From: Thomas Fortner <thomas fortner sbcglobal net>
To: Red Hat Support List <redhat-list redhat com>
Subject: RE: Samba
Date: Fri, 19 Mar 2004 08:59:27 -0600
Great information to have. Where do set the 'OS level' in samba. I don't
have my Samba book on hand. Do I just put it in the global settings in the
I want the Samba server to be my master browser. One of my next todo's is
having the Samba server emulate a domain controller. I'm going to have to
get the new Samba 3.0 material too!
> Okay, please don't rip my head off here for asking a MS question, but I
> figured I would get a slightly less biased answer here. That being
> We are upgrading our Exchange 5.5 server to Exchange 2003. We are a
> mixed shop with Linux and Windows. (There are numerous other systems,
> mostly of the *nix variety) While I tried to edge them to use
> Communitgate Pro, Contact, or OpenExchange, they decided there would be
> less impact on users if we stayed with Exchange.
> Now comes my issues, I feel like Alice falling down the rabbit hole
> here. In reading the docs for Exchange 2003, it says it needs Active
> Directory. Great, so now I have to learn Active Directory and futz with
> that. Now I am setting up Active Directory, flying by the seat of my
> pants, and it says that it wants its own DNS server in order to work
> properly. All my DNS servers are Linux based.
> Can Active Directory work with Linux based DNS? I thought I recalled a
> few of you saying you had Exchange 2000/2003 running, just wanted to
> know how you did it.
> Any help would be appreciated.
> Edward M. Croft
> Sr. Systems Engineer
> Open Ratings, Inc.
> 200 West Street
> Waltham, MA 02451-1121
> Hi Edward,
> Actually the answer is both yes and no. Yes, you can make Bind 9 work
> with Active Directory, but it will not resolve NetBIOS names, which
> Active Directory requires for file/print sharing. When you set up an
> Active Directory domain controller, it requires an Active Directory
> enabled DNS server, something Bind cannot do. Active Directory has
> hidden objects in the DNS records that don't appear in the zone files
> because they are embedded in the registry. Also, to find a domain
> controller to authenticate Windows clients, you must have SRV resource
> records in the zone, something Bind 9 supports but I've never tried it
> so I can't say how well it works.
> Another issue you will face is the matter of broadcast storms from
> browse master elections. Domain controllers win those elections when
> they exist, but every new client starting up forces a new browse master
> election. You can limit this by using Samba and set the "OS level" value
> to 65 or greater and the Samba server will win all the elections, and
> then you can use Samba's WINS server to handle your workstation browse
> I would try to make the Exchange Server a domain controller and a DNS
> server. This would reduce the amount of traffic created by the Exchange
> server and its clients since they use DNS and not WINS. For file and
> Print sharing I would use Samba, and make the Samba server use the
> Active Directory server to authenticate the Windows clients. You didn't
> say whether you have Win9x or NT4 or < clients, but these require mixed
> mode for Active Directory to work with them as they don't support Active
> Directory in native mode.
> Microsoft's approach to open standards is called "embrace and extend,"
> which is another way to make an open standard a Microsoft proprietary
> architecture. This makes cross platform networking a series of stubborn
> obstacles and causes network engineers to loose their hair. I've been
> doing this stuff for 13 years, so if you have any other questions,
> please feel free to email me directly and we can continue this without
> filling the group with Microsoft protocol issues.
The OS Level statement goes in the global section of smb.conf.
BTW, I'm still running Samba 2.2 that came with Red Hat 9 and this machine is a Windows PDC, a DNS, WINS and DHCP server, and my Windows clients have no idea it is running Linux. I seem to remember that Samba 3.0 allows you to provide full Active Directory emulation for Win2K and later clients, something that 2.2 can't do. The point I am making is that if you want to use the Samba installation that comes with Red Hat 9, Windows is OK with that. Since Windows isn't secure anyway, the version of Samba you use is not of great consequence unless you already have an Active Directory environment.
Thomas S. Fortner
thomas fortner sbcglobal net "but we preach Christ crucified..." 1 Corinthians 1:23