1.2 Samba Functionality in OES 11 SP3

1.2.1 Samba Differences in OES 11 SP3

The open source Samba software described in earlier sections is installed automatically on every SLES 11 SP4 server. OES 11 SP3 uses this base Samba software, but configures it differently and installs additional software to take advantage of enhanced services available in OES 11 SP3.

The main differences between base Samba on SLES 11 SP4 and OES 11 SP3 are:

  • Samba on OES 11 SP3 is configured to use the eDirectory LDAP server for secure user authentication.

  • In order for eDirectory users to be able to access shares on an OES 11 SP3 server, they must be created in a container with a Samba-compliant password policy assigned to it and be members of a group that has been properly Linux-enabled.

    OES 11 SP3 includes a new Samba Management plug-in for iManager that simplifies the process of enabling users for Samba access by automatically making users members of the default Samba Users group that is created for every OES 11 SP3 Samba server. See Section 8.0, Managing Samba Servers, Shares, and Users for more information.

  • With OES 11 SP3, Samba shares can be created on Novell Storage Services (NSS) volumes or on NetWare Core Protocol (NCP) volumes on Linux POSIX file systems. This allows access to be controlled by the Novell Trustee Model, which offers more robust and flexible security.

  • OES 11 SP3 does not support Samba running in NT 4 domain mode as either a primary or backup domain controller.

  • Samba on OES 11 SP3 should be managed by using the tools provided with OES, such as the iManager Samba Management plug-in, and not the tools available in SLES 11 SP4, such as the YaST Samba Server tool and the browser-based SWAT utility.

  • Although Samba can also provide Windows print services, OES print services are provided by iPrint, not by Samba.

A general overview of Samba, in context with other file services in OES, is provided in Novell Samba in the OES 11 SP3: Planning and Implementation Guide.

1.2.2 Software Installed with the Novell Samba Pattern

In an OES 11 SP3 server installation, the Novell Samba pattern is available for selection in the OES Services category. Selecting this pattern installs the following packages:

  • novell-samba-cim (Samba Management Loadable CIM Module)

    This package is the CIM (Common Information Model) provider required for the Samba Management plug-in for iManager.

  • novell-samba-config (Samba Config for Novell Open Enterprise Server)

    This package configures Samba for integration with NetIQ eDirectory.

  • yast2-samba-server (YaST2 Samba Server Configuration)

    This package contains the YaST2 component for Samba server configuration.

Selecting the Novell Samba pattern automatically selects Novell Backup/Storage Management Services (SMS), Novell Linux User Management (LUM), and Novell Remote Manager (NRM).

1.2.3 Other OES Services That Work with Samba

Depending on what you want to do with Samba, you can select other patterns from the OES Services category:

  • Novell Cluster Services (NCS): Select this pattern if you want to include this server in a high availability cluster.

  • NetIQ eDirectory: Samba in OES 11 SP3 requires eDirectory.

  • Novell iManager: To manage Samba shares and users, Novell iManager must be installed on at least one server in the network.

  • Novell NCP Server/Dynamic Storage Technology: Select this pattern if you want to create NCP volumes on NSS or on a Linux POSIX file system such as Reiser, Ext3, or XFS.

  • Novell Storage Services (NSS): Select this pattern if you want to create Samba shares on NSS volumes. (NCP Server is automatically selected when you select this pattern.)

IMPORTANT:You cannot select Novell Domain Services for Windows along with the Novell Samba pattern. Domain Services for Windows requires its own specialized configuration of the base Samba software, which is incompatible with the standard OES 11 SP3 configuration. For more information, see the OES 11 SP3: Domain Services for Windows Administration Guide.

1.2.4 Samba Users Are Both Windows and eDirectory Users

As stated earlier, the purpose of Samba in OES is to allow Windows client users to access data directories on OES servers.

Both the Windows workstations and the OES servers require authenticated access. On the Windows workstation, users log in using their Windows usernames and passwords. When they log in to the OES server, they use their eDirectory usernames and passwords. Samba requires that these usernames and passwords match.

In other words, the Windows usernames on your network workstations and the eDirectory usernames you create for Samba access must be the same and must have the same password.

For example, if you have a Windows workstation user with the username of jsmith and password abcd*1234 that you want to be a Samba user, you must create an eDirectory user with the username of jsmith and password abcd*1234.

One advantage of Samba is that Windows users who have matching eDirectory accounts can access shares on OES 11 SP3 servers without having the Novell Client for Windows installed on the workstation. After authenticating to Windows, users can see the Samba shares they have rights to access via native Windows interfaces, such as Windows Explorer and My Network Places.

As long as the Novell NCP Server software is installed on the OES 11 SP3 server, Windows users that have the Novell Client software installed can continue to access files they have rights to on the Linux server via standard Novell interfaces, such as drive mappings.