[BozemanLUG] Sheldon's suggestion for a directory service/file sharing scenario

[Scott Dowdle]

Greetings,

Sorry it took me so long to contribute to this discussion... and yes I felt compelled to change the subject since no one wanted to punish me (darn you guys) by making someone schedule presentations for the LUG.  I'm in Salt Lake City for the Utah Open Source Conference.

Anyway... at MSU-Bozeman / CS Dept. I use exactly what David B. said... a combination of YP and NFS.  While it works fairly well from a performance stand point... from a security stand point I'd really like move to something else but what?  I see RHEL/CentOS GFS... and then there is OpenAFS (aka Andrew File System)... and they are all supposed to be awesome... and there are a few others as well... but I don't actually know anyone using those.

For a tiny setup at a home or small business, YP/NFS would probably be the most painless setup... and LDAP would take more work... and be more appropriate for situations where you have more users and more machines.

Ideally the question being asked is... how can we do Microsoft Active Directory type services on Linux and the answer to that question has several pretty poor options.  Mandrake has a product that I can't think of the name right now.  Red Hat / Fedora is sponsoring the development of FreeIPA and that looks to be promising but it is pretty early in its development to do everything.

Sure we have LDAP servers (OpenLDAP, Red Hat Directory Server / FDS aka 389 Directory Server)... and a few more yet... but just having LDAP doesn't make server and user apps, and machine configuration possible... although the simple piece of centralized authentication has been working forever.  I don't know how many people are familiar with Active Directory but Microsoft really owns the market.  Novell is a distant second and Linux-based solutions aren't even on the radar.  While there are several open and commercial apps that allow for joining a Linux box to Active Directory and even managing sudo rules pushed via LDAP... turning Linux to AD clients... folks are managing Linux boxes with Active Directory better than the Linux-based solutions to manage Linux boxes.  It is really quite sad and tragic.  To clarify, stock MS AD can't manage Linux boxes but there are at least two third-party, commercial extensions for AD to allow it to mesh with Linux and Mac OS X boxes.

So, where do we need to go from here?  Well, Samba 4 should allow Linux to manage Windows boxes as good as AD manages Windows boxes... so that's some level of success but do we really want to reinforce Microsoft's AD product and validate it?  I guess it is ok if you are managing Windows boxes but what about the Linux boxes.  I'd really not care to see Samba 4 as AD controller replacement used to manage Linux boxes... and I don't think there are any plans to do that anyway.  When is Samba 4 going to be done and production ready anyway.

This is an interesting topic BUT I don't know there are any reasonable solutions... but there is definitely a grand opportunity.  My guess is that if FreeIPA is able to maintain its sponsorship it will eventually be the first bull in the ring.

I know that was a little bit beyond the question about a home / small business solution.

TYL,
-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]