Forget Samba. AFS is better and more secure and more hack proof.
If you need aLinux print server use CUPS.
tedc
Gordon Bowersox wrote:
I hope this is not an abuse of the list...
I am at the early stages of examining AFS for use in our company. I
have my pipe-dream model and have started reading up on everything I
need to understand before I dive into proof of concept. The list of
things I need to understand is growing faster than the list of things
I understand. I need solid POC for budget approval May 2006. I am
often accused of terse email and would be happy to continue this with
more description offline or online.
Currently I have identified these components in my speculations. Many
of these are new systems to me and my understanding at this point is
based on reading only and not always up-to-date material.
Kerberos - Kerberos The Definitive Guide (O'REILLY)
openAFS - Managing AFS The Andrew File System by Richard Campbell
samba (we have some 2.x)
MS Active Directory (we have one, not integrated to ldap or samba)
openLDAP (in use as address book, md5 hash auth for in house
applications)
----
Kerberos.
I am leaning towards MIT version. Reason it seems to offer better
password aging and strength rules. This will be the first component I
install since it provide immediate benefits to the MIS department
beyond openAFS.
The problem.
We have 36 distributed offices across the United States. T1 or dual
T1 access. Our current File Sharing system is distributed Novell 4.11
servers. 36 (old) servers 36 tape backup jobs 36 people who forget to
change tapes at least once a week.
Dream model ala carte.
New files server at each location running openAFS with samba on CentOS.
My goal is samba as the openAFS client, not the actual client PC.
Linking the afs root to /samba/data/...
Remote data is mirrored back to HQ via RO replica.
All backup jobs of remote RO replicas and local HQ RW replicas to run
at HQ nightly, possibly a few incremental jobs during the day.
The extras
Role based rights to files and folders
ldap based pointers to 'My Documents' and 'Local Folder' for email
single admin point for all AD/samba UID
Kerberos authentication for users to samba, Citrix, web apps, Internet
proxy (Kerberos will likely be a continuous evolution)
Any hidden gotchas on my path? Any obvious mistakes on my part?
Gordon Bowersox
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
