[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Distributed Samba deployment opinions?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If I were tasked with doing this, I'd try to do central LDAP authentication and connect your sites using a VPN (either OpenVPN(SSL) or OpenSWAN(standard IPSEC)), especially since this traffic is going to travel outside your buildings.
The tough part is the file storage. Central file storage mounted over NFS would be preferred if you have the bandwidth to pull it off, (obviously you'd need a much bigger server), but it would solve your portability problems and having all the heavy lifting in one place would make management/backups easier. Central management is easier, since all of your school machines are just terminal servers and clients. All files and sign-in stuff is in a central location.
The main problem here seems to be bandwidth and whether you have enough for this kind of application and 'normal' usage. If not then the question is, can you specify a different NFS home for each subdomain or user in the LDAP database? Someone else on the list (who has some LDAP experience) will have to answer that one.


On Jun 21, 2004, at 9:58 AM, Quentin Hartman wrote:

Colleagues-
I am going to be deploying a Samba domain / file serving infrastructure
in my district this summer. The buildings in my district are
interconnected via T1 lines, and the major design goals of this project
are:


1- Only Internet and authentication should generally traverse the T1
links between buildings (each building has its own file server locally).


2- Authentication should work globally so that people may easily move
from building to building and still have things work, even if their home
directory is not stored on the local file server.


3- Home directories need to be easy to migrate from one file server to
another should someone permanently change buildings.

I haven't deployed a Samba domain this complex before, and I would like
some feedback on the following points:

1- Would it be better to set this up as one large domain, or several
smaller domains (ie- one for each building)?

2- How does the above choice affect user and home directory creation /
management?

3- Would it make sense to have one centrally located Samba machine do
the authentication and have the building servers act only as file
servers, or would should each building machine handle authentication
requests for its building, only referencing a central LDAP server?

4- How does the system know which server to pull the user's home
directory from?

I have thought of a few solutions, but they all seem less than ideal to
me. Also, the reference materials I have looked at do not address a
setup like this. What are your thoughts? Have you found materials that
talk about this sort of structure? What were they?

--
-Regards-

-Quentin Hartman-

Technology Coordinator
South Lane School District
Cottage Grove, Oregon
Office- 541.767.3778
Mobile- 541-501-1197
qhartman lane k12 or us



_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iEYEARECAAYFAkDW/kYACgkQfqZR3ThMfXSD0gCdFj0DrYyDNQHQsftssgXMIoxU
72YAn27rLIq4JQrmrNYJuuss5H0lsMH/
=gCAC
-----END PGP SIGNATURE-----



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]