Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: jennyw on January 03, 2002, 03:50:14 AM
-
I'm looking for a good solution to replace an NT 4 server. Is e-smith the right package? Mostly, I'm interested in having an appliance-like distribution that can mimic an NT 4 PDC and allow login scripts in addition to authentication, file, and print service.
Thanks!
Jen
-
Jen,
> I'm looking for a good solution to replace an NT 4 server. Is
> e-smith the right package?
One word answer: Yes. More than one word answer (and based on my own experience): I moved a client from MSFT NT 4.x SBS [Small Business Server] to SME a few months ago. The switch was easy and they are very happy - no more worries about Exchange/IIS security problems like Nimda, etc.
> an appliance-like distribution that can mimic an NT 4 PDC and
> allow login scripts in addition to authentication, file, and
> print service.
SME will work quite well as a replacement for your NT4 PDC, handling all your needs listed - and it will do it on hardware you would never dream of running NT4/Win2k Server on...and at a fraction of the cost!
Two areas where it could use some improvement (at least for folks moving from NT).
1. Permissions on files: You will feel a little bit as though you have moved back to the peer-to-peer Win9x days since the i-bay setup is really a "share" with permissions given to groups. Of course the problem is that file level permissions are a little tougher to implement under SME. You will have to get used to some "command prompt" console usage to setup file level permissions - it can be done but it's sure not as easy as the GUI under NT/Win2k. (If someone can tell me otherwise, please do.)
2. Authentication/security: Here again, there is no GUI which quite handles password/login issues (password length, forced password change after X days, lockout after X attempts) like NT/Win2k. (If someone can tell me otherwise, please do.)
These aren't really "show stoppers" though, and I'd highly recommend you take a serious look and do a test SME install on some old discarded machine which will give you and idea - I think you will be impressed.
Good luck!
Regards,
Patrick
-
> I'm looking for a good solution to replace an NT 4 server. Is
> e-smith the right package?
yes, but a difference with NT4 : it's Exchange Server. Shared mailboxes don't work with wu-imap : i have uninstall th e-smith imap package and i have install and configure courier-imap for rh7.1.
but i completely agree with Patrick, it's a good solution, and my SBS, now, is in his box :)
Laurent
-
But, for example, how does one setup login scripts for users? I don't see anywhere this can be done. I'd rather just have access to the Samba config ... the ibay stuff is kind of annoying. Any ideas on where I can go for more info? I don't see much information on Samba at all in the documentation.
Thanks!
Jen
-
Samba uses a non-browseable share called netlogon to house the login script (netlogon.bat). There's certainly no GUI interface at this point for managing script changes, but Notepad works for me!
I have a commented netlogon.bat that works with the Win9x and NT families (not tested on XP) and which you are welcome to if it would help you - drop me a line off-list.
The ibays are actually pretty straightforward and easy to manage once you get past the initial hurdle - remember the whole idea is to simplify administration for small businesses. This is a reason for the ibays, and is also why the template system was created. You can use it to customize Samba (and other components) as you require. Have a look at http://www.e-smith.org/custom/ for more information.
Good Luck.
Des Dougan
-
Thanks! I was wondering though -- to enable e-smith as a PDC do I need to do something special? There's a place to put a workgroup name but no place to put a domain name. For e-smith, are they one and the same?
Do I need to edit smb.conf manually? Or is that a bad idea?
Jen
-
Jen,
The workgroup name is also the "domain" name for SME when setup as a PDC. To enable the SME server to act as the PDC you need to check the box in the 'Workgroup' server manager panel (below the name area).
Since SME uses templates and fragments to create the files you should never edit the smb.conf file directly - take a look at the documentation on this site for customizing files.
Regards,
Patrick
-
Thanks, Patrick! I'll take a look at the customization section on the Web site (it looked kind of short when I glanced at it). I keep getting the feeling I'm missing a significant amount of documentation ... is there some secret place where the rest of the info is? I've looked at the user manual but it doesn't mention pdc anywhere in there ... Is this just something you get to know after a while?
Thanks!
Jen
-
Jen,
Here's the section in the online docs about setting the workgroup (also domain) name and making it the domain master (PDC for us NT types).
http://www.e-smith.org/docs/manual/5.0/admin-setworkgroup.html
Here's the section talking about customizing your SME server, and yes - it's probably the "short" one you said you already saw.
http://www.e-smith.org/custom/
There is no other "secret" spot on the e-smith.org web site for more detailed documentation (as far as I know). If you are trying to do something I'd do a search in the phorums since most issues have been "stumbled upon" by those of us already running SME...you'll be surprised by how many tips you'll find.
Also, remember to check out the Contributed HOW TO's section:
http://www.e-smith.org/cgi-bin/contrib.cgi
and the Contributed RPMs:
http://www.e-smith.org/contrib/rpm-index/
I'd also point you to Darrell May's excellent web site for more info and some great add-in's and apps he's created for SME - myEZserver at http://myezserver.com/ (highly recommended)
Let us know how things go.
Regards,
Patrick
-
Patrick Basile wrote:
> Two areas where it could use some improvement (at least for
> folks moving from NT).
>
> 1. Permissions on files: You will feel a little bit as
> though you have moved back to the peer-to-peer Win9x days
> since the i-bay setup is really a "share" with permissions
> given to groups. Of course the problem is that file level
> permissions are a little tougher to implement under SME. You
> will have to get used to some "command prompt" console usage
Regards
Charlie
-
Patrick Basile wrote:
> 1. Permissions on files: You will feel a little bit as
> though you have moved back to the peer-to-peer Win9x days
> since the i-bay setup is really a "share" with permissions
> given to groups. Of course the problem is that file level
> permissions are a little tougher to implement under SME. You
> will have to get used to some "command prompt" console usage
> to setup file level permissions - it can be done but it's
> sure not as easy as the GUI under NT/Win2k. (If someone can
> tell me otherwise, please do.)
Hmm, I don't know what happened to my last post. Either I did something silly, or the browser did.
I'd advise you not to get used to the command prompt, and not to change file permissions that way. You'll find that your changes will be lost some time when the system is reconfigured or upgraded, when the SME server software ensures that the permissions are all what they "should be".
You'd be better to create and configure any required i-bays, and then move your data around so that it has the required access controls. This is not what you are used to, but it is simple, reliable and secure.
Regards
Charlie
-
Charlie Brady wrote:
> I'd advise you not to get used to the command prompt, and not to change file
> permissions that way. You'll find that your changes will be lost some time
> when the system is reconfigured or upgraded, when the SME server software
> ensures that the permissions are all what they "should be".
>
> You'd be better to create and configure any required i-bays, and then move
> your data around so that it has the required access controls. This is not
> what you are used to, but it is simple, reliable and secure.
Isn't this really a "step backwards" for those of us (and our clients) moving from NT/Win2k servers where there is true file level permissions? Is there a plan to have SME support file level permissions/ACL's?
One of the problems I have is that one of my clients wants all his data in one location on the server - for him the EFC i-bay. He then maps the F: drive on all workstations to an EFC i-bay, but he's got certain people that he doesn't want to access certain directories (folders) on that EFC i-bay.
I haven't found a way around this for him other than to command prompt the file/directory permissions. This file level permissions issue is one of the biggest drawbacks to SME that I have yet found. other ideas? How is everyone else handling this? I find it hard to believe that everyone is simply using share level (i-bay) permissions. Thanks.
Regards,
Patrick