IBM Front cover Deploying Samba on IBM Eserver BladeCenter Installing Red Hat 7.3, SuSE 8.1 Linux and IBM Director Installing Samba Managing Samba using SWAT Rufus Credle Eric Butler Tim Verhoeven David Green ibm.
International Technical Support Organization Deploying Samba on IBM Eserver BladeCenter November 2003
Note: Before using this information and the product it supports, read the information in “Notices” on page v. Second Edition (November 2003) This edition applies to IBM Eserver BladeCenter (8677-1xx), IBM Eserver BladeCenter HS20 (8678-21x and 8678-41x), Red Hat Linux 7.3 and SuSE Linux Enterprise Server 8. © Copyright International Business Machines Corporation 2002, 2003. All rights reserved. Note to U.S.
Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii The team that wrote this Redpaper . . . . . . . . . . . . . . . . . . . . . . . .
3.6 Installation of IBM Director Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.6.1 Overview of IBM Director V4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.6.2 Installation of IBM Director Agent on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Chapter 4. Installing and configuring Samba. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1 Installing Samba . . . . . . . . . . . . . .
Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used.
Trademarks The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both: ™ ^™ Redbooks(logo) eServer™ ibm.
Preface As data centers have grown with the proliferation of Intel®-based servers over recent years,it is important to note that rack space and floor space can be more efficiently used with the use of the IBM® IBM Eserver BladeCenter™ HS20 servers. Attractive cost savings are also possible where a large number of rack installed servers are required, since the equivalent number of 1U servers would be much more expensive.
Thanks to the following people for their contributions to this project: Tamikia Barrow, Diane O’Shea, Gail Christensen, Cecilia Bardy, Jeanne Tucker International Technical Support Organization, Raleigh Center Stephen Hochstetler International Technical Support Organization, Austin Center Rob Sauerwalt, Global Brand Manager and Team Lead - IBM IBM Eserver Marketing IBM Raleigh Amy Freeman, Manager, Brand and ISV Communications, xSeries Linux Marketing IBM Raleigh ITSO PC-5009 project team: David Robertson,
Summary of changes This section describes the technical changes made in this edition of the paper and in previous editions. This edition may also include minor corrections and editorial changes that are not identified. Summary of Changes for Deploying Samba on IBM Eserver BladeCenter as created or updated on November 20, 2003. November 2003, Second Edition This revision reflects the addition, deletion, or modification of new and changed information described below. New information Added 1.2.
x Deploying Samba on IBM Eserver BladeCenter
1 Chapter 1. Introduction to IBM eServer BladeCenter technology and its advantages In this chapter, we will introduce the IBM Eserver BladeCenter. This introduction includes an overview of the BladeCenter technology and hardware for the chassis and the blades; we also look at blade management and the options that are currently available.
1.1 Introduction to blade server technology Blade servers are a relatively new technology that has captured industry focus because of its modular design, which can reduce cost with a more efficient use of valuable floor space, and its simplified management, which can help to speed up such tasks as deploying, reprovisioning, updating and troubleshooting hundreds of blade servers. All this can be done remotely with one graphical console using IBM Director systems management tools.
1.2 Technical overview In this section, we will look at each of the key components individually and explain their function within the IBM Eserver BladeCenter and the BladeCenter HS20. 1.2.1 BladeCenter chassis The IBM Eserver BladeCenter is a 7U modular chassis capable of housing up to 14 blade servers. The BladeCenter chassis allows individual blades to share resources such as power, switch, management and blower modules. The front view of the BladeCenter chassis is shown below in Figure 1-1.
Over- temperature This is an amber LED which will report any over-temperature conditions that occur either in the BladeCenter chassis or the blade servers. If an over-temperature condition occurs, the IBM Eserver BladeCenter may increase the speed of the blower to correct this, in which case the LED will automatically be turned off. Information The information LED is also amber; this LED reports non-critical events. These events are recorded in the Error log.
Figure 1-3 Rear view of BladeCenter chassis The IBM Eserver BladeCenter automatically detects all blades and modules that are installed. 1.2.2 IBM eServer BladeCenter HS20 The IBM Eserver BladeCenter HS20 blades are high-throughput, two-way SMP-capable Xeon-based blade servers, highly scalable by adding memory and a second processor. Two Intel Xeon connectors are standard on the blade board to support installation of a second processor.
Figure 1-4 BladeCenter HS20 with top cover removed Each BladeCenter HS20 has an integrated service processor on-board that communicates with the BladeCenter Management Module to enable blade server management remotely (see 1.2.3, “BladeCenter Management Module” on page 8 for more details on the management module).
Each controller is auto-sensing and will connect at the appropriate rate, even if the transfer rate is 10 Mbps, 100 Mbps or 1000 Mbps. The controller will also set the appropriate duplex state. The Ethernet controller is capable of providing several teaming options that increase throughput and fault tolerance. In your blade server, a team consists of the two Ethernet controllers to utilize the options below: Adapter fault tolerance (AFT) Provides automatic redundancy for your Ethernet controllers.
Like the IBM Eserver BladeCenter’s media tray, this control panel also has system information LEDs. The only difference is that the blade’s panel also has control switches, which are detailed below. Media-select button Press this button to associate the CD-ROM drive, diskette drive, and USB port with this blade server. This button lights when the ownership of the CD-ROM drive, diskette drive, and USB port transfers to this blade server. Blade-error This LED is also known as the blade system-error LED.
Figure 1-6 BladeCenter Management Module The Management Module has a standard RJ45 connector for a 10/100MB Ethernet remote console connection, as well as two PS/2® connectors for keyboard, mouse and a 15-pin D-shell connector for video which are provided for the local console. Although the connectors for the keyboard and mouse are PS/2 type connectors, these devices are routed to a USB bus, enabling them to be switched between blades.
Figure 1-7 BladeCenter 1200W Power Supply Module Power Modules 3 and 4 are required to provide power to blade slots 7 to 14. Figure 1-8 on page 11 shows how power is distributed by each power module. One power module is capable of providing enough power in the event of a power module failure. Power module 2 provides redundancy for power module 1 and power module 4 does the same for power module 3, although these power modules will effectively share the load under normal operating conditions.
The Technical Update can be obtained from the following URLs: http://www-1.ibm.com/support/docview.wss?uid=psg1MIGR-53353 ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/13n0308.pdf Figure 1-8 MidPlane power connector 1.2.5 BladeCenter blowers The IBM Eserver BladeCenter ships with both hot-swap blowers which are required to provide adequate cooling; these blowers provide a total airflow of approximately 325 CFM; however, each blower will run at approximately 50% under normal conditions.
Figure 1-9 BladeCenter Blower Module 1.2.6 BladeCenter 4-Port Ethernet Switch Module The Ethernet Switch Module (Figure 1-10 on page 13) has several purposes; in addition to providing network connectivity for the IBM Eserver BladeCenter and blades, it also provide interconnectivity between the blades and management modules.
Figure 1-10 BladeCenter 4-Port Ethernet Switch Module In Figure 1-10, the two LEDs at the top of the switch module indicate power-on and Ethernet switch errors. There are also LEDs next to each port which indicate Ethernet link and activity. 1.2.7 BladeCenter Layer 2-7 GbE Switch Module The Ethernet switch module (Figure 1-11 on page 14) has several purposes.
Figure 1-11 BladeCenter 4-port Ethernet Switch Module In Figure 1-11, the two LEDs at the top of the switch module indicate power-on and Ethernet switch error. There are also LEDs next to each port that indicate Ethernet link and activity. 1.2.8 BladeCenter 2-Port Fibre Channel Switch Module If you require Fibre Channel connectivity for your IBM Eserver BladeCenter, there are two things you are required to do: 1.
Figure 1-12 BladeCenter 2-Port Fibre Channel Switch Module The storage options for the IBM Eserver BladeCenter are covered in Chapter 3, “Storage options for the BladeCenter” of the Redpaper The Cutting Edge: IBM Eserver BladeCenter, REDP3581. 1.2.9 BladeCenter Acoustic Attenuation Module In environments where it is important to minimize sound emissions, there is a noise reduction option available that can be installed on the rear of the IBM Eserver BladeCenter.
1.3 The advantages of IBM eServer BladeCenter Unlike typical server architecture which scales up, the BladeCenter allows for the scale out approach, yet balances performance and density. In this section, we identify the advantages of the BladeCenter for your business, such as: Systems management High density computing Redundancy 1.3.1 Systems management The systems management component for the BladeCenter is the combination of IBM Director, the Web interface and Rapid Deployment Manager (RDM).
Fans Power supplies SCSI HDDs Integration with enterprise system management environments IBM Director agents should be installed on each of the blade servers as this allows system management of the blades and also provides the advanced management capabilities of the xSeries servers to be accessed from such products as: Tivoli® Enterprise™ and Tivoli Netview Computer Associates CA Unicenter TNG HP OpenView Microsoft® SMS BMC Patrol NetIQ This is an important consideration for organizations
The Web interface allows you to manage and check the status of each of the modules and blade servers. Below is a list of the functions and sub-functions available.
twice the current density of a non-blade server. The IBM Eserver BladeCenter supports a minimum of one 4 port 1 GB Ethernet switch for up to fourteen blade servers. A total of four switch modules can be utilized within the IBM Eserver BladeCenter. This can be a combination of either Fiber Channel or Ethernet.
CPUs. It also shows the heat output in BTUs, which can affect the cooling of your computer room and other equipment within the computer room. Table 1-1 Power and BTU usage Number of Servers Processor Maximum load watts BTU IBM x330 4MX 14 Pentium® III 1.4GHz 3080 10502 IBM x335 14 Xeon 2.4GHz 4760 16231 IBM x342 - Dual Power 14 Pentium III 1.4GHz 5250 19821 IBM x345 - Dual Power 14 Xeon 2.4GHz 7000 23870 IBM Eserver 14 Xeon 2.
Disk mirroring MidPlane Hot-swap power and cooling modules Switch modules Figure 1-14 Module location on the rear of the IBM Eserver BladeCenter Table 1-3 outlines which components can be redundant, hot swap, PFA or have Light Path diagnostics.
Hot-spare blades MidPlane supports hot-spare blade servers; this operates in the same fashion as the hot-spare drive. By creating events within IBM Director, you can deploy an operating system to a hot-spare blade server automatically. Processor In a dual processor blade server, if a CPU fails, the following steps are taken by the system. 1. Force failed processor offline 2. Automatically re-boot server 3. Generate alerts 4.
Shaft Locking handle Acoustic muffler Figure 1-15 Acoustic Attenuation Module Power The IBM Eserver BladeCenter comes with two 220 volt 1200 watt hot-swap power modules in power bays 1 and 2. Table 1-4 outlines the power module bays and their functions. Table 1-4 Power module bays Power module bays Power module function 1 Provides power to all the BladeCenter modules in server bay slots 1-6. 2 Redundancy for Power module bay 1.
Ethernet Two hot-swap 1 GB Ethernet four port switch models can be installed in switch module bays 1 and 2. Fibre Two hot-swap Fibre channel network interface switch modules can be placed in switch module bays 3 and 4. Note: The IBM Eserver BladeCenter also includes a hot-swap media tray, which includes the CD-ROM and floppy drive.
2 Chapter 2. Samba Samba is an implementation of a Server Message Block (SMB) protocol server that can be run on almost every variant of UNIX® in existence. Samba is an open source project, just like Linux. Since the code is written in C, it is easily portable to all flavors of UNIX. Samba is a tool which allows UNIX systems to peacefully coexist with Windows systems by performing file and print sharing using the NetBIOS protocol.
2.1 What is Samba? Samba is a suite of programs that work together to allow UNIX systems to access server file systems and printers via the Server Message Block (SMB) protocol. The two key programs are smbd and nmbd.
With the utilities in the Samba suite: You can access any shared directory or printer on Windows NT servers or Samba servers and allow UNIX machines to access Windows NT files. You can mount any share from a Windows NT server or Samba server in your directory structure (this is available only on Linux using Samba File System, SMBFS). You can look up an NetBIOS names, map them to IP address, and check the status of the systems. Chapter 2.
28 Deploying Samba on IBM Eserver BladeCenter
3 Chapter 3. Installation of Red Hat Linux 7.3 and IBM Director Agent In this chapter, we will describe in detail the basic installation of Red Hat Linux 7.3, SuSE Linux Enterprise Server 8 (SLES 8), and IBM Director Agent on an IBM Eserver BladeCenter system. © Copyright IBM Corp. 2002, 2003. All rights reserved.
3.1 Installation of Red Hat Linux 7.3 We will discuss three methods of installing Red Hat Linux on a BladeCenter system. CD installation Network installation PXE boot installation The only difference between these is the means used to start the install. Once the installation process is started, everything else is the same. 3.2 CD installation This is the most direct and simplest method of installing Red Hat on a blade server.
Figure 3-1 Language Selection 4. Select English and click Next. Figure 3-2 Keyboard Selection and Configuration 5. Select the auto selected Generic 105-Keyboard, US English, Enable dead keys, and click Next. Chapter 3. Installation of Red Hat Linux 7.
Figure 3-3 Mouse Selection 6. Select 2 Button Mouse (USB) and click Next. Figure 3-4 Install Options 7. Select Install, Custom, and click Next.
Figure 3-5 Disk Partitioning 8. Partition the hard drive using either the automatic partition (default choice) or manually. See: http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/install-guide/s1-diskpartsetup.h tml for more information about partitioning the hard drive. Figure 3-6 Boot loader options Chapter 3. Installation of Red Hat Linux 7.
9. Select Use GRUB as the boot loader, /dev/hda Master Boot Record (MBR), Default boot image, and click Next. 10.Do not select Use a GRUB Password; click Next. 11.On eth0 page, deselect Activate on boot, click the eth1 tab, select Configure using DHCP, select Activate on boot, and click Next. 12.Follow the Red Hat Linux 7.3 install instructions at: http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/install-guide/s1-firewallconfig. html to finish the install setup process.
– Utilities – Software Development – Kernel Source 15.After the system is rebooted, log in as root. 16.If X11 is installed, edit /etc/X11/XF86Config-4: a. Add Section “ServerFlags” AllowMouseOpenFail EndSecion to the top of the file b. Save and exit. 17.The diskette drive is connected to the SCSI bus. It is configured to take the last ID on the SCSI bus. Since the blade server we are using has no SCSI hard drives, the diskette drive resides on /dev/sda.
7. Move the i386 rpms that are replaced by i686 rpms into the noInstall directory using the following command sequence: for i in $(ls *.i686.rpm); do mv ${i/i686.rpm/i386.rpm} noInstall; done 8. Install the updates by typing rpm -Fvh *.rpm. 9. Install the kernel updates by a. Using rpm -ivh kernels/kernel-2.4.18-18.7.x.i686.rpm to install the uni processor kernel. b. Using rpm -ivh kernels/kernel-smp-2.4.18-18.7.x.i686.rpm to install the smp kernel. c. Using rpm -Fvh kernels/kernel-source-2.4.18-18.7.x.
md5sum: rh-7.3-en-i386-cd6.iso: No such file or directory rh-7.3-en-i386-cd6.iso: FAILED open or read md5sum: WARNING: 3 of 6 listed files could not be read 4. Check the files using md5sum -c rh-7.3-en-i386.md5. If any of the files are corrupt, delete those and download again. The output should be similar to that shown in Example 3-2 on page 36. 5. Check that other has read and execute permissions on /var/iso/RedHat and has read permission on all the iso files. 6.
8. Copy all the files in cd1/RedHat/base into RedHat/base using cp -r cd1/RedHat/base/RedHat. 9. Make symbolic links for in the rpm files in RedHat/RPMS directory on cd1, cd2, and cd3 in /var/ftp/pub/RedHat/RPMS. Example 3-5 Creating symbolic links cd ln ln ln RedHat/RPMS -s ../../cd1/RedHat/RPMS/*.rpm . -s ../../cd2/RedHat/RPMS/*.rpm . -s ../../cd3/RedHat/RPMS/*.rpm . 10.Configure the FTP server to start on reboot using the command: chkconfig wu-ftpd on 11.
2. Create a temporary work directory for all the files and two directories for mounting images by executing the commands: – mkdir /tmp/newboot – mkdir /mnt/loop0 – mkdir /mnt/loop1 3. Copy the bootnet.img file from the images directory on Red Hat Linux CD1 to the work directory just created, cp /mnt/cdrom/images/bootnet.img /tmp/newboot. 4. Change to the working directory, cd /tmp/newboot. 5. Mount this image using the loopback device using mount -o loop /tmp/newboot/bootnet.img /mnt/loop0. 6.
18.Copy into this directory the bcm5700 module, installed on the system in step 1, by executing: cp /lib/modules/2.4.18-3BOOT/kernel/drivers/addon/bcm5700/bcm5700.o \ ./2.4.18-3BOOT/ 19.Add this driver to the modules.cpio file by executing: ls 2.4.18-3BOOT/* | cpio -o --append -H crc -F modules.cpio 20.Zip the modules.cpio file using gzip modules.cpio. 21.Copy this file over the original in the mounted RAMdisk by executing cp -f modules.cpio.gz /mnt/loop1/modules/modules.cgz. 22.
Figure 3-8 NFS install server settings 8. Type in the NFS sever IP address and the path to the iso files. Note: If the server cannot be reached and DHCP has been used for the client configuration, choose Back and type in the TPC/IP info. Then try again from the server. 9. Follow the CD installation process from step 3 on page 30. 3.3.5 Installing a Linux operating system from the FTP server In this section, we will install Red Hat Linux via the FTP server. Perform the following steps: 1.
Figure 3-9 FTP setup window 8. Type in the IP address of the FTP server and directory path to RedHat relative to /var/ftp. Note: If the server cannot be reached and DHCP has been used for the client configuration, choose Back and type in the TPC/IP info. Then try again from the server. 9. Follow the CD installation process from step 3 on page 30. 3.4 PXE Boot installation PXE stands for Pre eXecution Environment.
3. Install the DHCP server using rpm -ivh dhcp-2.0pl5-8.i386.rpm. 4. Copy the sample DHCP server configuration file to the /etc directory using cp /usr/share/doc/dhcp-2.0pl5/dhcpd.conf.sample /etc/dhcpd.conf 5. Edit the /etc/dhcpd.conf file to make it look like Example 3-10. Example 3-10 /etc/dhcpd.conf file for PXE boot subnet 192.168.0.0 netmask 255.255.255.0 { # --- default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.
11.Add the following lines to the end of the /etc/rc.d/rc.local file: Example 3-13 Commands in rc.local file needed for PXE boot route add -host 255.255.255.255 eth0 route add -net 224.0.0.0 netmask 224.0.0.0 eth0 12.Copy the Linux kernel and initial ramdisk file for PXE boot from the first CD to the TFTP install section. In our case, it looked like this: Example 3-14 Copying of Linux kernel and initrd for PXE boot cp /var/ftp/pub/7.3/cd1/images/pxeboot/vmlinuz /tftpboot/X86PC/UNDI/linux-install/linux.
6. Click Save. To use PXE for the installation, press F12 at the BIOS startup window when the different function keys are shown. Now we will reboot the blade server so that the installation process can begin. 1. Log back in to the Web interface of the BladeCenter management module if you have logged out. 2. Click Blade Tasks -> Power/Restart. 3. Select the checkbox on the line of the blade server where you will perform the installation. 4. Click Restart Blade. 5.
Figure 3-10 NFS install setup window 10.Type in the NFS sever IP address and the path to the iso files. Note: If the server cannot be reached and DHCP has been used for the client configuration, choose Back and type in the TPC/IP info. Then try again from the server. 11.Follow the CD installation process from step 3 on page 30. 3.5 Installation of SuSE Linux Enterprise Server 8 In this section, we will discuss the installation of SuSE Linux Enterprise Server (SLES) version 8 for the IA-32 platform.
Figure 3-11 SLES Installation - Language selection 4. For the IBM Eserver BladeCenter HS20, the mouse will not work initially when the installer starts. Follow these directions: a. Press Alt + A to select English (US). b. If the Please select dialog box appears, press Alt + O to select New installation. c. Press Alt + C and scroll, with the arrow keys, to Mouse to change the mouse, then press Enter.
Figure 3-12 SLES Installation - Mouse Configuration – Mouse: Click Mouse if you need to change the type of mouse you are using. Changing the mouse type is not necessary in most cases. Select the correct mouse from the list and click Test to ensure that it is working with your mouse. Click Accept when finished. – Partitioning: Click Partitioning if you need to change the partitioning scheme for your drive(s).
• Modify the proposal, by clicking Base partition setup on this proposal and then clicking Next. The Expert Partitioner window opens, which allows you to view and manipulate the existing partitions on the hard drive(s). Click Create to add new partitions, Delete to delete partitions (highlight partition you wish deleted first), Edit to make changes to existing partitions, and Resize to resize ext2, ext3, ReiserFS, XFS, and swap partitions. When finished, select Next.
– Time zone: Click Time zone to modify the default time zone for the installation. Select the correct time zone from the list. Under the Hardware clock set to section, select either local time or UTC, as appropriate. Click Accept. – Language: Click Language to modify the default language for the installation. Select the needed language from the list and click Accept. 6. If all Installation Settings are to your preference, click Accept and click Yes, install at the Warning window. 7.
12.The Desktop Settings window displays. Select one of the following options: – Text mode only -- no graphical desktop (this setting will not configure the graphical environment). If this setting is selected, click Next and continue to step 23. – Graphical desktop environment (this setting is the default selection). When making this selection, you will see some auto-detected settings for the graphical environment. 13.Click Accept to accept the settings and continue to step 23.
Figure 3-16 SLES Installation - Hardware configuration 24.The Installation Settings display enables you to configure various types of hardware. The hardware configuration can also be done later with the program YaST2. For example, you can set up your network interfaces here. When satisfied, click Next to finish the installation. 25.The installer will then reboot into the installed Linux. The installation is finished. 26.
IBM Director Server IBM Director Agent IBM Director Console A different combination of these components is required for each of the hardware groups in your IBM Director environment. The management server must contain all three of these components. The IBM Director Console must be installed on the management console or any system from which a system administrator will remotely access the management server. The IBM Director Agent must be installed on each system you intend to manage.
3.6.2 Installation of IBM Director Agent on Linux This section discusses the requirements and installation steps for the IBM Director. IBM Director Agent requirements The following are the hardware and software requirements for installing IBM Director Agent on Linux: Table 3-1 Requirements for IBM Director Agent IBM Director Agent CPU Pentium 266+ MHz Memory (RAM) 128 MB Diskspace 220 MB Supported Linux OS Red Hat Linux, versions 7.1, 7.2, 7.3 Red Hat Linux Advanced Server, version 2.
3. Type the following command and press Enter: cd /mnt/cdrom/director/agent/linux/ Where /mnt/cdrom is the mount point of the CD-ROM drive. 4. Copy the i386/ folder that contains the IBM Director Agent for Linux code to a place on the hard disk: cp -a i386/ /usr 5. The IBM Director Agent will be installed in the /opt directory. Depending on how you partitioned your hard disk, there might not be enough space on the partition that contains the /opt directory.
56 Deploying Samba on IBM Eserver BladeCenter
4 Chapter 4. Installing and configuring Samba In this chapter, we will perform the installation of Samba onto our IBM Eserver BladeCenter HS20 server. This chapter describes how to: Install and configure Samba Use SWAT to configure Samba Stop, start, and restart Samba © Copyright IBM Corp. 2002, 2003. All rights reserved.
4.1 Installing Samba Since the version of Samba on the install CDs is usually downlevel, it is best to download the latest version from http://www.samba.org/. The latest stable code is available in binary, rpm file, and source code, tar.gz file, form. We downloaded the latest binary code for Red Hat 7.3 from http://us2.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.3/. 1.
You will find our sample smb.conf configuration file in Appendix A, “Samba configuration file” on page 99. Global NetBIOS parameters The NetBIOS parameters should be at the top of the global section in the configuration file. When you open the smb.conf file, you will see something similar to Example 4-1.
Global security settings The global security settings will look similar to what is shown in Example 4-3. Example 4-3 Global security settings security = user ; password server = encrypt passwords = yes smb passwd file = /etc/samba.d/smbpasswd The parameters are described in Table 4-3. Table 4-3 Security parameters Parameter Description security This parameter affects how clients respond to Samba. The four possible values are: share, user, server, domain. Default settings is user.
The parameters are described in Table 4-4. Table 4-4 Name resolution parameters Parameter Description name resolve order This parameter determines which naming services to use and the order used to resolve host names to IP addresses. The preferred value is wins lmhosts bcast. See the smb.conf manual page for more information. wins support This parameter controls whether the Samba server will act as a WINS server. Default value is no.
Parameter Description read list List of users that have read access to the share. Can include group names using the @group syntax. read only If set to yes, share is read only. Possible values are yes and no. valid users List of users that can access the share. Each share definition starts with the share name in brackets “[]”. Below this name are the parameters and values that define the share.
Example 4-6 Home directory parameters [homes] comment = Home Directories path = %H valid users = %S browseable = no writable = yes create mode = 0700 directory mode = 0700 The special variables used in this definition are explained in Table 4-7. Table 4-7 Variable description Variable Description %H The home directory of the current user. %S The name of the current service. Since the requested share is the user name, this variable is replace by the user name. %u The user name of the current service.
Note: After any changes are made to the configuration file, the Samba server must be restarted. Restarting the server is detailed in 4.4, “Starting and stopping the Samba server” on page 77. 4.2.2 Using SWAT The Samba Web Administration Tool (SWAT) allows the remote modification of the smb.conf configuration file through a Web browser. That means you can configure Samba in a GUI-like environment.
Important: Any Linux user can access SWAT, but only a root user can make changes. Remember, when you are logging on to SWAT from a remote machine, you are sending the password in clear text. This can be a security issue, so we recommend that you perform SWAT administration locally or over a secure network. Figure 4-2 SWAT home page As you can see in Figure 4-2, there are seven categories available: 1. Home - where you can view all the documentation you need about Samba. 2.
Globals Clicking the Globals icon will take you to a page similar to Figure 4-3. Figure 4-3 Globals page From this page, any of the global parameters can be modified. The default Basic View show only the basic options. Clicking Advanced View will show all the global options. Click Basic View to return from the Advanced View back to the Basic View. Changes are saved to the configuration file by clicking Commit Changes.
Shares Clicking the Shares icon will take you to a page similar to Figure 4-5. Figure 4-5 Shares page On this page you can: View the defined share Delete the share Create a new share Viewing or modifying an existing share To view or modify options for an existing share, follow these steps. 1. Select the share from the field to the right of the Choose Share button, as in Figure 4-6. Figure 4-6 Selecting a defined share Chapter 4.
2. Click Choose Share. The options will be displayed on a page similar to Figure 4-7, which shows the basic options. Figure 4-7 Modifying share options 3. Click Advanced View to view and modify all the share options. 4. Click Commit Changes to save any changes made. 5. Restart the Samba server. This is described in “Starting, stopping, and restarting the Samba Server” on page 73. Deleting an existing share To delete a share definition, do the folllowing. 1.
Creating a new share To create a simple share,do the following. 1. Create a directory that will be used for the share. You can do this by executing the command from a terminal: mkdir /home/public In our example we created a “public” directory in the “home” directory. 2. Adjust the UNIX permissions for the directory, so that only intended users have access. 3. Type in the share name in the field next to the Create Share button, similar to Figure 4-8. Figure 4-8 Create share 4. Click Create Share.
Figure 4-9 Setting share parameters 5. Fill in the needed parameters, as in Figure 4-9. If you need to set more advanced parameters, click Advanced View. 6. Click Commit Changes to save the new share settings. 7. Click the View icon to display the configuration file to verify that all the settings were recorded.The page will look similar to Figure 4-10 on page 71.
Figure 4-10 Viewing configuration file 8. Restart the Samba server is described in section “Starting, stopping, and restarting the Samba Server” on page 73. Printers Clicking the Printers icon will take you to the Printer Parameters page, similar to Figure 4-11 on page 72. On this page you can view, modify, or add printers. The operations for handling printers are the same as for handling shares. Chapter 4.
Figure 4-11 Printers page To view the printers parameters,do the following. 1. Select printers from the list, as shown in Figure 4-12. Figure 4-12 Selecting printer 2. Click Choose Printer to show the parameters in a page similar to Figure 4-13 on page 73.
Figure 4-13 Modify printer settings 3. If any options are modified, clicking Commit Changes will save the changes to the configuration file. 4. Restart the Samba server as described in “Starting, stopping, and restarting the Samba Server” on page 73. Status Clicking the Status icon will take you to the server status page, similar to Figure 4-14 on page 74. This page shows all the connections and open files. The Samba daemons can be started or restarted from this page.
Figure 4-14 Server status View Clicking the View icon will display a page with contents of the configuration file, without comments. The page will look similar to Figure 4-10 on page 71. Password Clicking the Password icon will take you to the password management page, similar to Figure 4-15 on page 75. On this page, you can change passwords and add, delete, disable, and enable user IDs for this Samba server.
Figure 4-15 Password page Users changing a password When a non-admin ID logs into SWAT and click the Password icon, a page similar to Figure 4-16 on page 76 will be displayed. This user can change the password on this system by filling in four fields in the Server Password Management section and clicking Change Password. The user can change the password on another system by filling in the five fields in the Client/Server Password Management section and clicking Change Password. Chapter 4.
Figure 4-16 User changing password 4.3 Encrypted password file Since password encryption is required for Windows 2000, Windows NT 4.0 Service Pack 3 or later, Windows 95, and Windows 98, you need to enable encrypted password support and create the encrypted password file before starting the Samba server. The encrypted password file can be created with the mksmbpasswd utility.
Example 4-8 Setting SMB encrypted password # /usr/bin/smbpasswd -U mojoe New SMB password: Retype new SMB password: Password changed for user mojoe. # Note: Anyone with write access to /usr/bin/smbpasswd can change passwords for the Samba users. Another way is to have each Samba user change the password for himself, by remotely connecting to the Samba server and executing the command: /usr/bin/smbpasswd The output will be similar to Example 4-8.
Example 4-9 Setting and checking smb start on boot [root@blade5 samba]# chkconfig smb on [root@blade5 samba]# chkconfig --list smb smb 0:off 1:off 2:off 3:on 4:on 5:on 6:off 4.6 Sources and additional information You can find more information on the official Samba project Web site at: http://www.samba.org The Samba installation comes html documentation located on the server at: /usr/share/samba-2.2.
5 Chapter 5. Samba management and troubleshooting In this chapter, we will discuss and describe the following: Checking server status Testing the configuration file Closing active connections Configuring log files Sending Winpopup messages Viewing NetBIOS network traffic © Copyright IBM Corp. 2002, 2003. All rights reserved.
5.1 Checking the server status The Samba suite has several programs that can be used for checking the smbd and nmbd daemons. 5.1.1 Checking the status The status of the Samba server can be viewed by running the smbstatus command or through SWAT. Checking status through SWAT is shown in “Status” on page 73. A brief status report is returned by the command: smbstatus -b The report will be similar to Example 5-1. Example 5-1 Brief status report [root@portal1 root]# smbstatus -b Samba version 2.2.
Example 5-3 Public resources [root@portal1 root]# smbclient -U% -L localhost added interface ip=9.24.105.99 bcast=9.24.105.255 nmask=255.255.254.0 Domain=[LINUX] OS=[UNIX] Server=[Samba 2.2.
--------DUMMYBRANCH FCD90020 FSCLAN LINUX MILKYWAY PK_NW RAL400 SCNF WORKGROUP WTRNTDM ------M23BK62W FCR0A307 T22ROEHM PORTAL1 SATURN MSGTRX01 AS4ACONSOLE TAMAS02 M23BK60L 78-BA897 5.1.3 Checking WINS Checking the WINS server from the Samba server is done with the nmblookup command. The nmbd daemon can be queried for the special Samba server string by executing the command: nmblookup -B localhost __SAMBA__ The output will look similar to Example 5-5 if the nmbd daemon is responding to requests.
5.2 Testing the configuration file The Samba configuration file can be checked with the testparm command. The program only checks syntax, so there is no guarantee that all the defined shares will be available when the config file is loaded by the Samba server. Checking the configuration file, /etc/samba/smb.conf, and displaying all non-default settings is done by executing the command: testparm -sx The output will look similar to the report shown in Example 5-8.
Any errors will show up at the top of the report under the section where the error is located. The rest of the report shows what parameters the Samba server will load. Since no errors were found, Samba will run with this configuration file. If the public share definition is modified to what is shown in Example 5-9, the report will look similar to Example 5-10.
write list = @users read only = No [printers] comment = All Printers path = /var/spool/lpd printable = Yes browseable = No [public] path = /home/public write list = root read only = No directory mask = 0777 force directory mode = 075 [Samba Docs] comment = Samba Documentation path = /usr/share/doc/samba-2.2.7/docs 5.3 Closing connections Closing SMB client connections can either be done from the command line or through SWAT. 5.3.
Example 5-12 shows the server status before and after the connection to the redbook share is closed. Example 5-12 Closing redbook share [root@portal1 samba]# smbstatus Samba version 2.2.7 Service uid gid pid machine ---------------------------------------------redbook mojoe mojoe 25586 portal1 public eburt eburt 25360 m23bzzkv mojoe mojoe mojoe 25694 portal1 IPC$ eburt eburt 25360 m23bzzkv (9.24.105.99) Mon Nov 11 15:40:19 2002 (9.24.104.164) Mon Nov 11 15:46:05 2002 (9.24.105.
5.3.2 SWAT Connections can be closed from the SWAT status page by clicking the button in the kill column of the active connection row. Figure 5-1 Closing connection from SWAT Clicking the second button in the Kill column shown in in Figure 5-1 will close only that connection to the redbook share. Multiple shares cannot be closed at once through SWAT. Each connection must be closed individually. 5.
Parameters Descriptions max log size Integer value setting the maximum size of the log file in kilobytes. File name is appended with .old and a new file is created when this limit is reached. Default value is 5000. The global log parameters will look similar to what is shown in Example 5-13. Example 5-13 Log settings log limit = 2 log file = /var/log/samba/log.%m max log size = 50 Log level setting of 2 will result in log entries similar to Example 5-14.
and max log size parameters do determine the amount of information logged and the maximum log size. 5.5 Sending Winpopup messages Before bringing down the server or restarting Samba, it would be helpful to send Winpopup messages to all the clients that are connected to resources on the system. The smbclient command syntax is: smbclient -M After running this command, type in the messages and press ^D (Control D) on a blank line to indicate the end of the messages.
5.6 Viewing NetBIOS network traffic There are times when the only way to debug is to view the network traffic. There are several tools that come with most Linux distributions for doing this. The most popular is tcpdump, because it has been around the longest. Because some versions of tcpdump do not handle NetBIOS traffic and other versions do not produce very useful output, we are going to use another popular tool, ethereal. 5.6.
Viewing all the NetBIOS traffic to and from the server can be done using the command: tethereal -i eth1 -p -f ‘port 137 or 138 or 139’ The p option runs the program without putting the interface into promiscuous mode. In many companies, special permission must be granted before running a protocol analyzer in promiscuous mode. The f option sets the filter string. Ports 137, 138, and 139 are all the ports defined in /etc/services for NetBIOS traffic.
0.004048 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com 4b324fc8-1670-01d3-1278-5a47bf6ee188 ver 3.0 0.004636 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 5680 max_recv: 5680 0.004942 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com SRV_NETSHAREENUM_ALL(...) 0.005174 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 SRV_NETSHAREENUM_ALL(...) 0.005622 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com 0.006655 portal1.itso.ral.ibm.com -> ibm-76a6i5kadj8 0.019751 ibm-76a6i5kadj8 -> portal1.itso.ral.ibm.com 0.020213 portal1.itso.
Ethernet II Destination: 00:02:55:7c:75:1b (IBM_7c:75:1b) Source: 00:02:55:7c:75:18 (IBM_7c:75:18) Type: IP (0x0800) Internet Protocol, Src Addr: jojo (9.24.105.112), Dst Addr: portal1 (9.24.105.99) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 60 Identification: 0x330d Flags: 0x04 .1.. = Don't fragment: Set ..0.
5.7 Sources of additional information There is more information about testing Samba using the programs that come with the Samba suite in: file:///usr/share/samba-2.2.7/docs/textdocs/DIAGNOSIS.txt The sources Troubleshooting Techniques and Samba 2.0.x Troubleshooting Guide contain good information about solving Samba problems. Both are available on the official Samba projects Web site at: http://www.samba.
6 Chapter 6. A brief introduction to Layer 4-7 Switching This chapter provides a brief overview of how Layer 4-7 Switching works. The goals are to present an alternative to traditional network design and to provide enough background to understand how a Layer 2-7 switch can be beneficial to a network. While this chapter gives a brief overview of the features and benefits of Layer 4-7 switching, it also mentions the Layer 2-7 GbE Switch Module or GbESM.
6.1 Layer 4-7 Switching Most networks employ multiple servers without server load balancing. Each server usually specializes in providing one or two unique services. However, a server that provides applications or data in high demand can become overutilized. If this happens, it can strain network resources since when the server starts rejecting user requests, the users resubmit the requests for data.
Sample L4-7 GbESM Configuration Sales Server Blade GbESM Server Blade Server Blade Sales Marketing Server Blade Marketing Server Blade BladeCenter Figure 6-1 Sample L4-7 configuration Figure 6-1 shows how services can be deployed using Layer 4-7 Switching. Using the GbESM in the BladeCenter, all server resources can be configured to support all applications, with the GbESM spreading the load among them at all times.
In the example in Figure 6-1 on page 97, virtual server load balancing is used. The switch has two different V_IPs configured which correspond to each of the services (Sales and Marketing). DNS responds with these V_IPs when these services are requested. The GbESM is also configured for the real IP addresses (R_IPs) that are owned by blades that support requests coming into each V_IP. In this case, all server blades can respond to requests for all services, so each V_IP is assigned the entire set of R_IPs.
A Appendix A. Samba configuration file This appendix provides a sample configuration file. © Copyright IBM Corp. 2002, 2003. All rights reserved.
Sample smb.conf with comments # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored.
# yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m log file = /var/log/samba/log.%S # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode.
smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the UNIX password # to be kept in sync with the SMB password.
# ; a specific host or from / to a whole subnet (see below) remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections.
# if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.
# ; Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one ; WINS Server on the network. The default is NO. wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no.
# Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /home/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual
; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group [public] comment = Public Stuff path = /home/public ; public = yes read only = No ; write list = @staff ditectory mask = 0777 write list = root # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory.
# A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming # The %m gets replaced with the machine name that is connecting.
# The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required.
110 Deploying Samba on IBM Eserver BladeCenter
Related publications The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this Redpaper. IBM Redbooks For information on ordering these publications, see “How to get IBM Redbooks” on page 112.
IBM ServerProven http://www.ibm.com/pc/compat/ IBM Eserver BladeCenter - Power Module Upgrade Guidelines http://www-1.ibm.com/support/docview.wss?uid=psg1MIGR-53353 IBM Eserver BladeCenter - Power Module Upgrade Guidelines ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/13n0308.pdf How to get IBM Redbooks You can order hardcopy Redbooks, as well as view, download, or search for Redbooks at the following Web site: ibm.
Back cover Deploying Samba on IBM BladeCenter Installing Red Hat 7.3, SuSE 8.1 Linux and IBM Director Installing Samba Managing Samba using SWAT Considering how much data centers have grown with the proliferation of Intel-based servers over recent years, it is important to note that rack space and floor space can be more efficiently used with the use of the IBM Eserver BladeCenter HS20 servers.
