GRONT

G.R.O.N.T -- Get Rid Of (Netware/NT) Case Study and mini-HOWTO
Craig Kelley -- March 4, 1998
Updated -- August 7, 2000

In 1996 our College of Pharmacy had a Netware4 server which provided file and mail service to about 350 users (70 or so concurrent users). We were coming up on our "yearly dues" to Novell and we did not want to maintain this cycle for all eternity so we reviewed alternate solutions to our networking problems.

Our first idea was to use NetBSD and some other software to provide the file sharing, but we did not want to use CAP (Columbia AppleTalk Project) for various reasons. At the time, Linux was one of the only UNIX kernels which had Atalk support built in and so we ordered our first Slackware CD from Walnut Creek.

Our network looks like this:

  • 80% Windows (3.11fwg, 95 and NT)
  • 15% Macintosh
  • 5% UNIX (AIX, Linux, HPUX)
All on your run-of-the-mill 10baseT (now 100) ethernet. For various reasons we wanted to support the following list of services:
  • a network home-drive which is the same for all platforms
  • network group drives which are the same for all platforms
  • POP and IMAP client-mail
  • DNS secondary name services
  • remote administration of the server (some of our clients are 300 miles away) from any platform
  • SMTP and mail-lists (which can be administered remotely)
  • web and FTP
  • time server
  • automatic backup system (to tape or otherwise)
  • easy installation and maintenance
  • printing from Macintosh [ethertalk] to PC [local] printers (and vice-versa)
  • group conferencing/calendar
  • central database repository
  • DHCP support for network configuration of devices and such
We quickly tired of maintaining our Slackware distribution; we had sources for most components which we needed to (re)build and found that RedHat would be an easier choice. We switched to RedHat 4.1 when it was released and have upgraded it periodically (we currently run 6.2) since. Our hardware looked like this in 1996:
  • Tyan motherboard (dual)
  • Pentium 133
  • Mylex Buslogic ultra-wide SCSI card
  • 2 Seagate Barracuda (4GB)
  • 1 Seagate Cheetah (9GB) [added 1998]
  • 64 MB RAM
  • DE-500 based network card (10/100)

We have since updated the hardware, see the new specs at the bottom of this page.

As you can see, this machine really isn't that powerful by today's standards, but it sits about 90% idle most of the time. On to the gory details:

Samba - Windows File Sharing

In many ways, Samba is the heart of our system; it provides much of the glue to tie the network resources together. The samba daemons (smbd) are actually quite light-weight and use very few system resources, it is not uncommon for 100+ people to be using the same share on our main machine with little notice by other users. The network will congest traffic before the Linux machine does.

Our smb.conf file details the configuration for our samba setup. It is actually split into three files (smb.conf, conf.printers and conf.groups) which you can see in the above hyperlink. We actually use a WINS server on an NT machine to do the browse lists because we want to take a part in domain authentication with the rest of campus and Samba can not do this yet (but the NTDOMAIN branch of samba looks very promising, and we're hoping to get rid of our NT WINS servers this summer). As of the writting of this document, we are at samba 2.0.5x.

Since we use encrypted passwords on our Samba machine, I had to implement a system to keep the UNIX passwords the same as the Samba versions. I do not have a web page on this package yet, but you may inspect it for yourself: SMBpasswd.tgz. We also take advantage of the NTDOM->smbd synchronization that has been offered since Samba-2.0

Netatalk - Macintosh File Sharing

We opted to not use TCP/IP for Macintosh file sharing because most of our macs are not able to use the IP version of appletalk. There is an SMB client for Macs called "Dave", but at $100 a pop we were going to be spending a significant ammount of money (besides, we were sick of all that networking client crap that Novell made us use). One of the catches we had with netatalk was that if appletalk was built into the kernel (not as a module) we would have problems resetting the atalkd server. After building appletalk.o (the modular version) and updating our startup files (atalk.init) to auto-load it at startup we were ready to go.

The netatalk setup is split up into these files:

As you can see, our papd file serves out UNIX postcript printers as if they were a Laserwriter (and all the Macs can see it in their choosers), which leads to:

A Note About Printing

In order to get all of your printing running correctly you need to understand these systems:

  • lpd (we have since moved to LPRng, because of more mature error handling)
  • samba (serving printers to Windows machines)
  • papd (serving printers to Macintosh machines)
And that's it; all you really need to know how to do in samba and papd is to point to a /etc/printcap entry and let it go. Here are some samples from our printcap that I would like to go through: 

dlj4|Laser4|Dean Complex LaserJet 4:\
	:sd=/var/spool/lpd/dlj4:\
	:lp=/dev/null:\
	:pw#83:\
	:mx#0:\
	:sh:\
	:sf:\
	:lf=/var/spool/lpd/dlj4/errs:\
	:of=/usr/local/atalk/etc/filters/ofpap:\
	:if=/usr/local/atalk/etc/filters/ifpap:\
	:tf=/usr/local/atalk/etc/filters/tfpap:
dlj4 is an HP LaserJet4 with an older JetDirect card which only supports Novell and Ethertalk. Obviously we did not want to use Novell, so we had to work with Ethertalk. The actual device (as Linux thinks) is /dev/null, but if you notice the output, input and translation filters (of, if, tf) you'll see that they are going through netatalk. Not a single Mac is setup to use this printer; just a bunch of Windows boxes but they can print to it no problem. 

lj5m1:\
	:sd=/var/spool/lpd/lj5m1:\
	:lp=/var/spool/lpd/lj5m1/null:\
	:pw#83:\
	:mx#0:\
	:sh:\
	:sf:\
	:lf=/var/spool/lpd/lj5m1/errs:\
	:rm=10.0.0.36:\
	:rp=raw:
lj5m1 is actually one of a pool of printers (see lpool) which uses the newer HP JetDirect cards supporting lpd. These cards (or better yet, the external versions of them) are a MUST for any printer you plan on buying in the future; within seconds you can add an entry like this in /etc/printcap and corresponding entries in samba and netatalk. You can re-route all printing without touching a single client by modifiying the rm (remote machine) setting above. I highly reccomend them. 

ntpd:\
	:sd=/var/spool/lpd/ntpd:\
	:lp=/var/spool/lpd/ntpd/null:\
	:pw#83:\
	:mx#0:\
	:sh:\
	:sf:\
	:lf=/var/spool/lpd/ntpd/errs:\
	:rm=10.0.0.175:\
	:rp=DecLaser:
ntpd is exactly the same as lj5m1; the only difference is that the remote machine in this case is another Linux box running on a 386 (4MB RAM, 40MB hard disk). Yes, you can re-cycle your old machines as print servers (I even wrote a print manager for them). Just be sure to add permissions to /etc/hosts.lpd and/or /etc/hosts.allow for the remote machines. 

lj4a|lp|LP|LaserJet4a|LaserJet 4:\
	:sd=/var/spool/lpd/lj4a:\
	:lp=/dev/lp1:\
	:pw#83:\
	:mx#0:\
       	:sh:\
	:sf:\
	:lf=/var/spool/lpd/lj4a/errs:
lj4a is a good old-fasioned local (first parallel port) printer on our linux machine. We have a 20' print cable which goes out of the sever room to a shared printer; of course all the Windows folks can print to it.

Remember that Macs Like PostScript and that if you plan on implementing any PCL (or other) printers you'll have to install filters to translate between the PCL and PostScript if you want them to be able to use it.

RedHat Goodies (and what we had to get by hand)

RedHat (as with most other distributions) came with all the following tools ready to use:

  • POP and IMAP client-mail (these worked from the get-go without any problems whatsoever)
  • DNS secondary name services (needed to be configured)
  • SMTP
  • web and FTP (we added the FrontPage extensions to the web server)
  • time server
  • automatic backup system (to tape or otherwise)
  • easy installation and maintenance
Both Samba and Netatalk come with RedHat as well, but we opted to compile them from scratch so that they would be optimized and setup for our system. The following is a list of other utilities that we had to use:

And that's pretty much it. We had room for another Pentium in our server machine, but we never had the need to put one in because it all ran so well; the busmastering and DMA all cooperate to keep IO going on its way. If you have any questions please feel free to email me at kellcrai@isu.edu.

Status Update: August 7, 2000

Our computing needs have grown by leaps with time. We now have at least a dozen Linux boxes running RedHat; everything from 386 machines with 4MB of RAM (remote print servers) to our new dual pentium III server with quad-channel SCSI/LVD 60GB. The driving force behind these changes are as follows:

We also wanted to migrate our 80 gigabyte research database from an NT machine to a UNIX variant because the NT machine made it very difficult to perform non-trivial studies over a modem connection. Linux and Oracle allowed us to do this with an almost zero-cost process. We purchased Oracle 8i and then followed their RedHat installation instructions. After exporting the data from the NT/Sybase setup we installed Oracle/RedHat on the exact same machine and imported the data back in -- it took 2 days to complete the entire process (I have extensive knowledge of both Oracle and Sybase systems, and the Linux version of Oracle is almost exactly the same as the other UNIX versions I've used). Now our research staff can access the data from anywhere in the world, over secure channels.