[K12OSN] Distributed Samba deployment opinions?
balmquist at mindfirestudios.com
Mon Jun 21 15:27:02 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
If I were tasked with doing this, I'd try to do central LDAP
authentication and connect your sites using a VPN (either OpenVPN(SSL)
or OpenSWAN(standard IPSEC)), especially since this traffic is going to
travel outside your buildings.
The tough part is the file storage. Central file storage mounted over
NFS would be preferred if you have the bandwidth to pull it off,
(obviously you'd need a much bigger server), but it would solve your
portability problems and having all the heavy lifting in one place
would make management/backups easier. Central management is easier,
since all of your school machines are just terminal servers and
clients. All files and sign-in stuff is in a central location.
The main problem here seems to be bandwidth and whether you have
enough for this kind of application and 'normal' usage. If not then
the question is, can you specify a different NFS home for each
subdomain or user in the LDAP database? Someone else on the list (who
has some LDAP experience) will have to answer that one.
On Jun 21, 2004, at 9:58 AM, Quentin Hartman wrote:
> I am going to be deploying a Samba domain / file serving
> in my district this summer. The buildings in my district are
> interconnected via T1 lines, and the major design goals of this project
> 1- Only Internet and authentication should generally traverse the T1
> links between buildings (each building has its own file server
> 2- Authentication should work globally so that people may easily move
> from building to building and still have things work, even if their
> directory is not stored on the local file server.
> 3- Home directories need to be easy to migrate from one file server to
> another should someone permanently change buildings.
> I haven't deployed a Samba domain this complex before, and I would like
> some feedback on the following points:
> 1- Would it be better to set this up as one large domain, or several
> smaller domains (ie- one for each building)?
> 2- How does the above choice affect user and home directory creation /
> 3- Would it make sense to have one centrally located Samba machine do
> the authentication and have the building servers act only as file
> servers, or would should each building machine handle authentication
> requests for its building, only referencing a central LDAP server?
> 4- How does the system know which server to pull the user's home
> directory from?
> I have thought of a few solutions, but they all seem less than ideal to
> me. Also, the reference materials I have looked at do not address a
> setup like this. What are your thoughts? Have you found materials that
> talk about this sort of structure? What were they?
> -Quentin Hartman-
> Technology Coordinator
> South Lane School District
> Cottage Grove, Oregon
> Office- 541.767.3778
> Mobile- 541-501-1197
> qhartman at lane.k12.or.us
> K12OSN mailing list
> K12OSN at redhat.com
> For more info see <http://www.k12os.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
-----END PGP SIGNATURE-----
More information about the K12OSN