-----Forwarded Message-----
> From: Jeremy Austin <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Help with samba migration (long) > Date: Fri, 27 Feb 2004 12:36:10 -0900 > > > Mostly about WebDAV... > > I'm most of the IT department for a small non-profit school etc., and > I'm mulling over some series issues here, guys. Wonder if anyone has > some thoughts to add. Sorry this is so long -- > > Existing services (among others): > Support >100 users > Provide cross-platform file share access > ~ 100 Clients: Windows 95/98/NT4/2K/XP Home/XP Pro/Mac OS X > Public user file spaces > Web file access > Email/webmail/groupware > Must support computers not under my direct administration > > New goals: > Private user file spaces > > Current setup: > Mandrake 9.x > Samba 3/LDAP > Postfix/IMAP > > I've been running Samba for 5 years, running a NT-style domain. I > don't have the network bandwidth to support roaming profiles, nor do I > have the space on shared computers (approx. 3 dozen, mixed OSen) for > tons of local profiles. So we've been using one account (shared) for > public file access -- shares get mounted with an on-the-fly logon > script, and individual accounts for email, groupware, web apps, etc. I > can't give all domain users Administrator privileges on newer MS OSes > -- and therefore on the domain -- and yet they must, in general, run > with admin privileges because of legacy applications we haven't the > budget to replace. So I'm pretty sure I'm going to have to stick with > single profiles on shared computers; I haven't the network bandwidth or > hard drive space for roaming profiles. > > Windows 2K or XP allow one to specify an account when connecting to a > network share, so we're halfway there. Windows 9x, however, are a real > pain in the rear -- everyone can use the same local profile, but > logging on and off (to switch users) is too slow. Win2K or XP often > require one to log off anyway to reconnect to a given share with > different credentials. (I can't teach 5th graders the intricacies of > "net use /delete"...) > > Possible solution: > Continue using single logon for public shares + samba and > Use something else (nfs, afp, WebDAV) for private shares > > There are some reportedly good commercial NFS clients, but I don't have > the budget for it. Nor can I afford AFP clients. > > I've looked into WebDAV -- South River has a client that maps drive > letters (would cost me $1500 for 100 users). Internet Explorer has its > 'Web Folders' feature, which allows me to put shares into My Network > Places -- this might be adequate, and would work nicely, I think. I see > a number of universities online doing this. > > Likely to be a problem with WebDAV (as in mod_dav) is that all files > (and hence user directories) must be owned by apache, thus trashing my > quotas. mod_dav FAQ says, in short, "If you understand the security > issues in running apache as root, write your own code and suid." I'm > not quite capable of doing that. "MoulDAVia", which purports to solve > this problem, appears to be 403 at the moment and sounds like it was > never finished. The universities must have this figured out, since I > see lots of them online using WebDAV. > > If I give up having quota support, and roll my own, then I could do > mod_dav. I could use linux quota support for everything but > apache-owned files, and run a handy-dandy script with du -s, I'm sure, > for everything else. My home directories would look like this: > Owner Directory > someuser users /home/someuser > /home/someuser/Mail <- webmail accessible > apache apache /home/someuser/Private <- WebDAV accessible > shareduser users /home/someuser/Public <- linked to separate SMB > Public share > > Does anyone think I should use mod_dav? If there are any caveats I'm > missing, I'd love to hear from anyone. > > Thanks to any and all, > Jeremy Austin > Whitestone Schools > > --------- > To unsubscribe, send email to <[EMAIL PROTECTED]> > with 'unsubscribe' in the message body. > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
