kangaroot suse techupdate · snapper and samba, sles 11 sp2 is providing a file share ‣ automatic...
TRANSCRIPT
![Page 1: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/1.jpg)
Kangaroot SUSE TechUpdateInteroperability SUSE Linux Enterprise and Windows
Gábor NyersSystems Engineer @SUSE
![Page 2: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/2.jpg)
2
Agenda
14:00 Kangaroot Update
SUSE Update
Data Center Interoperability – the playfield
Scenario's
SLES Participating in a Active Directory domain
Integration of Apache on SLES with Active Directory
15:30 Pause
SLES and Samba as domain controller
Remote Desktop
On the bleeding edge: Btrfs + Snapper + Samba = FSRVP
17:00 Refreshments
18:00 End
![Page 3: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/3.jpg)
SUSE Update
![Page 4: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/4.jpg)
4
SUSE Update
Last 3 months
• Changes in the Subscription Model
• SUSECon 2012‣ Visit the SUSE channel on
YouTube
• SUSE Manager Proof of Concept Programma
![Page 5: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/5.jpg)
5
SUSE Update
Next 3 months
• SUSECon 2013
• SUSE Cloud‣ Topic of the next TechExchange
• New SUSE Customer Center
• New SUSE Partners in The Netherlands
![Page 6: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/6.jpg)
6
SUSE Update
Improving services to help SUSE customers
Events, Workshops, Seminars
• TechExchange and TechTalk's
• Workshops for Special Interests, e.g.:‣ High Availability, RPM Packaging,
‣ SUSE Customer Center update
Trainings, Certification
• Advanced Technical Trainings
• CLA, CLP, CLE
• RHCE → CLP or CLE
![Page 7: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/7.jpg)
7
SUSE Update
Improving services to help SUSE customers
Assessments
• In co-operation with partners
• Fix price / fix duration
• Topics:‣ Health check
‣ Patch Management
‣ Disaster Recovery
‣ Security and Hardening
‣ Migration physical to virtual
![Page 8: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/8.jpg)
Interoperability Scenario's
![Page 9: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/9.jpg)
9
Data Center InteroperabilityThe Playfield
UNIX
Mainframe
Linux Windows
Platforms Observable trends (in general):
‣ Legacy Unix holds or declines
‣ Mainframe:
♦ z/OS holds
♦ Linux on System z emerging
‣ Linux and Windows grow
![Page 10: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/10.jpg)
10
> <
Linux – Windows Interoperability The playfield
UNIX
Mainframe
Linux Windows
Platforms Interoperability Topics
Services
Virtualization
Systems Management
Documents
Scripting Languages
Porting and running software
![Page 11: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/11.jpg)
11
SUSE Linux Enterprise – Windows Interoperability
Example Services 1/2
‣ File and printer shares (Samba)
‣ Domain services (Samba)
‣ Directory services (Samba 4, openLDAP)
‣ Web services (Apache, Tomcat, ...)
‣ Network Proxy (Squid)
‣ E-mail (Postfix, Dovecot)
‣ Databases (MySQL, PostgreSQL)
‣ SSL certificates (OpenSSL, YaST CA)
‣ Remote Desktop (NX)
‣ DNS, DHCP
‣ VoIP (Asterisk)
etc...
Windows using services of SUSE Linux Enterprise (*)
(*) in braces the involved components on SLES
![Page 12: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/12.jpg)
12
SUSE Linux Enterprise – Windows Interoperability
Example Services 2/2
‣ File and printer shares (Samba)
‣ Domain services (Samba)
‣ Directory services (Winbind)
‣ Web services
‣ Network proxy
‣ E-mail (Postfix, Dovecot)
‣ Databases (FreeTDS, JDBC)
‣ SSL certificates
‣ Remote Desktop (rdesktop)
‣ DNS, DHCP
etc...
SUSE Linux Enterprise using services of Windows
(*) in braces the involved components on SLES
![Page 13: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/13.jpg)
13
Scenario's
1. SLES Participating in an Active Directory domain
2. Integration of Apache with Active Directory
3. SLES and Samba as domain controller
4. Windows Remote Desktop on Linux
5. Prototype Samba implementation of “Recovery Point”
![Page 14: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/14.jpg)
14
Scenario's
Practical value vs. Maturity
Enterprise
Emerging
Practical value
MaturitySLES Participating in an Active Directory domain
Integration of Apache on SLES with Active Directory
SLES and Samba as domain controller
Windows Remote Desktop on Linux
Prototype Samba implementation of “Recovery Point”
1
2
3
4
55
4
3
2 1
![Page 15: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/15.jpg)
15
Overview of SMB versions (*)
Samba 3.6 supports SMB 1.0, 2.0 and partly 2.1
(*) see also this blog article
![Page 16: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/16.jpg)
16
Scenario 1:SLES as member server in Active Directory domain
Features‣ SLES as member server in
an Active Directory domain
‣ Used services♦ Directory and Authentication
through Winbind
♦ Mount Windows file share
‣ Provided services♦ File and print sharing for
Windows workstations
‣ PAM integration
Technology components‣ SLES 11 SP2
♦ Samba (v3.6)
‣ Windows 2008 R2
‣ Windows XP and 7
Troubleshooting:‣ wbinfo, smbclient,
strace, lsof, netstat, tcpdump, Wireshark
‣ Logs: /var/log/samba/*
![Page 17: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/17.jpg)
17
Scenario 1: SLES as member server in Active Directory domain
Fileshare
Mountshare
SSHservice
SLES 11 SP2
Role: Member server in AD: ad.demo.lan
Hostname: interop01
Windows 7(win764.ad.demo.lan)
PAM
Windows XP(winxp01.ad.demo.lan)
Mappedshare
Shared folder
ActiveDirectory
Mappedshare
Mappedshare
Windows 2008 R2
Role: AD Domain ControllerAD: ad.demo.lan
Hostname: win200864
Demo 1
Demo 2
Demo 3
Demo 4
![Page 18: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/18.jpg)
18
Scenario 1: SLES as member server in Active Directory domain
• Steps on SLES‣ Join the domain using
YaST Windows Domain Membership
‣ Manually configure pam_winbind to restrict allowed users
• Steps on Active Directory‣ Add group “SLES Shell Users”
‣ Add user “Administrator” to “SLES Shell Users”
• Steps on Windows Workstations‣ Map share
\\interop01\homes
/etc/security/pam_winbind.conf
[global]cached_login = yeskrb5_auth = yeskrb5_ccache_type = FILEdebug = yesrequire_membership_of = "SLES Shell Users"
See also: Interop Demo appliance
![Page 19: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/19.jpg)
19
Scenario 2: Integration of Apache on SLES with Active Directory
Features‣ SLES as member server in
an Active Directory domain
‣ Browsers running on Windows workstations can transparently log in to Web applications
‣ Active Directory as provider for:♦ Authentication through Kerberos
♦ Authorization through LDAP
‣ Provided services♦ Web services by Apache/Tomcat
Technology components‣ SLES 11 SP2
♦ Samba (v3.6), mod_kerb_auth
‣ Windows 2008 R2
‣ Windows XP and 7
Troubleshooting‣ klist, strace, lsof, netstat,
tcpdump, Wireshark
‣ Firefox add-in Live Headers
‣ Logs: /var/log/apache2/*, /var/log/messages
![Page 20: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/20.jpg)
20
Scenario 2: Integration of Apache with Active Directory
/secure
/
mod_kerb_auth
SLES 11 SP2
Role: Member server AD: ad.demo.lan
Hostname: interop04
Windows 7(win764.ad.demo.lan)
Apache
Kerberos
ActiveDirectory(LDAP)
Firefox
Windows 2008 R2
Role: AD Domain ControllerAD: ad.demo.lan
Hostname: interop01
Internet Explorer
1
2
3
4
![Page 21: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/21.jpg)
21
Scenario 2: Integration of Apache with Active Directory
Configuration steps
• Steps on SLES‣ Join domain
‣ Create keytab
‣ Configure Apache
• Steps on workstations‣ Configure Integrated
Authentication for browsers
• Steps on Active Directory‣ Add user “sles-apache”
‣ Add group “SLES Web Users”
‣ Add user “Administrator” to “SLES Web Users”
See also: HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol (MSDN)
See also: Interop Demo appliance
![Page 22: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/22.jpg)
22
Configure Apache for Kerberos authentication
LoadModule auth_kerb_module /usr/lib64/apache2/mod_auth_kerb.soLoadModule ldap_module /usr/lib64/apache2/mod_ldap.soLoadModule authnz_ldap_module /usr/lib64/apache2/mod_authnz_ldap.so
<Location /secure> AuthName "---Restricted Access, please use your Active Directory credentials---" AuthType Kerberos KrbMethodNegotiate on KrbMethodK5Passwd on Krb5Keytab /etc/apache2/conf.d/sles-apache.krb5.keytab KrbAuthRealms AD.DEMO.LAN KrbServiceName HTTP/[email protected] KrbLocalUserMapping On
AuthLDAPBindDN cn=sles-apache,cn=Users,dc=ad,dc=demo,dc=lan AuthLDAPBindPassword SecretPassword AuthLDAPURL "ldap://win200864.ad.demo.lan:389/dc=ad,dc=demo,dc=lan?sAMAccountName" AuthLDAPGroupAttribute member Require ldap-group cn=SLES Web Users,cn=Users,dc=ad,dc=demo,dc=lan</Location>
![Page 23: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/23.jpg)
23
Configure Firefox for Integrated Authentication
• Firefox is by default not enabled for the “Negotiate” authentication
![Page 24: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/24.jpg)
24
Configure IE for Integrated Authentication
• IE is by default not enabled for the “Negotiate” authentication
![Page 25: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/25.jpg)
25
Scenario 3: SLES and Samba as Domain Controller
Features‣ SLES as domain controller
(NT style)
‣ Windows workstations can consume domain, file- and printer shares
‣ Optional: Samba configuration in replicated LDAP directory
Technology components‣ SLES 11 SP2
♦ Samba (v3.6)
♦ (OpenLDAP)
‣ Windows XP and 7
Troubleshooting‣ smbclient, strace, lsof,
netstat, tcpdump, Wireshark
‣ Logs: /var/log/samba/*
![Page 26: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/26.jpg)
26
Scenario 3: Overview
Fileshare
SambaDomainservice
OpenLDAPDirectory
SLES 11 SP2
Windows XP Windows 7
Sambaconfig
Printershare
Mappedshare
Mappedshare
Networkprinter
DomainUsers and
Groups
Networkprinter
Demo 1 Demo 2
![Page 27: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/27.jpg)
27
Scenario 3: Configuration Steps
• Steps on SLES‣ Configure LDAP server
using YaST
‣ Configure Samba domain using YaST
• Steps on Windows clients‣ Join Samba domain
See also: Interop Demo appliance
![Page 28: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/28.jpg)
28
Scenario 4: Remote Desktop
Use case‣ Using the build in Remote
Desktop capability, log in on a Windows system
Technology components
• SLES 11 SP2‣ rdesktop
‣ tsclient
• Windows 2008 R2
• Windows XP and 7
• Troubleshooting‣ netstat, tcpdump, Wireshark
![Page 29: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/29.jpg)
29
Scenario 4: Overview
RemoteDesktopservice
SLED 11 SP2
Windows 7Windows XP
VDI farm
RemoteDesktopservice
RemoteDesktop
client
Virtual Desktops
![Page 30: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/30.jpg)
30
Scenario 4 Configuration Steps
• On SLE client‣ Install the packages:
“rdesktop” and “tsclient”
‣ Configure remote desktop systems
• On Active Directory domain controller:‣ Create AD Group: “Domain
Remote Desktop Users”
‣ Add
• On Windows systems‣ Add the AD group
“Domain Remote Desktop Users” to local group “Remote Desktop Users”
See also: Interop Demo appliance
![Page 31: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/31.jpg)
31
Scenario 5: Prototype Samba implementation of “Recovery Point”
Features‣ Through integration of Btrfs,
Snapper and Samba, SLES 11 SP2 is providing a file share
‣ Automatic snapshots create by Snapper provide “Recovery Points” for files
‣ Through Windows Explorer clients may access older versions of a file
Technology components‣ SLES 11 SP2
♦ Btrfs and Snapper(prototype)
♦ Samba 4(prototype)
‣ Windows XP and 7
See also: David Disseldorp's “Bleeding Edge Samba and Snapper” appliance
![Page 32: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/32.jpg)
32
Scenario 5: Demo
Fileshare
SLES 11 SP2
Windows XP
Samba4service
File “test.txt” is changed
Automatic snapshots by Snapper
File “test.txt” is created
Networkshare
Now
Previous versions of “test.txt” in Explorer
![Page 34: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/34.jpg)
![Page 35: Kangaroot SUSE TechUpdate · Snapper and Samba, SLES 11 SP2 is providing a file share ‣ Automatic snapshots create by Snapper provide “Recovery Points” for files ‣ Through](https://reader034.vdocument.in/reader034/viewer/2022042210/5eafac8a3dc5500f50134e7a/html5/thumbnails/35.jpg)
Unpublished Work of SUSE. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.