 $600 $60,000 $400 $40,000 File, Print Server 2 $4,000 $8,000 $4,000 $8,000 Email Server 2 $4,000 $8,000 $4,000 $8,000 Terminal Server 2 $5,000 $10,000 Subtotal $76,000 $66,000 Pagina 9
Cost Comparison for a Basic, 100 Node Network Business Computing System SW Linux Microsoft® Windows® Based PC Workstation/Server System Samba/LTSP Item Quantity Price Totals Price Totals Software Microsoft® Office Suite 100 $400 $40,000 $0 Microsoft® Server 2000 (with 5 CAL) 4 $1,000 $4,000 $370 $1,480 Microsoft® Exchange® 1 $700 $700 $0 $0 Microsoft® CALs (5) 19 $200 $3,800 $0 $0 Microsoft Windows XP (OEM) 100 $150 $15,000 $0 $0 Exchange® CALs 100 $67 $6,700 $0 $0 Subtotal $70,200 $1,480 Pagina 10
Use the Best Solution.. • Replace Domain Controller with Linux/Samba Server • Office with more 5 User Domain • Office where the number of Linux Desktop > Windows Desktop • Replace Windows Client with Linux Desktop (LTSP) • Employ with a executive job • Employ with light level of usage of Microsoft Office • Replace Windows Client with Windows Terminal Server • Employ with usage of custom windows application • Employ with heavy level of usage of Microsoft Office • Enterprise Directory • Centralize user profile Pagina 11
Design • Headquarter • One Directory Master in HQ • One Samba Domain Controller • 2 Samba File Server based on cluster • One “Master” NTP Server • Brach Office • One Directory slave in each branch office • One Samba Domain Controller in each branch office • One “Slave” NTP server • Enterprise Directory • Unix user same as Windows user Pagina 12
Software • Linux • Red Hat (kimberlite) Cluster for HQ office • Filesystem ext3 on LVM • Pam Ldap , NSS Ldap • Linux Terminal Server • PXES • Enterprise Directory • OpenLDAP 2.2.x • Gosa Interface • Samba 3.x • Ldap backend , ACL, CUPS, Quota • Monitor VFS module • External lib for password enforce (cracklib) • Mailserver • Postfix Mail Transfer Agent • Cyrus , mailbox delivery and IMAP/POP Services • Monitoring • Zabbix • Backup • Amanda Pagina 13
Enterprise Directory Ldap Design • User User Profile, Unix Account, User Windows Account, User Email Account, User Proxy Account,.. • Group Group Profile, Unix account, Windows Account, Email Shared Folder • Machine Account • Windows Machine Account • Branch Office • Domain Information • Office Information • Application • Administrative User • Application Attribute • User Role specific application Pagina 14
Pagina 15
Directory Information Tree (DIT) Pagina 16
Sample User Profile Unix Mail Samba • description: System User • sambaSID: S-1-5-21-963014146- • displayName: Manfred Furuholem • mail: manfred@italsempione.it 839875343-911163043-1229 • sn: Soncin • gosaMailServer: • sambaLogonTime: 1037577600 • givenName: Manfred imap://imap.italsempione.it • sambaLogoffTime: 1026432000 • o: Italsempione S.p.A. • gosaMailQuota: 500000 • ou: Edp • sambaAcctFlags: [UX ] • gosaMailDeliveryMode: [LV] • l: Vittuone • sambaHomeDrive: U: • gosaSpamSortLevel: 0 • st: Italy • sambaLogonScript: login.bat • telephoneNumber:xxxxxxxxxxx • gosaSpamMailbox: INBOX • sambaPrimaryGroupSID: S-1-5-21- • cn: Manfred Furuholmen • gosaVacationMessage: 963014146-839875343-911163043- • postalAddress: via Restelli,5 gosaMailAlternateAddress: 3009 • homeDirectory: manfred@is0404it20.italsempione.it /afs/italsempione.it/home/manfred • sambaDomainName: IS01DIT20 • gosaMailAlternateAddress: • loginShell: /bin/bash manfred.furuholmen@italsempione.it • sambaHomeDrive: U: • uid:manfred • sambaLogonScript: login.bat • uidNumber: 201203 • sambaPrimaryGroupSID: S-1-5-21- • gidNumber: 545 963014146-839875343-911163043- • gecos: Manfred Furuholmen 3009 • shadowMin: 0 • shadowMax: 0 • shadowWarning: 0 • shadowInactive: 0 • shadowLastChange: 13238 • Userpassword: xxxxxxxxx Pagina 17
Openldap Configuration • Syncronization • LDAP Sync Replication vs Slapd • refreshOnly vs refreshAndPersist • All data vs single Branch • Ldap Security • TLS/SASL • LDAP ACI/ACL • Grant users the ability to change their data • Grant application user to change their data • Deny read access to anyone attempting to query • Tuning • Attribute Index • sambaSID • sambaPrimaryGroupSID • sambaDomainName • sambaSIDList • Watch log • Berkeley Database backend tuning • Cache size ( slapd.conf ) • Transaction log (DB_CONFIG) • db_stat • Thread size • Concurrency Pagina 18
Samba Configuration • Ldap Backend • Branch Office is a organizational Unit (ou) used as suffix • Ldap Slave is the first server, Ldap master is configured as fall back (passdb backend = ldapsam:"ldap://127.0.0.1 ldap://10.1.21.247 “ ) • Write operation use referral to reach master server • Tuning search with suffix (ldap user suffix ,ldap machine suffix, ldap group suffix ) • Disable delete DN (ldap delete dn = no) • Ldap passwd sync • Custom Script (add machine, add group, add user to group, delete user from group , set primary group) • Add Gosa Schema • Add Italsempione Schema (Mail and application ) • Delay for Ldap Replication • Password Enforcement • CrackLib checking password • Costum script for password validation (check password script ) Pagina 19
Linux Configuration • LDAP support • System Databases and Name Service Switch (nss_switch.conf) • Pluggable Authentication Modules (PAM) • ldap.conf Configuration • Name services cache daemon nscd (nscd) • Cache TTL • positive-time-to-live, positive entries (successful queries) • negative-time-to-live, negative entries (unsuccessful queries) • Cache Size • Disable File check • Ext3 • Access Control List (ACL) support • Quota support • Tuning • Elvtune Pagina 20
Samba Cluster • Cluster • 2 node Active-Active • Disk shared • Kimberlite • Network HA (bond) • Samba • Individual per-service samba configuration file, /etc/samba/smb.conf.sh arename • Dedicated IP per-share Pagina 21
Provisioning Tool Gosa automatically creates, modifies and deletes user accounts on multiple, heterogeneous systems or applications. • Advanced graphical user interface • Wide spectrum of platform coverage • Password management • Ldap back end • Extensible Pagina 22
Migration Requirements • Seamless Migration • Without rejoin machine • User access with same password • Share access with same names • Maintain File Permission and ACL on share • Access log on special share • Introduce Password enforcement Pagina 23
Migration Procedure • Catalogize Shares and Printers • Pwdump2 vs Vampire • Build LDIF from SAM information • User acconut SID and Password • Computer account SID and Password • Group account • User and Group mapping • Install ldap infrastructure • Populate ldap • Install Samba Domain controller • Share Migration • Switch Domain Controller • Test user Login, login script and share acccess • Set Password Policy Pagina 24
Troubles • Ldap • Slave sometime disconnects to master (ldapsync) and loses synchronization • Berckley db corruption, sometime we need to rebuild the database by hand • When TLS is in use the cost of connection setup and binding is likely to far outweigh the search load. • A large pool of clients will also result in many hundreds of connections being held open, with a big usage of file descriptors. • PAM module • CHAGE command didn’t read shadow parameter from Ldap, replace with pwdutils • Samba • Failure to join new computer to domain in Branch Office, latency in Directory replication • Locking file (old samba Version) • Backup Filesystems ACL • ACLs are not handled from amanda backup system you need a separate script for dump to text file. Pagina 25
Current Status • Implementation • 7 Samba Domain Controller • 350 Linux Desktop ( LTSP) on 11 Server • 70 Windows Terminal Client on 3 Server • 130 Windows client • Reduction Cost • Direct impact on help desk costs, achieving 60% time reduction • License Reduction 50% • Benefit • Increase performance (Server and Desktop) • Increase security • Single sign-on • Reduced down time Pagina 26
Next Step • Fedora Ldap Server • Multimaster • Better performance • Robust • Samba 3.0.23 • Printer Configuration • LTSP 4.2 • Faster, 22 sec boot time • LTSPFS, local device • Multicast Boot, for pxes image • Bacula Backup system Pagina 27
Next Step (Under Testing) • Fileserver with Distributed Filesystem • AFS vs GFS • AFS single file system cross network • GFS high performance in local network • Samba with AFS module • Kerberos V • Heimdal with ldap bckend • AFS with 2b ticket support • Kerberos Password for Unix System • Load Balancing / HA • LVS • OpenSSI • Xen Pagina 28
The End For Further Questions: Fabrizio Manfredi Zeropiu Via Fra Luca Pacioli n.3 20144 Milano (Italy) manfred@zeropiu.it http://www.zeropiu.com Pagina 29

Recomendados

Inexpensive storage
Inexpensive storageInexpensive storage
Inexpensive storageManfred Furuholmen
 
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded #DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - ReloadedChristoph Adler
 
SDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speedSDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speedKorea Sdec
 
Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08gameaxt
 
NOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the CloudNOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the Cloudboorad
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesGabriella Davis
 
Virtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and AvailabilityVirtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and AvailabilityDamir Bersinic
 
Workflow Manager Tips & Tricks
Workflow Manager Tips & TricksWorkflow Manager Tips & Tricks
Workflow Manager Tips & TricksMai Omar Desouki
 

Recomendados

Inexpensive storage
Inexpensive storageInexpensive storage
Inexpensive storageManfred Furuholmen
 
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - Reloaded #DNUG45 - IBM Notes and Domino Performance Boost - Reloaded
#DNUG45 - IBM Notes and Domino Performance Boost - ReloadedChristoph Adler
 
SDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speedSDEC2011 Using Couchbase for social game scaling and speed
SDEC2011 Using Couchbase for social game scaling and speedKorea Sdec
 
Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08Microsoft Offical Course 20410C_08
Microsoft Offical Course 20410C_08gameaxt
 
NOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the CloudNOSQL, CouchDB, and the Cloud
NOSQL, CouchDB, and the Cloudboorad
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesGabriella Davis
 
Virtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and AvailabilityVirtualizing Sharepoint for Performance and Availability
Virtualizing Sharepoint for Performance and AvailabilityDamir Bersinic
 
Workflow Manager Tips & Tricks
Workflow Manager Tips & TricksWorkflow Manager Tips & Tricks
Workflow Manager Tips & TricksMai Omar Desouki
 
LAN Fundamentals
LAN FundamentalsLAN Fundamentals
LAN FundamentalsSteven Baule
 
Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messagesfeng1212
 
Spring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using CouchbaseSpring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using CouchbaseIntae Kim
 
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...Michael Noel
 
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Michael Noel
 
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxMYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxPythian
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisOfer Zelig
 
Best Practice SharePoint Architecture
Best Practice SharePoint ArchitectureBest Practice SharePoint Architecture
Best Practice SharePoint ArchitectureMichael Noel
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions Alfresco Software
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Libraryrajivkumarmca
 
Dutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning PresentationDutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning PresentationVladislav Tatarincev
 
Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010hagestadwt
 
Soccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM ConnectionsSoccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM Connectionspanagenda
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostChristoph Adler
 
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0dominion
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudyJohn Adams
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - ReloadedEngage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloadedpanagenda
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Christoph Adler
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsLetsConnect
 
What's new in SharePoint 2016
What's new in SharePoint 2016What's new in SharePoint 2016
What's new in SharePoint 2016Giuseppe Marchi
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and servicesWiliam Ferraciolli
 

Más contenido relacionado

La actualidad más candente

Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messagesfeng1212
 
Spring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using CouchbaseSpring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using CouchbaseIntae Kim
 
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...Michael Noel
 
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Michael Noel
 
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxMYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxPythian
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisOfer Zelig
 
Best Practice SharePoint Architecture
Best Practice SharePoint ArchitectureBest Practice SharePoint Architecture
Best Practice SharePoint ArchitectureMichael Noel
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions Alfresco Software
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Libraryrajivkumarmca
 

La actualidad más candente (10)

LAN Fundamentals
LAN FundamentalsLAN Fundamentals
LAN Fundamentals
 
Storage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook MessagesStorage Infrastructure Behind Facebook Messages
Storage Infrastructure Behind Facebook Messages
 
Spring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using CouchbaseSpring Camp 2016 - List query performance improvement using Couchbase
Spring Camp 2016 - List query performance improvement using Couchbase
 
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
SPSSac2014 - SharePoint Infrastructure Tips and Tricks for On-Premises and Hy...
 
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
Ultimate SharePoint Infrastructure Best Practises Session - Isle of Man Share...
 
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to SphinxMYSQL Query Anti-Patterns That Can Be Moved to Sphinx
MYSQL Query Anti-Patterns That Can Be Moved to Sphinx
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 
Best Practice SharePoint Architecture
Best Practice SharePoint ArchitectureBest Practice SharePoint Architecture
Best Practice SharePoint Architecture
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Library
 

Similar a Samba distributed env

Dutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning PresentationDutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning PresentationVladislav Tatarincev
 
Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010hagestadwt
 
Soccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM ConnectionsSoccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM Connectionspanagenda
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostChristoph Adler
 
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0dominion
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudyJohn Adams
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - ReloadedEngage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloadedpanagenda
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Christoph Adler
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsLetsConnect
 
What's new in SharePoint 2016
What's new in SharePoint 2016What's new in SharePoint 2016
What's new in SharePoint 2016Giuseppe Marchi
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and servicesWiliam Ferraciolli
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
CollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientCollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientChristoph Adler
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostChristoph Adler
 
Designs, Lessons and Advice from Building Large Distributed Systems
Designs, Lessons and Advice from Building Large Distributed SystemsDesigns, Lessons and Advice from Building Large Distributed Systems
Designs, Lessons and Advice from Building Large Distributed SystemsDaehyeok Kim
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecturedrewz lin
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecturemysqlops
 
Qcon 090408233824-phpapp01
Qcon 090408233824-phpapp01Qcon 090408233824-phpapp01
Qcon 090408233824-phpapp01jgregory1234
 

Similar a Samba distributed env (20)

Dutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning PresentationDutch Lotus User Group 2009 - Domino Tuning Presentation
Dutch Lotus User Group 2009 - Domino Tuning Presentation
 
Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010Microsoft Exchange 2010 Upgrade Seminar March 2010
Microsoft Exchange 2010 Upgrade Seminar March 2010
 
Soccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM ConnectionsSoccnx10: Best and worst practices deploying IBM Connections
Soccnx10: Best and worst practices deploying IBM Connections
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
 
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0Uklug2011.lotus.on.linux.report.technical.edition.v1.0
Uklug2011.lotus.on.linux.report.technical.edition.v1.0
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
 
John adams talk cloudy
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - ReloadedEngage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 
What's new in SharePoint 2016
What's new in SharePoint 2016What's new in SharePoint 2016
What's new in SharePoint 2016
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
CollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientCollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes Client
 
Windows Azure introduction
Windows Azure introductionWindows Azure introduction
Windows Azure introduction
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance Boost
 
Designs, Lessons and Advice from Building Large Distributed Systems
Designs, Lessons and Advice from Building Large Distributed SystemsDesigns, Lessons and Advice from Building Large Distributed Systems
Designs, Lessons and Advice from Building Large Distributed Systems
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
 
Qcon 090408233824-phpapp01
Qcon 090408233824-phpapp01Qcon 090408233824-phpapp01
Qcon 090408233824-phpapp01
 

Más de Manfred Furuholmen

Winbind as Identity Management Connector
Winbind as Identity Management ConnectorWinbind as Identity Management Connector
Winbind as Identity Management ConnectorManfred Furuholmen
 
Use Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierUse Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierManfred Furuholmen
 
Managing OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDMManaging OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDMManfred Furuholmen
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load WebsitesManfred Furuholmen
 

Más de Manfred Furuholmen (19)

Pisa
PisaPisa
Pisa
 
Samba4 Introduction
Samba4 IntroductionSamba4 Introduction
Samba4 Introduction
 
Restfs internals
Restfs internalsRestfs internals
Restfs internals
 
Introduction to message_queue
Introduction to message_queueIntroduction to message_queue
Introduction to message_queue
 
Restfs
RestfsRestfs
Restfs
 
Winbind as Identity Management Connector
Winbind as Identity Management ConnectorWinbind as Identity Management Connector
Winbind as Identity Management Connector
 
Use Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierUse Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage Tier
 
Managing OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDMManaging OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDM
 
Afs manager
Afs managerAfs manager
Afs manager
 
Pt server ng
Pt server ngPt server ng
Pt server ng
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load Websites
 
Be lazy... make automation
Be lazy... make automationBe lazy... make automation
Be lazy... make automation
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
 
Domestic cloud
Domestic cloudDomestic cloud
Domestic cloud
 
Samba management Console
Samba management ConsoleSamba management Console
Samba management Console
 
Link Samba to Cloud Storage
Link Samba to Cloud StorageLink Samba to Cloud Storage
Link Samba to Cloud Storage
 
Samba as a gateway to OpenAFS
Samba as a gateway to OpenAFSSamba as a gateway to OpenAFS
Samba as a gateway to OpenAFS
 
AFS introduction
AFS introductionAFS introduction
AFS introduction
 
AFS case study
AFS case studyAFS case study
AFS case study
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Samba distributed env

  • 1. Samba in a distributed environment manfred@zeropiu.it Samba Conference April 2006
  • 2. Agenda • Starting Situation • Goals • Solution • Client Side • Server Side • Directory Server • Infrastructure • Network Design • Software • Directory Design • Configuration • Migration • Requirements • Procedure • Trouble • Result • Next Step Pagina 2
  • 3. Overview Italsempione is nowadays the biggest Italian fully indipendent forwarding company covering any service related to transports and logistics with a worldwide agency network. Company: • Head Quarter in Italy • 16 Branch Office in Italy • 7 branch outside Italy • 400 PC , Windows XX • 150 PC , Linux • 8 Windows NT Domain • OpenVMS cluster • Microsoft Exchange • Wide Area Network • No IT stuff on the branch office Pagina 3
  • 4. Project Goals • Cost Reduction • License • Hardware • Simplified management • Centralized User Profile • Centralized Management • Server Consolidation Pagina 4
  • 5. Distributed environment In Distributed environment you need : • Ability to replicate information widely to increase • availability • reliability • Reducing response time. Perfect Solution are Directories Server: • Directories can manage all-size organizations, from small, focused user departments to global enterprises with millions of users. • Directories can store information about devices, applications, people and other aspects of a computer network. • Directories are based on a open standard technology (LDAP) for easy integration • Directory entries are arranged in a hierarchical tree-like structure. Traditionally, this structure reflected the geographic and/or organizational boundaries. • Directories are tuned to give quick response to high-volume lookup or search operations Don’t Use Directory when: • Your records change many times a day • Your records is plain to store in a relational database Pagina 5
  • 6. Client Side Solution • Software OpenSource • PXES, remote Desktop for Windows Terminal Server • Linux Desktop • Hardware Thin Client • Low Price • Low power consumption • Low noise and heat Pagina 6
  • 7. Server Side Solution • Software OpenSource • Linux • Linux Terminal Server Project (LTSP) • Samba Domain Controller • Network Service (DNS, DHCP, MAIL, ect) • Hardware • - Pagina 7
  • 8. Simplified management Centrally administration “means” time and resource savings. • Centralized User Profile • Identity life cycle management • Secure password management • Role-based administration capability/Delegation • User Self Provisioning • Maintenance • Remote control (ex. ILo) • Automatic package distribution • Monitoring (ex. Centrilized log) • Server consolidation • Reduction number of system • Reduction rack space • Simplified backup and monitoring operations • Simplified update operation Pagina 8
  • 9. Cost Comparison for a Basic, 100 Node Network Business Computing System HW Linux /Samba/LTSP Microsoft® Windows® Based PC Workstation/Server System Based System Item Quantity Price Totals Price Totals Hardware PC Workstations 100 $600 $60,000 $400 $40,000 File, Print Server 2 $4,000 $8,000 $4,000 $8,000 Email Server 2 $4,000 $8,000 $4,000 $8,000 Terminal Server 2 $5,000 $10,000 Subtotal $76,000 $66,000 Pagina 9
  • 10. Cost Comparison for a Basic, 100 Node Network Business Computing System SW Linux Microsoft® Windows® Based PC Workstation/Server System Samba/LTSP Item Quantity Price Totals Price Totals Software Microsoft® Office Suite 100 $400 $40,000 $0 Microsoft® Server 2000 (with 5 CAL) 4 $1,000 $4,000 $370 $1,480 Microsoft® Exchange® 1 $700 $700 $0 $0 Microsoft® CALs (5) 19 $200 $3,800 $0 $0 Microsoft Windows XP (OEM) 100 $150 $15,000 $0 $0 Exchange® CALs 100 $67 $6,700 $0 $0 Subtotal $70,200 $1,480 Pagina 10
  • 11. Use the Best Solution.. • Replace Domain Controller with Linux/Samba Server • Office with more 5 User Domain • Office where the number of Linux Desktop > Windows Desktop • Replace Windows Client with Linux Desktop (LTSP) • Employ with a executive job • Employ with light level of usage of Microsoft Office • Replace Windows Client with Windows Terminal Server • Employ with usage of custom windows application • Employ with heavy level of usage of Microsoft Office • Enterprise Directory • Centralize user profile Pagina 11
  • 12. Design • Headquarter • One Directory Master in HQ • One Samba Domain Controller • 2 Samba File Server based on cluster • One “Master” NTP Server • Brach Office • One Directory slave in each branch office • One Samba Domain Controller in each branch office • One “Slave” NTP server • Enterprise Directory • Unix user same as Windows user Pagina 12
  • 13. Software • Linux • Red Hat (kimberlite) Cluster for HQ office • Filesystem ext3 on LVM • Pam Ldap , NSS Ldap • Linux Terminal Server • PXES • Enterprise Directory • OpenLDAP 2.2.x • Gosa Interface • Samba 3.x • Ldap backend , ACL, CUPS, Quota • Monitor VFS module • External lib for password enforce (cracklib) • Mailserver • Postfix Mail Transfer Agent • Cyrus , mailbox delivery and IMAP/POP Services • Monitoring • Zabbix • Backup • Amanda Pagina 13
  • 14. Enterprise Directory Ldap Design • User User Profile, Unix Account, User Windows Account, User Email Account, User Proxy Account,.. • Group Group Profile, Unix account, Windows Account, Email Shared Folder • Machine Account • Windows Machine Account • Branch Office • Domain Information • Office Information • Application • Administrative User • Application Attribute • User Role specific application Pagina 14
  • 16. Directory Information Tree (DIT) Pagina 16
  • 17. Sample User Profile Unix Mail Samba • description: System User • sambaSID: S-1-5-21-963014146- • displayName: Manfred Furuholem • mail: manfred@italsempione.it 839875343-911163043-1229 • sn: Soncin • gosaMailServer: • sambaLogonTime: 1037577600 • givenName: Manfred imap://imap.italsempione.it • sambaLogoffTime: 1026432000 • o: Italsempione S.p.A. • gosaMailQuota: 500000 • ou: Edp • sambaAcctFlags: [UX ] • gosaMailDeliveryMode: [LV] • l: Vittuone • sambaHomeDrive: U: • gosaSpamSortLevel: 0 • st: Italy • sambaLogonScript: login.bat • telephoneNumber:xxxxxxxxxxx • gosaSpamMailbox: INBOX • sambaPrimaryGroupSID: S-1-5-21- • cn: Manfred Furuholmen • gosaVacationMessage: 963014146-839875343-911163043- • postalAddress: via Restelli,5 gosaMailAlternateAddress: 3009 • homeDirectory: manfred@is0404it20.italsempione.it /afs/italsempione.it/home/manfred • sambaDomainName: IS01DIT20 • gosaMailAlternateAddress: • loginShell: /bin/bash manfred.furuholmen@italsempione.it • sambaHomeDrive: U: • uid:manfred • sambaLogonScript: login.bat • uidNumber: 201203 • sambaPrimaryGroupSID: S-1-5-21- • gidNumber: 545 963014146-839875343-911163043- • gecos: Manfred Furuholmen 3009 • shadowMin: 0 • shadowMax: 0 • shadowWarning: 0 • shadowInactive: 0 • shadowLastChange: 13238 • Userpassword: xxxxxxxxx Pagina 17
  • 18. Openldap Configuration • Syncronization • LDAP Sync Replication vs Slapd • refreshOnly vs refreshAndPersist • All data vs single Branch • Ldap Security • TLS/SASL • LDAP ACI/ACL • Grant users the ability to change their data • Grant application user to change their data • Deny read access to anyone attempting to query • Tuning • Attribute Index • sambaSID • sambaPrimaryGroupSID • sambaDomainName • sambaSIDList • Watch log • Berkeley Database backend tuning • Cache size ( slapd.conf ) • Transaction log (DB_CONFIG) • db_stat • Thread size • Concurrency Pagina 18
  • 19. Samba Configuration • Ldap Backend • Branch Office is a organizational Unit (ou) used as suffix • Ldap Slave is the first server, Ldap master is configured as fall back (passdb backend = ldapsam:"ldap://127.0.0.1 ldap://10.1.21.247 “ ) • Write operation use referral to reach master server • Tuning search with suffix (ldap user suffix ,ldap machine suffix, ldap group suffix ) • Disable delete DN (ldap delete dn = no) • Ldap passwd sync • Custom Script (add machine, add group, add user to group, delete user from group , set primary group) • Add Gosa Schema • Add Italsempione Schema (Mail and application ) • Delay for Ldap Replication • Password Enforcement • CrackLib checking password • Costum script for password validation (check password script ) Pagina 19
  • 20. Linux Configuration • LDAP support • System Databases and Name Service Switch (nss_switch.conf) • Pluggable Authentication Modules (PAM) • ldap.conf Configuration • Name services cache daemon nscd (nscd) • Cache TTL • positive-time-to-live, positive entries (successful queries) • negative-time-to-live, negative entries (unsuccessful queries) • Cache Size • Disable File check • Ext3 • Access Control List (ACL) support • Quota support • Tuning • Elvtune Pagina 20
  • 21. Samba Cluster • Cluster • 2 node Active-Active • Disk shared • Kimberlite • Network HA (bond) • Samba • Individual per-service samba configuration file, /etc/samba/smb.conf.sh arename • Dedicated IP per-share Pagina 21
  • 22. Provisioning Tool Gosa automatically creates, modifies and deletes user accounts on multiple, heterogeneous systems or applications. • Advanced graphical user interface • Wide spectrum of platform coverage • Password management • Ldap back end • Extensible Pagina 22
  • 23. Migration Requirements • Seamless Migration • Without rejoin machine • User access with same password • Share access with same names • Maintain File Permission and ACL on share • Access log on special share • Introduce Password enforcement Pagina 23
  • 24. Migration Procedure • Catalogize Shares and Printers • Pwdump2 vs Vampire • Build LDIF from SAM information • User acconut SID and Password • Computer account SID and Password • Group account • User and Group mapping • Install ldap infrastructure • Populate ldap • Install Samba Domain controller • Share Migration • Switch Domain Controller • Test user Login, login script and share acccess • Set Password Policy Pagina 24
  • 25. Troubles • Ldap • Slave sometime disconnects to master (ldapsync) and loses synchronization • Berckley db corruption, sometime we need to rebuild the database by hand • When TLS is in use the cost of connection setup and binding is likely to far outweigh the search load. • A large pool of clients will also result in many hundreds of connections being held open, with a big usage of file descriptors. • PAM module • CHAGE command didn’t read shadow parameter from Ldap, replace with pwdutils • Samba • Failure to join new computer to domain in Branch Office, latency in Directory replication • Locking file (old samba Version) • Backup Filesystems ACL • ACLs are not handled from amanda backup system you need a separate script for dump to text file. Pagina 25
  • 26. Current Status • Implementation • 7 Samba Domain Controller • 350 Linux Desktop ( LTSP) on 11 Server • 70 Windows Terminal Client on 3 Server • 130 Windows client • Reduction Cost • Direct impact on help desk costs, achieving 60% time reduction • License Reduction 50% • Benefit • Increase performance (Server and Desktop) • Increase security • Single sign-on • Reduced down time Pagina 26
  • 27. Next Step • Fedora Ldap Server • Multimaster • Better performance • Robust • Samba 3.0.23 • Printer Configuration • LTSP 4.2 • Faster, 22 sec boot time • LTSPFS, local device • Multicast Boot, for pxes image • Bacula Backup system Pagina 27
  • 28. Next Step (Under Testing) • Fileserver with Distributed Filesystem • AFS vs GFS • AFS single file system cross network • GFS high performance in local network • Samba with AFS module • Kerberos V • Heimdal with ldap bckend • AFS with 2b ticket support • Kerberos Password for Unix System • Load Balancing / HA • LVS • OpenSSI • Xen Pagina 28
  • 29. The End For Further Questions: Fabrizio Manfredi Zeropiu Via Fra Luca Pacioli n.3 20144 Milano (Italy) manfred@zeropiu.it http://www.zeropiu.com Pagina 29