> I have a client with a handful of USB drives connected to a CentOS
> box. I am charged with binding the USB drives together into a single
> LVM for a cheap storage data pool (10 x 1 TB usb drives = 10 TB cheap
> storage in a single mount point).
Red Flag!
If you use 10x 1TB disks, together in a total of 10TB pool, especially if
they're cheap sata disks, you're at very high risk of data loss. In nearly
all cases, it's advisable to at *least* use some form of raid to protect
against data loss.
> The next fun piece is how to incorporate that storage space into an
> existing Active Directory structure to apply AD acls for limited
> access.
>
> I'd rather not use Samba, as that is its own infrastructure and
> maintains its own credentials database.
If you want to share with windows, you have to use samba. Or sftp, which is
not even remotely the same type of solution. Don't waste your time with
things like Windows NFS. Those things are just too unstable.
I don't know how to do ACL's in samba. When I do it, I use the posix
permission bits.
This is how I join a centos 4 box onto AD, in order to use AD for
authentication (no samba internal database):
1. Run authconfig
a. Authentication: Use MD5, Shadow, and Kerberos
b. Kerberos settings:
i. Realm: YOURDOMAIN.COM
ii. KDC: yourmainserver.yourdomain.com
iii. Admin Server: yourmainserver.yourdomain.com:464
2. Reboot.
3. To configure samba, via swat
a. Edit /etc/xinetd.d/swat and remove "only from" and don't disable.
b. Reload xinetd.d sudo /etc/init.d/xinetd reload
c. Browse to http://machine:901 and login as root
i. Go to Wizard, and choose
1. Server type: domain member
2. Configure WINS: client of another server
Enter the IP addresses of your WINS server(s)
3. Expose home dirs: yes
ii. Commit
iii. Edit parameter values
1. Workgroup: YOURDOMAIN
2. Realm: YOURDOMAIN.COM
3. Commit changes
d. Start the service
sudo /sbin/chkconfig --level 35 smb on
sudo /sbin/service smb start
e. Go back to SWAT
i. Shares
1. Create a share.
2. Read only: no
3. Commit changes
ii. Globals
1. Advanced
2. Create mask: 0660
3. Security mask: 0660
4. Directory mask: 0770
5. Directory security mask: 0770
6. Commit changes
iii. Restart services
sudo /sbin/service smb restart
f. Go to command prompt
sudo net join -w YOURDOMAIN -U administrator
g. Now you can browse to \\machinename\share <file:///\\machinename\share>
and use your AD credentials.
h. The system will need some way to map your windows username to UID/GID,
so make sure you have a username in the linux system, for every username
that exists in AD. Personally, I have more than one linux server, so I use
NIS to maintain a consistent list of username/UID/GID settings across them
all. You don't have to do that though; you could just use the built-in
"useradd" and store all that in local passwd (etc) files.
_______________________________________________
bblisa mailing list
[email protected]
http://www.bblisa.org/mailman/listinfo/bblisa
