25 November 2009

Samba Server to Host Database

Samba and Linux is a great combination for providing a reliable fast file server on a network.  Whether you are using Microsoft Access, FoxPro, Quickbooks or CA-Clipper / xHarbour, with any multi-user fileserver database application there are configurations done both on the server and the client systems for this to work reliably.  The main settings to look for when setting up the Samba server to host a database application are: lock spin, and oplocks.

O'Reilly & Associates has a very good section on tuning your Samba server.  For more please have a look at:
http://www.oreilly.com/catalog/samba/chapter/book/appb_02.html

Samba's default lock spin time/count settings worked fine for 2 workstations.

For 6 workstations change: "lock spin time =15" Anything higher OR lower (by 5's) makes the server load increase and reduces performance on the workstation.  This value is dependant on you server hardware, network and workstation performance.  This option along with the "socket options" can really impact the performance of your file server applications.

lock spin count =100 In slower machines this value does not effect performance, but is required to get the machines to complete the test without GPF'ing. There appears to be no reason not to be generous with this setting.  Recent versions of the kernel and samba combined with fast hard drives show that you could lower this value to tweak a little extra performance.   On a Dell 800 with: 4 SATA drives in software RAID 5, kernel 2.6, and Samba 3.x a value of 30 gave the best performance.

For Linux File Servers: Here is a PDC smb.conf file that we use for samba 3.x:
[global]
    socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY
    use sendfile = no
    lock spin time = 15
    lock spin count = 200
    strict locking = no
    getwd cache = yes
    map to guest = bad user
    log level = 1
    security = user
    os level = 64
    local master = Yes
     time server = Yes
    domain master = yes
    preferred master = yes
    wins support = yes
    domain logons = yes
    dos filetimes = Yes
    workgroup = PutYourMSdomainnamehere
    netbios name = fileserver
    server string = Samba Server %v
    printcap name = cups
    load printers = yes
    printing = cups
    printer admin = root @adm @is
    log file = /var/log/samba/log.%m
    max log size = 50
    ;hosts allow = 192.168.1.0/24 127.0.0.1
    interfaces = eth0 lo
    bind interfaces only = yes
    encrypt passwords = yes
    smb passwd file = /etc/samba/smbpasswd
    add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
    wins proxy = yes
    dns proxy = no
    logon path =
    logon drive = U:
    logon script = %U.bat
    oplocks = no
    level2 oplocks = no
    change notify timeout = 300
    lpq cache time = 30
    winbind uid = 10000-20000
    winbind gid = 10000-20000
    winbind separator = +
    oplocks = no
    level2 oplocks = no
;    deadtime = 60
    wins proxy = yes
    lpq cache time = 30
    change notify timeout = 300
    getwd cache = yes
    dos filetimes = yes
    domain logons = yes
    obey pam restrictions = yes
    unix password sync = Yes
    pam password change = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
    *passwd:*all*authentication*tokens*updated*successfully*
    add user script = /usr/sbin/useradd -s /bin/false '%u'
    delete user script = /usr/sbin/userdel '%s'
    add user to group script = /usr/bin/gpasswd -a '%u' '%g'
    delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
    set primary group script = /usr/sbin/usermod -g '%g' '%u'
    add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'
    delete group script = /usr/sbin/groupdel '%g'
    add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    oplocks = yes
    level2 oplocks = yes   
;    use sendfile = yes
;    preexec = echo "%u, %G, %a, %m (%I)\" >>/tmp/.log


[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    writable = no
    read only = yes
    guest ok = no
    browseable = no
    share modes = no
    root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon/
    root postexec = rm -f /var/lib/samba/netlogon/%U.bat
[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = yes
    writable = no
    printable = yes
    create mode = 0700
    print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.
[print$]
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    write list = @adm root @is @"Domain Admins"
    guest ok = yes
    inherit permissions = yes
    # Settings suitable for Winbind:
    ; write list = @"Domain Admins" root
    ; force group = +@"Domain Admins"

[pdf-generator]
    path = /var/tmp
    guest ok = No
    printable = Yes
    comment = PDF Generator (only valid users)
    print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" &


[tmp]
    comment = Temporary file space
    path = /tmp
    read only = no
    public = yes

[public]
    comment = Public Stuff
    path = /home/srv/public
    public = yes
    writable = yes
    printable = no
    force group = users
    ;valid users = @users
    ;create mask = 2750
    ;directory mask = 2770
    dos filetimes = yes
    inherit permissions = yes
    create mask = 2750
    force create mode = 2750
[rsync]
    comment = Rsync Stuff
    path = /var/rsync
    public = yes
    writable = yes
    printable = no
    force group = apache
    force user = root
    ;valid users = @users
    create mask = 3754
    force create mode = 3754
[www]
    use sendfile = yes
    comment = Web Site
    path = /var/www
    writeable = yes
    valid users = @adm
    force group = apache
    force user = root
    create mask = 3754
    directory mask = 3754
    force create mode = 3754
    force directory mode = 3754
    oplocks = Yes
    level2 oplocks = yes

[backup]   
    path = /home/srv/backup
    valid users = @users
    read only = yes
    oplocks = Yes
    level2 oplocks = yes
    public = yes
    printable = no
    use sendfile = yes
[logs]
    comment = Server Log Files
    path = /var/log
    read only = yes
    force group = root
    force user = root
    public = no
    valid users = @adm

[etc]
    comment = Server ETC Files
    path = /etc
    read only = yes
    force group = root
    force user = root
    public = no
    valid users = @adm

No comments: