What is in linux4.txt
---------------------

It is about installing, configuring the Samba server and SWAT (Samba Web Administration Tool), so that, we can get 
to the real things about Samba: creating shared folders, network printers, and establishing samba as a PDC
(Primary Domain Controller, or server in plain english).

Unfortunately only about shred folders we have time to talk, because a short Samba book has about 400 pages.

So, lab 4(5) starts where linux4.txt ends. You only have the Samba server configured, and now you want to create 
the shares.

You want to create 3(4) types of shares:
read-only shares
read-write shared
mixed access shares with 2 subtypes:
- everybody has read-only except some users
- everybody has read-write except some users

Generally the last one is a scholar amusement, with little practical use.

The problem is that we can create the shared folders on the so-called Samba security levels:
USER, SHARE, SERVER, DOMAIN, ADS
The configuration of the shares on different security levels is different. Maybe, even some of the types are 
not available on that security level. 

We will try to create shares on the security levels USER and SHARE, eventually on the DOMAIN (or SERVER, they 
are almost the same).

The ADS security level is for making the Samba Server a PDC. See the end of this file to hear about that.


What to do now
--------------

You can see in the lecture some useful options for creating the shared folders. Learn about them, experiment 
different combinations, to obtain the desired 3 types of shares on the security level USER.

Then try the same thingh on the security level SHARE.

Note: it is done differently, and even some of the combinations (types) cannot be created. Figure out 
which ones.


Establishing the users backend (database)
-----------------------------------------

The smbpasswd file where Samba stores the user account, it should substitute the one from the linux4.txt
there where the *.sh script is used to generate the smbpasswd file (step ...) (I don't know the step by heart)

/var/lib/samba/private/smbpasswd

In the advanced version of server configuration options (http://10.9.8.210:901/globals for computer 10.9.8.210)
there's a option named
		passdb backend
which has the default value tdbsam.
This means that the Samba server will use the format tdbsam for the database containing the Samba users.
In all the lab linux4.txt the steps are done assuming that the old way of keeping the users accounts 
is active (this is smbpasswd).
We have two options:
1) proceed with the new version (tdbsam), then all the rest of the documentation is obsolete and you should find 
the new way of using this interface. There's a third way, using ldap. Examples of the use of tdbsam and ldap, even 
about ldap ssl can be found on the page
	http://10.9.8.210:901/swat/help/manpages/smb.conf.5.html#PASSDBBACKEND 
(the link works if Samba and SWAT are configured correctly ,also iptables is disabled on 10.9.8.210, which is 
done by the command     iptables -F)
2) revert to the old password database (smbpasswd) and use the rest of the file linux4.txt as it is, 
it will work as described there, with only one modification: the location of the smbpasswd file which 
is needed when you first generate the file using a *.sh script, as described at step ... in linux4.txt.

For version 1) the password changing utility is pdbedit (we will not use it, we choose version 2)



Again about the step in which we use the *.sh script to generate the file smbpasswd.
------------------------------------------------------------------------------------

If we do this step, any old version of the file will be erased. For example, one of you does this step 
and proceeds with changing some of the users' samba passwords (with the command smbpasswd).
Then another student gets to this step and generates again the file. Of course it will 
cancel what the first user has done, by recreating the smbpasswd file.
So, better ask your colleagues before proceeding with this step, and if one of you has 
performed this step, then the rest will skip the step.
Fortunately, in the meantime they had changed the location of the smbpasswd file, see 
the beginning of this file, so the one who just makes a copy/paste of the command from
linux4.txt will generate the file elsewhere and won't delete the file of the student who understands 
what he's doing.

So, what this step actualy expects you to do. Probably nor to generate again the smbpasswd file, 
but to add new users to it. When we first generated it it collected all athe users from the 
/etc/passwd file and used them to generate the smbpasswd file. Assume we have a new user, created after 
the file was generated. We can add him/her in two ways:
a) regenerate the file -- NOT!!!! recommended, since it will practically delete all the Samba passwords 
of the other users
b) add the user "by hand" with the smbpasswd command (RECOMMENDED). To be more precise
	smbpasswd -a user1
will add the newly created user1 to the smbpasswd file and also will put the Samba password there 
(in the file, encrypted, of course)

c) you can use the web interface that SWAT offers to add and modify Samba passwords (RECOMMENDED)


The purpose of the lab 4 (actually 5, because 4 was a test) is to create some Samba shares and to see that 
they are working, this meaning that:
a) you can connect to them
b) they have the desired user access (read-only, read-write or mixed access)
c) do the same thing on a different level of security (this is obtained by the global (server) parameter to 
one of the values: USER, SHARE, SERVER, DOMAIN, ADS. Note, the Samba "book", any of them, has more than 400 
pages. And it doesn't cycle on the same issues. It actually is a very complex thing, a lot of parameters that 
you can configure. we only have one lab to resume it, so probably we will see the shares on the security levels 
USER and SHARE. Hopefully also on the DOMAIN level. 

Unfortunately the most interesting thing with Samba, besides the shares, that you can create, 
is to configure a mixed domain, with Linux, and Windows workstations 
in it. Also configure LDAP (for the user accounts) and Kerberos for the authentification. 
So Samba+LDAP+Kerberos and we have a mixed network with only one set of user accounts, that will work 
regardless if you boot under Linux or under Windows.

If you want to search this on the internet, try using the keywords
PDC (or Primary Domain Controller) Samba Centos.

One interesting link, on youtube will, without sound show you how to do this.
http://www.youtube.com/watch?v=q8XyX4T0Ppg

Also, if this works (I haven't checked it yet, seems simple)
http://studyhat.blogspot.ro/2010/12/samba-pdc-domain-controller-on-redhat.html

See linux4-part3.txt for a description of how to create shares.