Managing NFS and NIS, 2nd Edition - Mike Eisler [131]
One respondent said if you have few (ten or less) potential SMB clients, then you should strongly consider the trade-off of purchasing and installing commercial PC/NFS products on Windows and NT systems, versus devoting administration resources to SMB.
It required most of a day to install and configure the precompiled Samba binaries on the Solaris 8 server, plus lots of fiddling on the Windows 98 client, before the Network Neighborhood folder would recognize the Solaris 8 server. One unexpected result was that the passwords for SMB users apparently have to be managed separately from the corresponding Unix passwords, due to absence of an NTLM server on the network. This is because the Windows 98 client in the testbed was apparently sending encrypted passwords. Since the password database in NIS or files encrypts the passwords with a different scheme than Windows 98, Samba provides the option to maintain a separate database.
Software compatibility
One respondent claimed that there are Windows- or NT-based applications that work only over NFS. Rational's Clearcase, a software configuration management (source code control) system, was found to be an example.
There is one more consideration: reliability. The SMB protocol is based on TCP/IP and is very stateful, like the NFS lock manager. State recovery is very simplistic; when the TCP connection between an SMB client and server is lost, the SMB server removes all state that belongs to the SMB client. There is no mechanism to allow a client to reestablish state. In contrast to the NFS environment, the filing protocol has no state to recover. The NFS environment's locking protocol is stateful, but there is a state recovery mechanism: clients are given a grace period to re-establish state. The consequence of the SMB approach is that a client has a higher opportunity to lose its locks and other valuable state after a server restart than with the NFS environment. Andy Watson and Paul Benn, in a white paper from Network Appliance ("Multiprotocol Data Access: NFS, CIFS, and HTTP," TR3014, Revision 3, May 1999, www.netapp.com), wrote:
If a CIFS client attempts file access on an established connection while the server is unavailable (down or not yet finished rebooting), this is effectively the equivalent of a failed disk from the perspective of the application software. In many cases, the application will report an error and allow the user to retry, but some applications will simply hang or exit.
At the time this book was written, this statement was true for both Windows ME and Windows 2000. However, there are rumors that future versions of Windows will address this recovery issue.
* * *
[1] At the time this book was written, only SMB servers on Windows 2000 supported Kerberos V5 security, partly because the Windows 2000 Kerberos V5 is incompatible with Kerberos V5 specification in RFC 1510. See the article, "Microsoft "embraces and extends" Kerberos V5," by Theodore Ts'o (USENIX ;login, November, 1997).
[2] See Section 12.5.4.10 for the set of known NFS servers and PC/NFS clients that support Kerberos V5.
Configuring PC/NFS
The steps for installing and using a PC/NFS client will vary from vendor to vendor. You can expect that they will offer simple GUI-based installation that is compatible with Windows and NT norms, such as Installshield installation technology. The installer will walk you through most, if not all, of the necessary configuration. At install time or connect time, you should be asked to state how you will be authenticated, via NIS or PCNFSD, and you might be asked if you want to cache your username and password.
Server-side PC/NFS configuration
There should not be any additional configuration for a PC/NFS client other than that needed for a Unix-based NFS client, unless the client requires the use of the PCNFSD protocol (either because you do not run NIS, or because you want to give your PCs access to Unix-connected printers). You may find that the PC/NFS client does not use reserved source ports (IP address port values less