Contributed by jose on from the crazy-combo dept.
"I have used an obsd/samba fileserver for software rollouts to workstations and have been quite satisfied. It is an admin only server and has run for 10 months without a single problem.I imagine this can be done, but perhaps with a bit of work. Anyone else using an OpenBSD solution this way who can share some insight and tips?
I would like to migrate common user fileservers from winblows but am concerned about some of the limitations. Most people here know about the pam/winbind support issues and how that prevents us from assigning centralized domain group access to acls on samba shares. Which of course leads to the replication of user/password info around the network so that each fileserver can have "local" users/groups for file system access.
With that said, Here's my vision on the setup.
My questions are ...
- kerberos (yeah I know about the v5 obsd issues) for centralized authentication
- samba as a dfs server frontend to simply host the dfs structure
- backend servers which hosts the actual files
If I have replicated user info on the dfs frontend, is there a way to bypass that requirement on the backend computers?
In other words, does the dfs frontend proxy the user during the frontend/backend exchange? And if so, does the backend simply see this as a request from the dfs frontend or does it see it as a request from the user?
My thought is that if the backend servers see the exchanges as requests from the frontend dfs server (vice the users themselves), the backend servers may not need all the accounts replicated to them.
If you could set up the above, I guess you could have an account for only the frontend server on the backend machines.
My goal here is to somehow minimize the number of computers that are in this account replication process. While also being able to distribute the load.
Thanks in advance."
(Comments are closed)