feasible w/ samba?

stheg olloydson stheg_olloydson at yahoo.com
Mon Oct 18 11:26:58 PDT 2004


--- Bart Silverstrim at chrononomicon.com> wrote:


>Actually, it would be connectivity + bandwidth + geography.
> 
>Some of the buildings are close together...close enough that you can 
>lean on the wall of one and throw a softball to hit the other.
> 
>Others are over 20 miles apart, and it's not really 3 buildings...I
>was using that just to simplify the scenario.  there would be 7.  
>Unfortunately, there's no way we currently know of to lay out enough 
>fiber for every building and still have reliable (and *fast*)
>transfers compared to a "proxy" approach as I was envisioning in my
>head.

Ahhhh! This is a much different scenario. I was think of something like
an office park or college campus.
Let me go over your questions in order

>1) is this type of setup feasible?

Yes. About eight years ago, we did almost this exact thing on RedHat.

>2) is it possible to "duplicate" accounts from the master server
easily 
>to remote servers if they're ununixccounts, or is it simpler to use a 
>different authentication and permission scheme? 

Include all relevant account data (e.g. password files) in the sync.

>3) Would it be possible to have each of the workstations hardcoded to 
>log into their individual domains and, based on that, map the user's 
>home directory to their "local" server's version of the home directory

>in question?  I don't want them to be manipulating home directory data

>on a server in building one when they're actually logged into a 
>workstation in building two, for example...I want the workstation 
>they're sitting at to log into the domain for domain2 and then map 
>their "home drive" to domain2's local server for later syncing with
the 
>master server (and subsequent distribution to other systems).

Does this make a difference? What if a user went to several buildings
in one day? How do you merge the data? What may be easiest is for all
users to always log into the master server if it's available. Before
syncing, the master checks who logged into the remotes and which files
they edited. Only those get synced. If a user logged into two remotes
and edited the "same" file on each, then create a copy of each on the
master.

>4) What security problems would be immediately apparent with respect
to 
>home directory access?  I'd like just the owner of the directory and 
>root to have access to the home directories, but there may be other 
>shares for select groups of people to access being distributed as
well. 

This is a sound policy. Home directories shouldn't contain files others
need to access. The users should put those in shares with the
appropriate permissions. BTW, FBSD has its own ACL facility.

>5) can users be "remotely created" easily by just copying a few files 
>among the servers?  

Yes. This is the same as 2).

HTH,

Stheg


		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com


More information about the freebsd-questions mailing list