Tag Archive | "orlando network administrator"

Ohh No! My business has grown, my computers and server are running out of storage space and our computer network is a mess!


Like most small businesses, your technology investments likely started small. You invested in a PC for yourself and a few other desktop computers for staff members. Perhaps you even have a small server. Most likely users keep his or her files on his PC; when someone needs a file they grab it with a USB flash drive or send it via email. Perhaps you have a shared folder setup so users share a folder with each other on your network.

Suddenly your business grew and what happened? Some of your computers are running out of storage or are not performing very good. Files are scattered across computers and you run into not being able to keep data organized. You have different versions of files in different places. Which is the most current, relevant version? In many cases nobody knows.

With any small business there comes a time when slow, neglected, misconfigured desktop or laptop computers simply doesn’t cut the mustard anymore. That’s when it’s time to consolidate, centralize, and share file storage across the network. This is when you need a professional network administrator – business computer expert or consultant to step in and help you.

Why consolidate? Why seek a professional network administrator? There are lots of reasons.

It’s more efficient PC based file storage of business critical data is naturally inflexible , inefficient and dangerous. Some of your PC’s may have huge amounts of storage to spare, but no way share it correctly, while others constantly run out of storage and require repeated internal storage upgrades or the addition of connected external hard drives which are also not redundant of a safe to store critical data. When you centralize and share storage, you get a single storage pool that you can slice, dice, and allocate to users and applications efficiently and easily without having to add internal or external hard drives to PCs with limited unused storage. Upgrades are less frequent and the storage you have is used much more efficiently and if configured correctly will be redundant and much safer then storing your companies data on a PC or external hard drive which will break down and crash sooner or later.

It’s more organized When all your files are stored in one place, they’re easier to find. It’s easier to keep track of which file is the most current. And since you don’t have to have multiple versions of the same files spread across the office network, you save on data storage space and prevent unnecessary headaches.

It’s easier to protect You know your employees should be backing up their files but, really, who does? It’s just a matter of time before files are lost with no way to get them back. Put all your storage in one redundant place and it’s easier to implement a single robust backup strategy that’s efficient and effective.
Ok, so now you know you should consolidate and share storage, but how do you do that?

There are three basic ways:

Direct-Attached Storage (DAS)

Direct attached storage refers to the storage “external hard-drive” attached directly to a PC or server. You can share files stored on one of your PC’s hard disks or buy a server running Microsoft Windows Server or Microsoft Windows Small Business Server and share its internal storage. As discussed earlier, you can also add storage to an internal bay of your server or add external storage via a USB cable. This is not the preferred way and is really cutting corners.
I don’t know about you but I value my data and take protecting it very seriously.

These are viable solutions if you have a high quality backup system in place, but if you haven’t yet made the leap to the world of servers, consider your other options carefully. Why?

Complexity – You have to do some research and investigation to find the right server for your needs. Then you must purchase, install, and configure the hardware and operating system for your network of computer users. If you’re new to server technology this can take a long time with the potential for a high level of frustration.This is the perfect time to call upon a professional network administrator – computer and network expert to do this for you.

Once your server is installed, its loosely integrated collection of hardware, operating system, and software require ongoing tuning and troubleshooting and maintenance. The server operating system and software are likely to require frequent patching and updates for continued security and performance and most importantly business continuity.

Availability – DAS storage can only be accessed through the server or PC to which it is attached. If that server goes down or is turned off for any reason, the storage and data will not be available to the network – computer users.

Upgrades – If you run out of storage you’ll probably have to shut down the server to install a new hard disk. This requires downtime and staff resources. Some servers and external storage solutions let you swap hard disks in and out while the server is up and running, but these tend to be at the high end for medium and large business use.

Performance – The typical server operating system (OS) is designed to run many different applications, provide many different types of services, and carry out many different tasks simultaneously. A full fledged OS such as Microsoft small business server can have an unnecessary impact on performance if all you really want to do is share files.
” A good network administrator – computer and networking expert” will help you choose the best hardware and software for your specific needs and budget. Avoid the high pressure pushy IT sales guy that tries to sell you expensive hardware and software without fully explaining the pros, cons and different recommended options with you.
While high quality comes with a price  make sure you understand whats going on before open your wallet.

Flexibility – You can run into similar inefficiencies with server attached DAS drives just as you did with your PC attached DAS drives. As your business grows and you add more storage capacity to your network, heavily used servers and DAS units will run out of storage frequently, requiring upgrades, and have higher potential to break down or crash if you will.

Despite these concerns, DAS can be an inexpensive viable solution for many networks, particularly those that also want to run server applications like email, CRM, and other database solutions.

Storage Area Network (SAN)

An alternative to using DAS is to separate storage from your servers and put it on its own specialized, high performance storage network called a storage area network (SAN). With a SAN, storage is no longer enslaved to a single server but sits independently on the SAN where it can be shared, sliced, diced, and allocated to servers, users and applications from a single pool.

For years, SANs ran on a complex technology called Fibre Channel that was too expensive for small businesses.
Fibre channel SAN systems are popular in data center, server farm and other mission critical server environments commonly found with fortune 500 companies, banks, web hosting companies and other high end computing environments. However a fairly new SAN technology called iSCSI offers very good performance, uses the same equipment as your Ethernet network, and is relatively simple to use.

Like DAS, however, SAN storage uses a low level, block based storage architecture that requires a server with an operating system to present files to users. Each server needs its own iSCSI host adapter or initiator software to communicate with the SAN. That’s why if you only intend to share files and printers on your network, a full fledged SAN can be an overkill. SANs are most appropriate where higher network performance is desired.
If you intend to host a database or perhaps multiple databases or computer users share and access large files then higher performance is going to benefit you.

Network-Attached Storage (NAS)

Small businesses looking for extra storage to share files and print services should take a close look at network attached storage (NAS). Like a server, a NAS device sits directly on the network. And like a server, a NAS device serves files not bare blocks of storage to users and applications. However, unlike a server, a NAS device does not require installing, configuring, tuning, and updating a server operating system. And unlike a SAN, a NAS doesn’t need a separate server to serve up its blocks of data as files. Instead, a NAS comes preconfigured with just the parts of an operating system necessary to serve files to users and applications.

Most NAS devices serve files using either the Network File System (NFS), which is an open source file system, or the Common Internet File System (CIFS), which is the system used by Windows to serve files to the user. Many can use both. The growing popularity of Apple desktops and laptops has pushed many network storage devices to also support the Apple File Protocol (AFP).

NAS devices have several advantages:

Independence – A NAS can sit anywhere on the network, independent of servers, and serve files to any network connected computer or server. If a server or PC goes down, the NAS is still functional. If power goes down, there’s no need for complex reconfiguration. With its simple architecture and setup, a NAS can be up and running again in minutes providing there is no major damage to the unit or drives.

Ease of Use – NAS devices typically come as preconfigured, almost turnkey solutions. There’s no need to install a host adapter or operating system. You simply plug the NAS into the network and, depending on the ease of use of the user interface, you do some very light configuration using a Web browser. There may be a little more configuration to do on PC’s and servers accessing the device, but in most cases you’re up and running in minutes. Compared to traditional servers, NAS units require little maintenance, few updates, and little troubleshooting. Whatever administration is necessary can usually be done via a simple Web browser interface.

Easy Upgrades – Adding storage to a server usually requires shutting down the server, replacing a drive or adding a new one and then booting up the server again. To get more storage with NAS, you simply plug another NAS device into the network and are up and running with additional shared file storage in minutes. Or some NAS devices allow swapping of hard drives or adding internal or external storage while they are in operation (commonly known as “hot swap”).

Flexibility – Many NAS devices can share their files easily among Windows, APPLE – Mac, UNIX, and Linux based computers. Some are also flexible enough to be used as a NAS, as DAS for a single server, or, as a storage device on a SAN. Many also come with capabilities for sharing printers.

Easy Backup – NAS devices can be a great storage medium for PC based backups. Many of these devices come with backup software that is easy to configure and use, both for backing up user computers to the NAS and backing up the NAS to another storage device, tape, or an external backup service. When all your files are in one place, backup is inherently easier than when they are spread around the office. Some NAS’s also come with easy tools for migrating data to the device and replicating data over the network from storage device to storage device.

In summary, depending on the needs of your small business and your technical expertise, you may be best off with DAS, a SAN, or NAS solution. If simple file and print sharing is your goal and your staff has little networking technical expertise, a NAS is often the best solution. Regardless of which solution you have or are questioning don’t skip out on having a professional network administrator – computer – networking expert help you choose the best solution for YOU!

You are special, your business is special, your data is literally priceless  and preserving and protecting it should be taken seriously.

Posted in Computers, Data Storage, ServersComments (0)

Replacing a Microsoft file server / domain controller with a Linux and Samba server


This is not only a demonstration of the power and flexibility of Linux but it has as well an important economic consequence:

  • Big savings in payments of licenses for Microsoft Windows servers.
  • A similar or better performance can be achieved, even using less hardware resources than required by a Windows server (in terms of processor and RAM).

A Linux server with SAMBA properly configured can substitute a Windows NT/2000 server, it commonly shares directories, gives an active directory service (ADS) but it can also work as PDC (Primary Domain Controller), doing the users authentication with Windows 2000/NT/98/95 clients, sharing resources (directories and printers) and customizing the user sessions.
This article concentrates particularly on these aspects.

As a result, for many environments where this is the main function of a Windows server, the Linux server with SAMBA substitutes all functions of a server based on Microsoft operating system, with no changes in the clients computers.
For the steps that will be presented, it is assumed that: SAMBA is already installed and working correctly on the machine that will be used as server. The reader knows basic concepts about Linux and Windows servers.

Case Study

Consider a Linux/Samba server working as a PDC, where every authenticated user also has access to two shared directories on the server, one for a public area and other for a private area. In this article it will be considered a quite frequent case to access a private data area, the access to a personal directory for each user.

Details to be considered:

Linux/Samba NetBIOS Name:SMBServer
Windows domain name (workgroup): THEDOMAIN
Private partition for each user: H: (Windows) => /home/ (Linux server)
Public partition: P: (Windows) => /home/public

Configuration

Follow the steps:

1) Create the users that should be authenticated in the PDC – primary domain controller server (Linux with Samba).
Use the adduser command, useradd or userconf, you can also use some tool for users administration, but with graphic user interfase (Webmin, Linuxconf, Yast, etc.).

Be sure that users have access only to Linux/Samba services (if you want it), it implies they don’t have access to the Linux shell, to do it they will have /dev/null as home directory and /bin/false as shell.

2) Convert the UNIX users to Linux/Samba/Windows users, creating the smbpasswd file.

cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

Another way to do it, execute the following Samba commands for users creation and for passwords definition:

smbadduser
smbpasswd

These commands work in a similar way to adduser and passwd commands.

3) Edit the Samba configuration file (smb.conf), making sure to include or to remove the comment signs for the options that are shown below:

netbios name = SMBServer
workgroup = THEDOMAIN
server string = Linux Samba NT Server
log file = /var/log/samba/%m.log
max log file = 0
security = user
encrypt password = yes
smb password file = /etc/samba/smbpasswd
ssl CA certificate = /usr/share/ssl/.... (cancel comment)
socket options = (cancel comment)
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon script = logon.bat
wins support = yes

Note:

For a specific login for each user, replace the logon script with %U.bat”, therefore each user has a “logon script” with his user name, %u could also be used. If you want some way to consider the group to which the user belongs, you can use %g or %G, the meaning of these parameters and others can be found in the manual (man smb.conf)

4) Create the shared resources
Edit the smb.conf file and comment all the “shares” samples, making the necessary changes to add the following information:

[netlogon]
comment = Initialization Scripts
path = /home/netlogon
read only = yes
guest ok = yes
browseable = no

[home]
comment = User Directory
path = /home/%U
browseable = yes
writable = yes

[public]
comment = Public Directory
path = /home/public
browseable = yes
writable = yes
guest ok = yes
create mask = 0777
force create mask = 0777

Save the smb.conf file

5) You can test the smb.conf correctness by using this command:

testparm

This command analyzes the smb.conf file and reports errors if it finds them.

6) Create the directories /home/netlogon and /home/public with permissions 0754(netlogon) and 0777 (public).

7) Edit the script Logon file: logon.bat.
Important: Use a text editor for DOS/Windows (like Notepad or Edit) to create the file logon.bat (so that it is saved as text file in a MS compatible format), also you can do it using a text editor running on Linux and after that you must convert to the correct text format. You can e.g use vim’s “:set textmode” command to get a file with MS line endings.

net time \\SMBServer /y (you can also use: /yes instead of /y )
net use H: \\SMBServer\home -y
(you can also use: /yes or /y instead of -y )
net use P: \\SMBServer\public -y

8) Include SMBServer information in the lmhosts file.
Edit the /etc/samba/lmhosts file (or /etc/lmhosts) and add a line with your SMBSever information.

SMBServer, i.e: 192.168.0.10 SMBServer

9) Start/Restart the Samba daemon (smbd)

service smb restart

If it does not work correctly in your Linux distribution, you can use:
ps -auxgx | grep smb
kill -9 <process ID of smb>
smbd

10) Use smbclient to verify if the previously specified configuration is working correctly.

smbclient -L //SMBServer

if “Password:” is displayed, press “Enter” and shared resources by the server will be shown.

11) Do a client login, using some Windows 95/98/NT computer, in the domain THEDOMAIN, use some Linux/Samba user previously created (see steps 1 and 2).

On Windows 95/98/ME, it should be configured according to the following actions sequence:

Start => Setup => Control Panel=> Network =>Network Client for Microsoft Networks => Properties.

A very similar idea can be used for Windows NT/2000 clients (Workstation/Professional), although the sequence could not be the same.

Click in the option “Start session in Windows NT/2000 domain” and write this domain: THEDOMAIN (WORKGROUP).

A sample of configuration file

A complete SAMBA configuration file is presented here, this file has been tested with several Linux distributions. The reader can modify it to obtain the needed results presented in this article. Each instruction that appears is properly commented.

As last advice for those who want to achieve a quick configuration of SAMBA, can install the Webmin and/or SWAT, tools that allow to configure it in a friendly way.

#============================================================#
# /etc/smb.conf
#————————————————————————————————————#
# Main SAMBA configuration file
# File Skeleton for configuration, select the
# parameters according to your requirements.
#————————————————————————————————————#
# Tested with the systems: Solaris and Linux/Distributions:
# RedHat 6.0, 7.0 and 7.1
# Solaris 7
# Slackware 7.x
# Mandrake 6.1, 7.0 and 8.1
# SuSe 7.2
#
# This file has been developed following documentation specifications of
# SAMBA, from smb.conf(5) manual
#
# OBS: After modify this file, test it with the “testparm” command
#
#======================== Global Options =======================#
#
# General configuration
#
[global]
#……………………………………………………………………………………………………………………..#
# workgroup = NT-Domain-Name o Workgroup-Name, ie: THEDOMAIN
# PDC Domain
workgroup = THEDOMAIN
#……………………………………………………………………………………………………………………..#
# Name which this machine will be anounced in the others machines
netbios name = SMBServer
#……………………………………………………………………………………………………………………..#
# This comment will appear in the “Network Neighborhood” Windows
server string = Samba Server
#……………………………………………………………………………………………………………………..#
# This line is important for security reasons, to allow connections
# with some specified computers in a local network.
# In this example, access is granted to computers connected to 192.168.8.0 network
# (commonly C class) and from “loopback” interfase. For more details, read the smb.conf
# man pages
# I.E: Shared resources can only be used from computers where IP address begins
# with 192.168.8 and with 127 (commented sentence in the following line)
; hosts allow = 192.168.8. 127.
#……………………………………………………………………………………………………………………..#
# If you want to load automaticaly a printer list instead of write
# one by one, use this:
; load printers = yes
#……………………………………………………………………………………………………………………..#
# Overwrite the printcap location (path) is possible
; printcap name = /etc/printcap
#……………………………………………………………………………………………………………………..#
# In SystemV printcap name properties for lpstat must allow
# automaticaly obtain a printers list from spool system
# of SystemV (good word redundance :-)
; printcap name = lpstat
#……………………………………………………………………………………………………………………..#
# It should not be necessary to specify the print system type unless it is non-standard.
# Currently supported print systems are:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = bsd
#……………………………………………………………………………………………………………………..#
# Uncomment this if you want a guest account
# you must add this to /etc/passwd otherwise the user “nobody” is used
; guest account = pcguest
#……………………………………………………………………………………………………………………..#
# This is to force the use of a different log file for each computer
# that will connect with the SAMBA server
log file = /var/log/samba/log.%m
#……………………………………………………………………………………………………………………..#
# Put a limitation on the size of the log files (in Kb).
max log size = 50
#……………………………………………………………………………………………………………………..#
# Read security_level.txt for more details
# Indicates the mode to do a passwords validation
# User level security = each user with his password (smbpasswd)
security = user
#……………………………………………………………………………………………………………………..#
# If security = server then validation will be made using another server
# Use the value “password server” only with security = server
# password server = [server authentication IP address].
; password server = <NT-Server-Name>
#……………………………………………………………………………………………………………………..#
# If you want to use password encryption. Please read ENCRYPTION.TXT,
# Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have enough information about this property.
# Information: Win95, Win98 and WinNT sends encrypted passwords.
encrypt passwords = yes
#……………………………………………………………………………………………………………………..#
# Using the following line enables you to customize your configuration
# for each machine in the network. The %m gets replaced with the netbios name
# of the machine that is connecting .
; include = /usr/local/samba/lib/smb.conf.%m
#……………………………………………………………………………………………………………………..#
# Documentation and some popular “tips” says: possibly you will find
# that this option gives better performance. Try it !
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY
#……………………………………………………………………………………………………………………..#
# Samba configuration to use multiple network interfaces
# If you have multiple network interfaces then you must list them here. Like the example
# Read the man page for details.
; interfaces = 192.168.8.2/24 192.168.12.2/24
#……………………………………………………………………………………………………………………..#
# Browser Control Options:
# set local “master = no” if you don’t want Samba to become a master browser on your network.
local master = yes
#……………………………………………………………………………………………………………………..#
# OS Level determines the precedence of this server in master browser election
# Commonly, the default value should be reasonable
; os level = 33
#……………………………………………………………………………………………………………………..#
# Domain Master specifies Samba to be the Domain Master Browser.
# This allows Samba to run services as domain controller and can “view” machines
# in different TCP/IP subnets

# Don’t use this if you already have a Windows NT/2000 domain controller doing this job.
domain master = yes
#……………………………………………………………………………………………………………………..#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election.
# If we have more than one server, the preferred master will be the “favorite”
# when clients search for a server in a list
preferred master = yes
#……………………………………………………………………………………………………………………..#
# Use this, only if you have a NT/2000 server in your network, and it is working
# as a PDC (primary domain controller).
; domain controller = <NT-Domain-Controller-SMBName>
#……………………………………………………………………………………………………………………..#
# Enable this if you want to use SAMBA as “domain logon server” for
# Windows 9x/Me workstations.
domain logons = yes
#……………………………………………………………………………………………………………………..#
# If you enables “domain logons” then you must to use a logon script,
# for each machine or for each user in the Windows network

# For specific logon batch for each workstation computer
; logon script = %m.bat

# For specific logon batch for each user
; logon script = %U.bat
#……………………………………………………………………………………………………………………..#
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes this server’s NetBIOS name, %U substitutes the username

# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
#……………………………………………………………………………………………………………………..#
# Support for Windows Internet Name Service:
# WINS Support – tells to NMBD to enables his WINS Server.
# WINS protocol, converts machine names to IP addresses,
# it works like DNS works with TCP/IP.
; wins support = yes
#……………………………………………………………………………………………………………………..#
# WINS Server – Tells the NMBD components of Samba to be a WINS Client
# SAMBA Server can be one of these: WINS Server or WINS Client,
# but NO both at the same time.
# Here WINS IP Server must be specified
; wins server = 192.168.8.1
#……………………………………………………………………………………………………………………..#
# WINS Proxy – Tells Samba to answer name resolution queries on behalf of a non WINS
# capable client, for this to work there must be at least one WINS Server on the network.
# The default value is NO.
; wins proxy = yes
#……………………………………………………………………………………………………………………..#
# DNS Proxy – tells Samba whether or not to try to resolve NetBIOS names via DNS nslookups.
# The built-in default for versions 1.9.17 is yes, this has been changed since version 1.9.18 to no.

# Here we can tell to SAMBA that name resolution will be made by using DNS or not.
# dns proxy = yes
# dns proxy = no (name resolution will be made by using the file lmhosts )
#……………………………………………………………………………………………………………………..#
# If logon drive is not specified, the Z: unit is automounted
logon drive = P:
#……………………………………………………………………………………………………………………..#
#When a login occurs this script is executed: /etc/samba/netlogon/SAMBA.BAT
# and mount disk units by using “net use”
logon script = SAMBA.BAT

#====================== Share Definitions ========================#

# Personal directory for each user
# Unit P:

[homes]
comment = Home Directories
browseable = no
writable = yes
readonly = no
force create mode = 0700
create mode = 0700
force directory mode = 0700
directory mode = 700

#————————————————————————————————————#
# Directory for temporal files
# Unit T:

[tmp]
comment = Tempora Files
path = /tmp
readonly = no
public = yes
writable = yes
force create mode = 0777
create mode = 0777
force directory mode = 0777
directory mode = 0777

#————————————————————————————————————#
# CD-ROM in server
# Unit L:

[cdrom]
comment = CD-ROM
path = /mnt/cdrom
public = yes
writable = no

#————————————————————————————————————#
# Group, corresponding to /home/grp.name_group
# /home/user/group is a link to /home/grp.name_group
# grp.name_group have permissions 770
# Unit G:

[group]
comment = Directory of Group
path = /home/%u/group
writable = yes
readonly = no
force create mode = 0770
create mode = 0770
force directory mode = 0770
directory mode = 0770

#————————————————————————————————————#
# This unit is to store applications, installation software,
# corporative software, etc.
# permissions of /net and /net/install 755, i.e: here root is the owner
# Unit N:

[net]
comment = Directory Net
path = /net
writable = yes
readonly = no
force create mode = 0750
create mode = 0750
force directory mode = 0750
directory mode = 0750

#————————————————————————————————————#
[netlogon]
comment = Logon Services in the Network
path = /etc/samba/netlogon
guest ok = yes
writable = no
locking = no
public = no
browseable = yes
share modes = no

#————————————————————————————————————#
#============================================================#

Posted in Computers, Data Storage, How To's, Linux, Microsoft, Servers, SoftwareComments (0)


Advert