Here is a sloppily laid out guide, from start to finish, of how I set up our file server. It's not very organized and has a lot of virtual machine and SAN specific stuff in it, but whatever. Maybe I'll clean it up, but this thread will probably just get buried. If anyone has any questions you can post or PM me:
BTW, the "#" denotes a line that should be typed into the console and then hit [enter], do not type the "#".
-------------------------------------------------------------------------------------------------------
After creating the virtual machine, boot to a GParted LiveCD and create an aligned /boot partition and swap partition. There is more information on this at the end of this post.
Install Debian from the latest netinst iso (I am using Debian 3.1r3). I would give it a 6 GB harddrive and remove the floppy drive.
Set hostname to FILES01.BUCOKS
I would suggest manually partitioning and set up a 106 MB /boot partition, at least 518 MB swap partition, 2.0 GB /var partition and the rest for the / partition. Be sure to set the /boot partition as flagged bootable.
When it asks what protocol to use for apt, choose http. When it ask to choose an apt mirror, you can pick any one but the sluglug one has worked well for me.
Log in as the user you set up and use ?su ?? to get to the root account.
# apt-get install sudo ssh alien screen libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl
# visudo
Add the line ?username ALL=(ALL) NOPASSWD: ALL? but of course replace username with the username you set up.
# ifconfig
Take note of the IP address assigned to eth0. You?ll need this to log in via ssh. Now exit the su with ?exit? and logout with ?logout?. Connect into the server via ssh. This makes things easier.
# nano .bash_profile
Add these two lines to the file:
PATH="${PATH}":/sbin
PATH="${PATH}":/usr/admsnap
# sudo apt-get install kernel-image-2.6.8-3-686 kernel-headers-2.6.8-3-686 && sudo shutdown ?r now
This will install a kernel that is compatible with Trend Micro?s ServerProtect (in case I decide to use ServerProtect). Just answer ?n? to the ?Do you want to stop now?? question in regards to the kernel.
# sudo mv /etc/securetty /etc/securetty.original && sudo touch /etc/securetty
This will deny direct root logins.
# sudo apt-get update && sudo apt-get upgrade
This will update the system
# wget http://superb-west.dl.sourceforge.net/sourceforge/webadmin/webmin_1.300_all.deb
# sudo dpkg ?i webmin_1.300_all.deb
This will download webmin and install it. It would probably be a good idea to go to www.webmin.com and find out the latest version. You can just replace 1.300 in the above link with the latest version number. It is also possible to install webmin with apt-get, but it is a horribly old package and the old interface is a bit clunky.
You can now login to webmin at https://serverip:1000 and use the root account and password. First things to do are change the ssh server to NOT allow root login, set up a new firewall allowing incoming ports 10000:tcp, 22:tcp, 136:udp, 137:udp, 138:tcp, 445:tcp and of course the lo incoming adapter and established,related connections. You will also need to change the ip address and gateway and then re-login using the new address (this should be 192.168.0.52 for FILES01 and should also have a dns entry).
Install vmware tools and set time.sync to TRUE
This best done from the vmware console, not ssh, as it does reset the network and will kill your ssh connection, therefore killing the installation.
Right-click on the virtual machine and choose ?Install Vmware Tools?
# sudo mount /media/cdrom
# tar ?xzf /media/cdrom/VMwareTools-whatever.tar.gz
# cd vmware-tools-distrib
# sudo /etc/init.d/networking stop
# sudo rmmod pcnet32
# sudo ./vmware-install.pl
Pretty much just [enter] your way through the install
# sudo rmmod pcnet32
# sudo rmmod vmxnet
# sudo depmod ?a
# modprobe vmxnet
# sudo /etc/init.d/network start
# sudo shutdown ?h now
In the VI client, after the virtual machine is off, right-click the virtual machine and choose ?Edit settings?? Go to the ?Options? tab, click Advanced and click ?Configuration Parameters?? Next to tools.syncTime, change ?FALSE? to ?TRUE?.
Power on the virtual machine.
Log in (through ssh) and do:
# rm -rdf vmware-tools-distrib/
To get rid of the vmware tools install files
# sudo cp /etc/apt/sources.list /etc/apt/sources.list.original
# sudo nano /etc/apt/sources.list
Add this line, without the quotes:
?deb http://www.backports.org/debian sarge-backports main?
Close and save
# sudo apt-get update
# sudo apt-get -t sarge-backports install krb5-user libpam-krb5 samba winbind attr
[enter] your way through the blue screen configuration questions. Go back into webmin > System > ?Bootup and Shutdown?, select Samba and Winbind (make sure you don?t accidentally select Webmin instead) and click ?Disable Now & On Boot?.
# sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original
# sudo mv /etc/krb5.conf /etc/krb5.conf.original
# sudo touch /etc/krb5.conf
Test with:
# kinit Administrator@DOMAIN
Enter the administrator password when prompted. It should not return any errors.
# sudo nano /etc/samba/smb.conf
Write out the smb.conf which I have copied at the end of this post.
# sudo net ads join
If you did not do the ?kinit? above then you will have to add ?-U Administrator? to this line. This will join this server to the Domain specified in the smb.conf
# sudo nano /etc/pam.d/samba
Add the following lines, without the quotes:
?auth required pam_winbind.so?
?account required pam_winbind.so?
Close and save the file.
# sudo nano /etc/nsswitch.conf
Add ?winbind? without the quotes to the end of the passwd and group lines.
# sudo ldconfig ?v | grep winbind
This will rebuild the linker cache. Just do it.
Let?s go ahead and install admsnap:
Use ssh to copy the admsnap i386 rpm file to the server. Install it with:
# sudo alien -i admsnap-whatever.i386.rpm
We already added the /etc/admsnap directory to our PATH statement above so it should be good to go. You can check it with:
# admsnap help
Which should return some usage information.
Take a snapshot and attach the lun for file storage:
# sudo shutdown ?h now
After the virtual machine shuts down, now would be a good time to take a snapshot. After adding an RDM to the virtual machine in ?Physical Compatibility? mode, you will not be able to take any more snapshots. You?ll want to add the SAN lun for the file share now. You do that by adding a harddrive, choosing RDM and use ?Physical Compatibility? so we can use admsnap. Power on the virtual machine and connect back in through ssh.
Back in webmin, click the Hardware tab and ?Partitions on local disks?. You should see the lun as a new disk, probably sdb (or SCSI device B). If this lun was just created it should have no partitions listed. If this is a rebuild and the lun has already been used, then it may have partitions on it. You may want to delete those and start over, or re-use those partitions, depending on the reasons for the rebuild.
Click ?Add primary partition?. Leave the defaults and click Create. Click on the ?Linux? label next to the new partition. In the drop down box next to ?Create Filesystem? choose ?New Linux Native (ext3)? and then click ?Create Filesystem?. Leave the defaults and click ?Create Filesystem? on the next screen. This will now take a while, do not close this window until it says ?... command complete.? at the bottom.
# sudo nano /etc/fstab
Add the following line, without the quotes:
?/dev/sdb1 /export ext3 defaults,acl,user_xattr 0 0?
Close and save.
# sudo mkdir /export
# sudo mount /export
# sudo mkdir /export/testshare
In webmin, go back to the ?Bootup and Shutdown? options, check Samba and Winbind, and choose to ?Start Now & On Boot?.
Test with this:
# getent passwd
# getent group
They should return Active Directory users and groups, respectively. For some reason, I?ve had to kill these the first time after they hung for several minutes and run them a second time. I?m guessing it has something to do with some timeout.
Restrict the share?s file permissions with this:
# sudo chmod 750 /export/testshare/
# sudo chgrp ?BUCOKS\domain users? /export/testshare
You should now be able to access the file share at \servername\test and edit permissions using the Windows security tab.
------------------------------------------------------------------------------------------------------
Appendix A: The smb.conf
-------------------------------------------------------------------------------------------------------
How to align partitions
Aligning partitions is something that can improve the perfomance of all servers, but is only really necessary when using SAN equipment. If you want to know more, google for it.
Only the first partition on a disk needs to be aligned. All subsequent partitions will fall into place as aligned.
Boot to a GParted LiveCD.
If this is on VMWare, be sure to choose ?Manual Video Card? and then ?done? during bootup. Choose the vesa driver, 16 bit screen depth, and 800x600.
Open a terminal and type
# fdisk /dev/sda
Type ?n? for new partition
Type ?p? for primary
Type ?1? for partition 1
Just hit enter to start at the first cylinder
If this is linux, type ?+102M? to create the /boot partition; for Windows, just hit [enter]
Type ?x? for expert mode
Type ?b? to specify starting block
Type ?1? to select partition 1
Type ?128? to make partition 1 align on 64KB boundary
Type ?r? to return to main menu
Type ?w? to write changes
If using for linux, create a swap partition after the first partition and go ahead and format it.
Reboot into your OS?s install cd, be sure you do not delete this partition. Either format it with Windows and install Windows on it, or create additional partitions in linux and then remove the first partition and recreate it as the /boot partition (be sure you do not touch the second partition already formatted as swap!).
For some reason, all the linux distros I?ve found give an error when the first partition is aligned.
--------------------------------------------------------------------------------------------------------
the original thread follows:
I set up all 3 (Debian, CenOS, and Ubuntu Server) as samba file servers attached to an Active Directory domain. They all set up pretty much the same, the only difference being getting the packages installed.
For Ubuntu, I used the samba packages provided in the default Ubuntu repos which gave me 3.0.20. For CentOS, I used the samba packages in the default CentOS repos which gave me 3.0.10. For Debian, I added the SerNet repos for samba (linked to from samba.org, so should be trustworthy) which gave me samba 3.0.23c (the latest). I could have used SerNet rpms for CentOS (no yum repo though), but I did not find that out until I was finished testing CentOS.
So, as I said, they all set up pretty much the same and when accessing the file shares, they all act and work the same, BUT for whatever reason Ubuntu seems faster. Especially when deleting files (no hard benchmark test done), Ubuntu is nearly instantaneous while the other two take several seconds. In all other file operations Ubuntu _seems_ to be snappier and more responsive.
The downfalls though, are TrendMicro's ServerProtect antivirus will not run on Ubuntu, but it will on Debian or CentOS. However, I'm not sure I even WANT to use ServerProtect. It would only be to do nightly scans of the file share, and I may even prefer clam since all our workstations have TrendMicro antivirus.
Ubuntu Server is also new enough that it hasn't really "proven" itself like Debian and CentOS have. I also need to make sure that the admsnap utility that works with our EMC Clarion SAN will install fine on Ubuntu (an rpm is provided for CentOS), so I can use it with the Samba Virtual Shadow Copy VFS module.
In short, I've been admining Redhat linux for like 8 years now and don't know if I want to switch. I really just want something that will run for at least 5 years, keep itself updated, and not break itself, but still provide good support for the latest samba features.
So there you have it.
BTW, the "#" denotes a line that should be typed into the console and then hit [enter], do not type the "#".
-------------------------------------------------------------------------------------------------------
After creating the virtual machine, boot to a GParted LiveCD and create an aligned /boot partition and swap partition. There is more information on this at the end of this post.
Install Debian from the latest netinst iso (I am using Debian 3.1r3). I would give it a 6 GB harddrive and remove the floppy drive.
Set hostname to FILES01.BUCOKS
I would suggest manually partitioning and set up a 106 MB /boot partition, at least 518 MB swap partition, 2.0 GB /var partition and the rest for the / partition. Be sure to set the /boot partition as flagged bootable.
When it asks what protocol to use for apt, choose http. When it ask to choose an apt mirror, you can pick any one but the sluglug one has worked well for me.
Log in as the user you set up and use ?su ?? to get to the root account.
# apt-get install sudo ssh alien screen libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl
# visudo
Add the line ?username ALL=(ALL) NOPASSWD: ALL? but of course replace username with the username you set up.
# ifconfig
Take note of the IP address assigned to eth0. You?ll need this to log in via ssh. Now exit the su with ?exit? and logout with ?logout?. Connect into the server via ssh. This makes things easier.
# nano .bash_profile
Add these two lines to the file:
PATH="${PATH}":/sbin
PATH="${PATH}":/usr/admsnap
# sudo apt-get install kernel-image-2.6.8-3-686 kernel-headers-2.6.8-3-686 && sudo shutdown ?r now
This will install a kernel that is compatible with Trend Micro?s ServerProtect (in case I decide to use ServerProtect). Just answer ?n? to the ?Do you want to stop now?? question in regards to the kernel.
# sudo mv /etc/securetty /etc/securetty.original && sudo touch /etc/securetty
This will deny direct root logins.
# sudo apt-get update && sudo apt-get upgrade
This will update the system
# wget http://superb-west.dl.sourceforge.net/sourceforge/webadmin/webmin_1.300_all.deb
# sudo dpkg ?i webmin_1.300_all.deb
This will download webmin and install it. It would probably be a good idea to go to www.webmin.com and find out the latest version. You can just replace 1.300 in the above link with the latest version number. It is also possible to install webmin with apt-get, but it is a horribly old package and the old interface is a bit clunky.
You can now login to webmin at https://serverip:1000 and use the root account and password. First things to do are change the ssh server to NOT allow root login, set up a new firewall allowing incoming ports 10000:tcp, 22:tcp, 136:udp, 137:udp, 138:tcp, 445:tcp and of course the lo incoming adapter and established,related connections. You will also need to change the ip address and gateway and then re-login using the new address (this should be 192.168.0.52 for FILES01 and should also have a dns entry).
Install vmware tools and set time.sync to TRUE
This best done from the vmware console, not ssh, as it does reset the network and will kill your ssh connection, therefore killing the installation.
Right-click on the virtual machine and choose ?Install Vmware Tools?
# sudo mount /media/cdrom
# tar ?xzf /media/cdrom/VMwareTools-whatever.tar.gz
# cd vmware-tools-distrib
# sudo /etc/init.d/networking stop
# sudo rmmod pcnet32
# sudo ./vmware-install.pl
Pretty much just [enter] your way through the install
# sudo rmmod pcnet32
# sudo rmmod vmxnet
# sudo depmod ?a
# modprobe vmxnet
# sudo /etc/init.d/network start
# sudo shutdown ?h now
In the VI client, after the virtual machine is off, right-click the virtual machine and choose ?Edit settings?? Go to the ?Options? tab, click Advanced and click ?Configuration Parameters?? Next to tools.syncTime, change ?FALSE? to ?TRUE?.
Power on the virtual machine.
Log in (through ssh) and do:
# rm -rdf vmware-tools-distrib/
To get rid of the vmware tools install files
# sudo cp /etc/apt/sources.list /etc/apt/sources.list.original
# sudo nano /etc/apt/sources.list
Add this line, without the quotes:
?deb http://www.backports.org/debian sarge-backports main?
Close and save
# sudo apt-get update
# sudo apt-get -t sarge-backports install krb5-user libpam-krb5 samba winbind attr
[enter] your way through the blue screen configuration questions. Go back into webmin > System > ?Bootup and Shutdown?, select Samba and Winbind (make sure you don?t accidentally select Webmin instead) and click ?Disable Now & On Boot?.
# sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original
# sudo mv /etc/krb5.conf /etc/krb5.conf.original
# sudo touch /etc/krb5.conf
Test with:
# kinit Administrator@DOMAIN
Enter the administrator password when prompted. It should not return any errors.
# sudo nano /etc/samba/smb.conf
Write out the smb.conf which I have copied at the end of this post.
# sudo net ads join
If you did not do the ?kinit? above then you will have to add ?-U Administrator? to this line. This will join this server to the Domain specified in the smb.conf
# sudo nano /etc/pam.d/samba
Add the following lines, without the quotes:
?auth required pam_winbind.so?
?account required pam_winbind.so?
Close and save the file.
# sudo nano /etc/nsswitch.conf
Add ?winbind? without the quotes to the end of the passwd and group lines.
# sudo ldconfig ?v | grep winbind
This will rebuild the linker cache. Just do it.
Let?s go ahead and install admsnap:
Use ssh to copy the admsnap i386 rpm file to the server. Install it with:
# sudo alien -i admsnap-whatever.i386.rpm
We already added the /etc/admsnap directory to our PATH statement above so it should be good to go. You can check it with:
# admsnap help
Which should return some usage information.
Take a snapshot and attach the lun for file storage:
# sudo shutdown ?h now
After the virtual machine shuts down, now would be a good time to take a snapshot. After adding an RDM to the virtual machine in ?Physical Compatibility? mode, you will not be able to take any more snapshots. You?ll want to add the SAN lun for the file share now. You do that by adding a harddrive, choosing RDM and use ?Physical Compatibility? so we can use admsnap. Power on the virtual machine and connect back in through ssh.
Back in webmin, click the Hardware tab and ?Partitions on local disks?. You should see the lun as a new disk, probably sdb (or SCSI device B). If this lun was just created it should have no partitions listed. If this is a rebuild and the lun has already been used, then it may have partitions on it. You may want to delete those and start over, or re-use those partitions, depending on the reasons for the rebuild.
Click ?Add primary partition?. Leave the defaults and click Create. Click on the ?Linux? label next to the new partition. In the drop down box next to ?Create Filesystem? choose ?New Linux Native (ext3)? and then click ?Create Filesystem?. Leave the defaults and click ?Create Filesystem? on the next screen. This will now take a while, do not close this window until it says ?... command complete.? at the bottom.
# sudo nano /etc/fstab
Add the following line, without the quotes:
?/dev/sdb1 /export ext3 defaults,acl,user_xattr 0 0?
Close and save.
# sudo mkdir /export
# sudo mount /export
# sudo mkdir /export/testshare
In webmin, go back to the ?Bootup and Shutdown? options, check Samba and Winbind, and choose to ?Start Now & On Boot?.
Test with this:
# getent passwd
# getent group
They should return Active Directory users and groups, respectively. For some reason, I?ve had to kill these the first time after they hung for several minutes and run them a second time. I?m guessing it has something to do with some timeout.
Restrict the share?s file permissions with this:
# sudo chmod 750 /export/testshare/
# sudo chgrp ?BUCOKS\domain users? /export/testshare
You should now be able to access the file share at \servername\test and edit permissions using the Windows security tab.
------------------------------------------------------------------------------------------------------
Appendix A: The smb.conf
-------------------------------------------------------------------------------------------------------
How to align partitions
Aligning partitions is something that can improve the perfomance of all servers, but is only really necessary when using SAN equipment. If you want to know more, google for it.
Only the first partition on a disk needs to be aligned. All subsequent partitions will fall into place as aligned.
Boot to a GParted LiveCD.
If this is on VMWare, be sure to choose ?Manual Video Card? and then ?done? during bootup. Choose the vesa driver, 16 bit screen depth, and 800x600.
Open a terminal and type
# fdisk /dev/sda
Type ?n? for new partition
Type ?p? for primary
Type ?1? for partition 1
Just hit enter to start at the first cylinder
If this is linux, type ?+102M? to create the /boot partition; for Windows, just hit [enter]
Type ?x? for expert mode
Type ?b? to specify starting block
Type ?1? to select partition 1
Type ?128? to make partition 1 align on 64KB boundary
Type ?r? to return to main menu
Type ?w? to write changes
If using for linux, create a swap partition after the first partition and go ahead and format it.
Reboot into your OS?s install cd, be sure you do not delete this partition. Either format it with Windows and install Windows on it, or create additional partitions in linux and then remove the first partition and recreate it as the /boot partition (be sure you do not touch the second partition already formatted as swap!).
For some reason, all the linux distros I?ve found give an error when the first partition is aligned.
--------------------------------------------------------------------------------------------------------
the original thread follows:
I set up all 3 (Debian, CenOS, and Ubuntu Server) as samba file servers attached to an Active Directory domain. They all set up pretty much the same, the only difference being getting the packages installed.
For Ubuntu, I used the samba packages provided in the default Ubuntu repos which gave me 3.0.20. For CentOS, I used the samba packages in the default CentOS repos which gave me 3.0.10. For Debian, I added the SerNet repos for samba (linked to from samba.org, so should be trustworthy) which gave me samba 3.0.23c (the latest). I could have used SerNet rpms for CentOS (no yum repo though), but I did not find that out until I was finished testing CentOS.
So, as I said, they all set up pretty much the same and when accessing the file shares, they all act and work the same, BUT for whatever reason Ubuntu seems faster. Especially when deleting files (no hard benchmark test done), Ubuntu is nearly instantaneous while the other two take several seconds. In all other file operations Ubuntu _seems_ to be snappier and more responsive.
The downfalls though, are TrendMicro's ServerProtect antivirus will not run on Ubuntu, but it will on Debian or CentOS. However, I'm not sure I even WANT to use ServerProtect. It would only be to do nightly scans of the file share, and I may even prefer clam since all our workstations have TrendMicro antivirus.
Ubuntu Server is also new enough that it hasn't really "proven" itself like Debian and CentOS have. I also need to make sure that the admsnap utility that works with our EMC Clarion SAN will install fine on Ubuntu (an rpm is provided for CentOS), so I can use it with the Samba Virtual Shadow Copy VFS module.
In short, I've been admining Redhat linux for like 8 years now and don't know if I want to switch. I really just want something that will run for at least 5 years, keep itself updated, and not break itself, but still provide good support for the latest samba features.
So there you have it.
