Samba on NonStop User Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

HP Part Number: 647852-001

Published: February 2011

Edition: J06.04 and all subsequent J-Series RVUs and H06.15 and all subsequent H-Series RVUs

Summary of content (30 pages)

PAGE 1
Samba on NonStop User Manual HP Part Number: 647852-001 Published: February 2011 Edition: J06.04 and all subsequent J-Series RVUs and H06.
PAGE 2
© Copyright 2011 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Warranty The information contained herein is subject to change without notice.
PAGE 3
Contents About this Manual.........................................................................................5 Supported Release Version Updates (RVUs)..................................................................................5 Intended Audience....................................................................................................................5 Related Manuals......................................................................................................................
PAGE 4
Security Considerations.............................................................................21 A NS-Samba Servers, Client Programs, and Tools Reference.............................23 B Securing SWAT........................................................................................24 C Quick Start..............................................................................................25 D References...........................................................................................
PAGE 5
About this Manual This manual describes how to install and configure the open source Samba package on HP NonStop™ systems. Supported Release Version Updates (RVUs) This publication supports J06.04 and all subsequent J-series RVUs, and H06.15 and all subsequent H-series RVUs, until otherwise indicated by its replacement publications.
PAGE 6
Section Contents “Security Considerations” (page 21) This chapter provides information on NS-Samba security considerations. Appendices “NS-Samba Servers, Client Programs, and Tools Reference” This appendix provides the information on NS-Samba (page 23) servers, client programs, and tools reference. “Securing SWAT” (page 24) This appendix provides information on securing SWAT.
PAGE 7
A group of items enclosed in brackets is a list from which you can choose one item or none. The items in the list can be arranged either vertically, with aligned brackets on each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example: FC [ num ] [ -num ] [ text ] K [ X | D ] address { } Braces A group of items enclosed in braces is a list from which you are required to choose one item.
PAGE 8
preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections. For example: ALTER [ / OUT file-spec / ] LINE [ , attribute-spec ]… !i and !o In procedure calls, the !i notation follows an input parameter (one that passes data to the called procedure); the !o notation follows an output parameter (one that returns data to the calling program).
PAGE 9
1 Introduction What is Samba on NonStop? Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba uses the TCP/IP protocol that is installed on the host server. For more information on Samba, see http://samba.org/. The NonStop port of Samba (NS-Samba) provides file services to Microsoft (MS) Windows clients, enabling seamless access to shared portions of the NonStop OSS file-system. It does not provide access to NonStop hosted print services.
PAGE 10
• User-level security: Authentication based on username/password and name of the client machine. • Share-level security: Authentication based on password for each tree connection (share mount) request. • Authentication based of domain security mode: Provides a mechanism for storing all user and group accounts in a central, shared, account repository. The centralized account repository is shared between domain (security) controllers.
PAGE 11
◦ Folder or file names in the /G directory can contain a maximum of eight characters. ◦ In the /G directory, files can be created only under the subvolume level that is, /G/volume/subvolume/. For information about the options that are not supported when used with NS-Samba, see the respective manpages. Fault Tolerance NS-Samba software is not fully fault-tolerant. However, high availability and fault tolerance features are available partially by virtue of underlying NonStop operating system.
PAGE 12
2 Installing NS-Samba General Considerations NS-Samba is made available by HP with the purchase of the NonStop Operating System for H-Series and J-Series NonStop platforms. NS-Samba is not pre-configured. You have to configure it depending on your requirements. Prerequisites NonStop Host For NS-Samba to function correctly, ensure that the following software is installed on the NonStop system: • Open System Services (OSS) environment installed on a NonStop system running a NonStop operating system H06.
PAGE 13
5. Copy the back up files to the location where supported version of NS-Samba is installed. cd /home/smb_backup cp smb.conf /etc/samba cp smb.conf smbpasswd secrets.tdb passdb.tdb /etc/samba 6. Verify the internal correctness of restored files using the testparm and tdbbackup tools. For more information on these tools, see the respective manpages. cd /etc/samba /usr/bin/testparm smb.conf • Check the output message displayed on the screen for any errors. /usr/bin/tdbbackup –v *.
PAGE 14
Installing NS-Samba The procedure to install NS-Samba on a NonStop system is similar to installing other products on the OSS. To install NS-Samba, extract the PAX file (T1201PAX), using one of the following methods: • Using Distributed Systems Management/ Software Configuration Manager (DSM/SCM) • Using the COPYOSS command Using DSM/SCM To extract the T1201PAX file to the standard OSS directories using the DSM/SCM, complete the following steps: 1. 2.
PAGE 15
Table 2 Default Locations (continued) Default Locations Contents /usr/local/samba/share/docs/man Contains NS-Samba reference pages. /usr/sbin Contains NS-Samba server programs, namely, smbd, nmbd, and SWAT. /var/log/samba Contains default directory to hold log files. Uninstalling NS-Samba To uninstall or remove NS-Samba from a NonStop system, complete one of the following steps: • Log in to the NonStop system as a super user.
PAGE 16
3 Configuration Configuration Overview NS-Samba must be configured appropriately to provide services mentioned in “Features Available in NS-Samba” (page 9). NS-Samba processes can be flexibly configured by a set of configuration parameters which can be specified in the smb.conf file. See the smb.conf(5) manpage to understand the options. This chapter describes various methods that can be used to configure NS-Samba.
PAGE 17
NOTE: While configuring NS-Samba using SWAT is convenient, it demands an appropriate security setup. Without appropriate security mechanism in place, it might compromise the security of the NonStop system. See section “Securing SWAT” (page 24) to know various steps to be taken to secure SWAT. File Shares Each section in the configuration file (except for the [global] section) describes a shared resource (known as a “share”), which in NS-Samba refers to file share service.
PAGE 18
1. Manually a. The NS-Samba suite provides a script, /usr/local/samba/scripts/startsmb, to start the daemons. With this, you can start smbd, nmbd or both, using the specified configuration file. For more information, execute /usr/bin/startsmb –help. OR b. Execute the following steps: /usr/sbin/smbd –D /usr/sbin/nmbd –D When you execute these steps, monitor the processes. If the daemons terminate, you need to start them again. 2.
PAGE 19
Figure 1 NS-Samba Daemons Health In case there is a problem, examine the log files. For help on resolving common errors, see “Troubleshooting NS-Samba” (page 20). Accessing NS-Samba Services from Windows Client The following techniques can be used to access the NS-Samba share from a Windows client: 1. 2. 3. 4. Pointing the Windows explorer to the NonStop server and click shares. Mapping the NS-Samba share as a network drive. Using the net use command. Using CIFS client utilities.
PAGE 20
3. 4. If the processes have been started from inetd, remove the lines corresponding to smbd and nmbd from inetd.conf and restart the inetd process. To disable SWAT, remove its entry from inetd.conf file and restart the inetd process. Troubleshooting NS-Samba This section lists the common errors and recovery methods. 1. Error: A particular user is not able to access a NS-Samba share. Resolution: Add that user to the NS-Samba user database. 2.
PAGE 21
4 Security Considerations You should follow normal security best practices when configuring NS-Samba. NS-Samba’s overall security infrastructure has less capability than the native NonStop server security infrastructure. As examples: • Samba has a separate user/password management scheme. • Some configuration options, such as the SWAT demo mode, are not secure and should not be used. • Samba has its own auditing and does not write events to syslog.
PAGE 22
Set revalidate = true to force revalidation for each service accessed. Include the /E and, if appropriate for your usage, /G directories in the do not descend list. Administration: Restrict administrator access to those who need it. Do not provide an admin users list, as their file access is not restricted by file permissions. Do not configure SWAT to run in demo/disable authentication (-a) mode. Configure SWAT to use HP SSL. For more information, see “Securing SWAT” (page 24).
PAGE 23
A NS-Samba Servers, Client Programs, and Tools Reference Table 3 NS-Samba Servers, Client Programs, and Tools Reference Filename Description smbd The smbd daemon provides the file share services to SMB clients, such as Microsoft Windows XP and Microsoft Windows Vista 32-bit. The configuration file for this daemon is described in the smb.conf man page. nmbd The nmbd daemon provides NetBIOS name service and browsing support. The configuration file for this daemon is described in the smb.conf man page.
PAGE 24
B Securing SWAT HP NonStop SSL (T0910) can be used to allow for secure remote administration of NS-Samba done through SWAT. To secure SWAT, you should perform the following steps on NonStop server: 1. Enable the SWAT service, as described in “Enabling SWAT” (page 16). 2. Install HP NonStop SSL. 3. Configure SSL for production as SSL Server as described in the HP NonStop SSL Reference Manual. 4. Install a secure tunnel for SWAT using an HP NonStop SSL generic server proxy (PROXYS) process: a.
PAGE 25
C Quick Start This section provides an example of a very simple NS-Samba setup and illustrates each of the steps with commands. In this example, we are configuring NS-Samba to provide read access to the NS-Samba documentation directory /usr/local/samba/share/docs and read-write access to /tmp directory. A user by name DEVS.CALVIN is used to access the shares. 1. Add the user DEVS.CALVIN to the NonStop system, if one does not exist already, using the SAFECOM utility.
PAGE 26
Press enter to see a dump of your service definitions [global] smbd:backgroundqueue = False [SambaDocs] comment = Samba documents path = /usr/local/samba/share/docs [tmp] comment = Scratch pad path = /tmp read only = No # 26 5. Start the NS-Samba daemons #/usr/sbin/smbd –D #/usr/sbin/nmbd -D 6. Now, on the Windows PC, point the Windows explorer to the NonStop server. When prompted for the login details, enter the username and password entered in the NS-Samba user database, that is devs.
PAGE 27
D References A list of recommended non-HP Samba documentation is: • The Official Samba 3.5.x HOWTO and Reference Guide. • Samba documentation from the Samba website. • Using Samba, 2nd Edition by Jay Ts, Robert Eckstein, and David Collier-Brown 2nd Edition, February 2003 (O'Reilly & Associates) ISBN: 0-596-00256-4. www.oreilly.com/catalog/ samba2/.
PAGE 28
Glossary A-Z Access control list A structure attached to a software object that defines access permissions for multiple users and groups. It extends the permissions defined by the file-system permission bits by allowing you specify the access rights of many individuals and groups instead of just one of each. ACL See access control list (ACL). browser A graphical user interface (GUI) used to access sites on the World Wide Web. Netscape, Internet Explorer, Mosaic, and Lynx are commonly used browsers.
PAGE 29
HP NonStop Open System Services (OSS) The product name for the OSS environment. See the Open System Services (OSS). Manpage A term sometimes used in UNIX documentation for the online or hard-copy version of a file that provides reference information. Open System Services (OSS) An open system environment available for interactive or programmatic use with the HP NonStop operating system.
PAGE 30
Index N NS-Samba Accessing, 19 Fallback Considerations, 13 Fault tolerance, 11 Features, 9 File shares, 14, 17 Introduction, 9 Limitations, 10 Migration Considerations, 12 Monitoring, 19 Performance Tuning, 20 Quick Start, 25 Starting Daemons, 17 Stopping Daemons, 19 Testing Daemons, 18 Troubleshooting, 20 Users, 17 Variants, 9 see also Suppored and ITUGLIB version NS-Samba Configuration, 16 Manually, 16 Using SWAT, 16 NS-Samba Installation, 14 Prerequisites, 12 Uninstalling, 15 Using COPYOSS, 14 Using DSM/