1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�7.�Stand-alone Servers</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.66.1"><link rel="start" href="index.html" title="The Official Samba-3 HOWTO and Reference Guide"><link rel="up" href="type.html" title="Part�II.�Server Configuration Basics"><link rel="prev" href="domain-member.html" title="Chapter�6.�Domain Membership"><link rel="next" href="ClientConfig.html" title="Chapter�8.�MS Windows Network Configuration Guide"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�7.�Stand-alone Servers</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="domain-member.html">Prev</a>�</td><th width="60%" align="center">Part�II.�Server Configuration Basics</th><td width="20%" align="right">�<a accesskey="n" href="ClientConfig.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="StandAloneServer"></a>Chapter�7.�Stand-alone Servers</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="StandAloneServer.html#id2543471">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="StandAloneServer.html#id2543503">Background</a></span></dt><dt><span class="sect1"><a href="StandAloneServer.html#id2543565">Example Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="StandAloneServer.html#RefDocServer">Reference Documentation Server</a></span></dt><dt><span class="sect2"><a href="StandAloneServer.html#SimplePrintServer">Central Print Serving</a></span></dt></dl></dd><dt><span class="sect1"><a href="StandAloneServer.html#id2544300">Common Errors</a></span></dt></dl></div><p> 2Stand-alone Servers are independent of Domain Controllers on the network. 3They are not Domain Members and function more like workgroup servers. In many 4cases a Stand-alone Server is configured with a minimum of security control 5with the intent that all data served will be readily accessible to all users. 6</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2543471"></a>Features and Benefits</h2></div></div></div><p> 7Stand-alone Servers can be as secure or as insecure as needs dictate. They can 8have simple or complex configurations. Above all, despite the hoopla about 9Domain Security they remain a common installation. 10</p><p> 11If all that is needed is a server for read-only files, or for 12printers alone, it may not make sense to effect a complex installation. 13For example: A drafting office needs to store old drawings and reference 14standards. No-one can write files to the server as it is legislatively 15important that all documents remain unaltered. A share mode read-only Stand-alone 16Server is an ideal solution. 17</p><p> 18Another situation that warrants simplicity is an office that has many printers 19that are queued off a single central server. Everyone needs to be able to print 20to the printers, there is no need to effect any access controls and no files will 21be served from the print server. Again, a share mode Stand-alone Server makes 22a great solution. 23</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2543503"></a>Background</h2></div></div></div><p> 24The term <span class="emphasis"><em>Stand-alone Server</em></span> means that it 25will provide local authentication and access control for all resources 26that are available from it. In general this means that there will be a 27local user database. In more technical terms, it means resources 28on the machine will be made available in either SHARE mode or in 29USER mode. 30</p><p> 31No special action is needed other than to create user accounts. Stand-alone 32servers do not provide network logon services. This means that machines that 33use this server do not perform a domain logon to it. Whatever logon facility 34the workstations are subject to is independent of this machine. It is, however, 35necessary to accommodate any network user so the logon name they use will 36be translated (mapped) locally on the Stand-alone Server to a locally known 37user name. There are several ways this can be done. 38</p><p> 39Samba tends to blur the distinction a little in respect of what is 40a Stand-alone Server. This is because the authentication database may be 41local or on a remote server, even if from the SMB protocol perspective 42the Samba server is not a member of a domain security context. 43</p><p> 44Through the use of Pluggable Authentication Modules (PAM) and the name service switcher (NSSWITCH), 45which maintains the UNIX-user database) the source of authentication may reside on 46another server. We would be inclined to call this the authentication server. 47This means that the Samba server may use the local UNIX/Linux system password database 48(<tt class="filename">/etc/passwd</tt> or <tt class="filename">/etc/shadow</tt>), may use a 49local smbpasswd file, or may use an LDAP backend, or even via PAM and Winbind another CIFS/SMB server 50for authentication. 51</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2543565"></a>Example Configuration</h2></div></div></div><p> 52The examples, <a href="StandAloneServer.html#simplynice" title="Example�7.1.�smb.conf for Reference Documentation Server">Reference Documentation Server</a>, and 53<a href="StandAloneServer.html#SimplePrintServer" title="Central Print Serving">Central Print Serving</a>, 54are designed to inspire simplicity. It is too easy to attempt a high level of creativity 55and to introduce too much complexity in server and network design. 56</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="RefDocServer"></a>Reference Documentation Server</h3></div></div></div><p> 57Configuration of a read-only data server that everyone can access is very simple. 58<a href="StandAloneServer.html#simplynice" title="Example�7.1.�smb.conf for Reference Documentation Server">Following example</a> is the <tt class="filename">smb.conf</tt> file that will do this. Assume that all the reference documents 59are stored in the directory <tt class="filename">/export</tt>, and the documents are owned by a user other than 60nobody. No home directories are shared, and there are no users in the <tt class="filename">/etc/passwd</tt> 61UNIX system database. This is a simple system to administer. 62</p><div class="example"><a name="simplynice"></a><p class="title"><b>Example�7.1.�smb.conf for Reference Documentation Server</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[global]</tt></i></td></tr><tr><td><a class="indexterm" name="id2543664"></a><i class="parameter"><tt> 63 64 workgroup = MIDEARTH</tt></i></td></tr><tr><td><a class="indexterm" name="id2543680"></a><i class="parameter"><tt> 65 66 netbios name = GANDALF</tt></i></td></tr><tr><td><a class="indexterm" name="id2543696"></a><i class="parameter"><tt> 67 68 security = SHARE</tt></i></td></tr><tr><td><a class="indexterm" name="id2543711"></a><i class="parameter"><tt> 69 70 passdb backend = guest</tt></i></td></tr><tr><td><a class="indexterm" name="id2543727"></a><i class="parameter"><tt> 71 72 wins server = 192.168.1.1</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[data]</tt></i></td></tr><tr><td><a class="indexterm" name="id2543751"></a><i class="parameter"><tt> 73 74 comment = Data</tt></i></td></tr><tr><td><a class="indexterm" name="id2543766"></a><i class="parameter"><tt> 75 76 path = /export</tt></i></td></tr><tr><td><a class="indexterm" name="id2543782"></a><i class="parameter"><tt> 77 78 guest only = Yes</tt></i></td></tr></table></div><p> 79In <a href="StandAloneServer.html#simplynice" title="Example�7.1.�smb.conf for Reference Documentation Server">the example</a> above, the machine name is set to GANDALF, the workgroup is set to the name 80of the local workgroup (MIDEARTH) so the machine will appear together with systems with 81which users are familiar. The only password backend required is the “<span class="quote"><span class="emphasis"><em>guest</em></span></span>” backend to allow default 82unprivileged account names to be used. As there is a WINS server on this network, we of obviously make use of it. 83</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="SimplePrintServer"></a>Central Print Serving</h3></div></div></div><p> 84Configuration of a simple print server is easy if you have all the right tools 85on your system. 86</p><div class="orderedlist"><p class="title"><b> Assumptions:</b></p><ol type="1"><li><p> 87 The print server must require no administration. 88 </p></li><li><p> 89 The print spooling and processing system on our print server will be CUPS. 90 (Please refer to <a href="CUPS-printing.html" title="Chapter�20.�CUPS Printing Support">CUPS Printing Support</a> for more information). 91 </p></li><li><p> 92 The print server will service only network printers. The network administrator 93 will correctly configure the CUPS environment to support the printers. 94 </p></li><li><p> 95 All workstations will use only postscript drivers. The printer driver 96 of choice is the one shipped with the Windows OS for the Apple Color LaserWriter. 97 </p></li></ol></div><p> 98In this example our print server will spool all incoming print jobs to 99<tt class="filename">/var/spool/samba</tt> until the job is ready to be submitted by 100Samba to the CUPS print processor. Since all incoming connections will be as 101the anonymous (guest) user, two things will be required: 102</p><div class="itemizedlist"><p class="title"><b>Enabling Anonymous Printing</b></p><ul type="disc"><li><p> 103 The UNIX/Linux system must have a <span><b class="command">guest</b></span> account. 104 The default for this is usually the account <span><b class="command">nobody</b></span>. 105 To find the correct name to use for your version of Samba, do the 106 following: 107</p><pre class="screen"> 108<tt class="prompt">$ </tt><b class="userinput"><tt>testparm -s -v | grep "guest account"</tt></b> 109</pre><p> 110 Make sure that this account exists in your system password 111 database (<tt class="filename">/etc/passwd</tt>). 112 </p></li><li><p> 113 The directory into which Samba will spool the file must have write 114 access for the guest account. The following commands will ensure that 115 this directory is available for use: 116</p><pre class="screen"> 117<tt class="prompt">root# </tt><b class="userinput"><tt>mkdir /var/spool/samba</tt></b> 118<tt class="prompt">root# </tt><b class="userinput"><tt>chown nobody.nobody /var/spool/samba</tt></b> 119<tt class="prompt">root# </tt><b class="userinput"><tt>chmod a+rwt /var/spool/samba</tt></b> 120</pre><p> 121 </p></li></ul></div><p> 122The contents of the <tt class="filename">smb.conf</tt> file is shown in <a href="StandAloneServer.html#AnonPtrSvr" title="Example�7.2.�smb.conf for Anonymous Printing">the next example</a>. 123</p><p> 124</p><div class="example"><a name="AnonPtrSvr"></a><p class="title"><b>Example�7.2.�smb.conf for Anonymous Printing</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td># Global parameters</td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[global]</tt></i></td></tr><tr><td><a class="indexterm" name="id2544034"></a><i class="parameter"><tt> 125 126 workgroup = MIDEARTH</tt></i></td></tr><tr><td><a class="indexterm" name="id2544050"></a><i class="parameter"><tt> 127 128 netbios name = GANDALF</tt></i></td></tr><tr><td><a class="indexterm" name="id2544065"></a><i class="parameter"><tt> 129 130 security = SHARE</tt></i></td></tr><tr><td><a class="indexterm" name="id2544081"></a><i class="parameter"><tt> 131 132 passdb backend = guest</tt></i></td></tr><tr><td><a class="indexterm" name="id2544096"></a><i class="parameter"><tt> 133 134 printing = cups</tt></i></td></tr><tr><td><a class="indexterm" name="id2544112"></a><i class="parameter"><tt> 135 136 printcap name = cups</tt></i></td></tr><tr><td> </td></tr><tr><td><i class="parameter"><tt>[printers]</tt></i></td></tr><tr><td><a class="indexterm" name="id2544136"></a><i class="parameter"><tt> 137 138 comment = All Printers</tt></i></td></tr><tr><td><a class="indexterm" name="id2544152"></a><i class="parameter"><tt> 139 140 path = /var/spool/samba</tt></i></td></tr><tr><td><a class="indexterm" name="id2544167"></a><i class="parameter"><tt> 141 142 printer admin = root</tt></i></td></tr><tr><td><a class="indexterm" name="id2544183"></a><i class="parameter"><tt> 143 144 guest ok = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2544198"></a><i class="parameter"><tt> 145 146 printable = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2544213"></a><i class="parameter"><tt> 147 148 use client driver = Yes</tt></i></td></tr><tr><td><a class="indexterm" name="id2544229"></a><i class="parameter"><tt> 149 150 browseable = No</tt></i></td></tr></table></div><p> 151</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> 152<a class="indexterm" name="id2544249"></a> 153<a class="indexterm" name="id2544258"></a> 154On CUPS-enabled systems there is a facility to pass raw data directly to the printer without 155intermediate processing via CUPS print filters. Where use of this mode of operation is desired, 156it is necessary to configure a raw printing device. It is also necessary to enable the raw mime 157handler in the <tt class="filename">/etc/mime.conv</tt> and <tt class="filename">/etc/mime.types</tt> 158files. Refer to <a href="CUPS-printing.html#cups-raw" title="Explicitly Enable “raw” Printing for application/octet-stream">Explicitly Enable “<span class="quote"><span class="emphasis"><em>raw</em></span></span>” Printing for 159<span class="emphasis"><em>application/octet-stream</em></span></a>. 160</p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2544300"></a>Common Errors</h2></div></div></div><p> 161The greatest mistake so often made is to make a network configuration too complex. 162It pays to use the simplest solution that will meet the needs of the moment. 163</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="domain-member.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="type.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="ClientConfig.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�6.�Domain Membership�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�8.�MS Windows Network Configuration Guide</td></tr></table></div></body></html> 164