[BozemanLUG] Sheldon's suggestion for a directory service/filesharing scenario

[Brian Vincent]

A long, long time ago I worked on an AFS implementation.  It was before
it was 'OpenAFS'.  At the time, it was one of the most complete ways of
getting all of this to work.  It was extremely complicated to set up,
the management side of things left a lot to be desired, but you could do
some fantastic things with the filesystem.  It required quite a bit of
network overhead, but bandwidth wasn't a concern for us.  I imagine
things have improved with it now that it's open.

Samba definitely has some issues right now.  The main problem is the
core Samba team.  Going all the way back to 2004 or so, the core team
split in half.  Tridge and Andrew Bartlett went off to start working on
Samba 4.  They left behind Jeremy Allison and Jerry Carter.  In between,
most of the other core team split between v3 and 4.  The Samba team
really isn't that big - at any given time there's only about 10 very
active developers.  So, splitting everything up was a complete headache.
And, Tridge being Tridge, decided that Samba 4 would be almost a
complete rewrite of code.  They wrote their own IDL compiler for RPC,
etc.  

So, right now Samba 4 is still sitting in an alpha state.  But being
able to act as a domain controller is pretty important, so it's really
hindering Samba right now.  As of Samba 3.4 they began including the
source code to Samba 4 in the same tarball so you can mix and match some
functionality.  IMHO, this just muddles the whole thing and they need to
get the entire team focused on releasing version 4 and stop worrying
about improving version 3.

With regards to AD, I use it every day.  It really makes management of a
lot of resources quite easy.  There's nothing I've seen even close in
the free software world.  

--------------------------------
Brian Vincent
Moonlight Basin Technology
406-551-4524
bvincent at moonlightbasin.com


-----Original Message-----
From: discuss-bounces at bozemanlug.org
[mailto:discuss-bounces at bozemanlug.org] On Behalf Of Scott Dowdle
Sent: Friday, October 09, 2009 6:41 AM
To: Bozeman Linux Users Group
Subject: [BozemanLUG] Sheldon's suggestion for a directory
service/filesharing scenario

Greetings,

Sorry it took me so long to contribute to this discussion... and yes I
felt compelled to change the subject since no one wanted to punish me
(darn you guys) by making someone schedule presentations for the LUG.
I'm in Salt Lake City for the Utah Open Source Conference.

Anyway... at MSU-Bozeman / CS Dept. I use exactly what David B. said...
a combination of YP and NFS.  While it works fairly well from a
performance stand point... from a security stand point I'd really like
move to something else but what?  I see RHEL/CentOS GFS... and then
there is OpenAFS (aka Andrew File System)... and they are all supposed
to be awesome... and there are a few others as well... but I don't
actually know anyone using those.

For a tiny setup at a home or small business, YP/NFS would probably be
the most painless setup... and LDAP would take more work... and be more
appropriate for situations where you have more users and more machines.

Ideally the question being asked is... how can we do Microsoft Active
Directory type services on Linux and the answer to that question has
several pretty poor options.  Mandrake has a product that I can't think
of the name right now.  Red Hat / Fedora is sponsoring the development
of FreeIPA and that looks to be promising but it is pretty early in its
development to do everything.

Sure we have LDAP servers (OpenLDAP, Red Hat Directory Server / FDS aka
389 Directory Server)... and a few more yet... but just having LDAP
doesn't make server and user apps, and machine configuration possible...
although the simple piece of centralized authentication has been working
forever.  I don't know how many people are familiar with Active
Directory but Microsoft really owns the market.  Novell is a distant
second and Linux-based solutions aren't even on the radar.  While there
are several open and commercial apps that allow for joining a Linux box
to Active Directory and even managing sudo rules pushed via LDAP...
turning Linux to AD clients... folks are managing Linux boxes with
Active Directory better than the Linux-based solutions to manage Linux
boxes.  It is really quite sad and tragic.  To clarify, stock MS AD
can't manage Linux boxes but there are at least two third-party,
commercial extensions for AD to allow it to mesh with Linux and Mac OS X
boxes.

So, where do we need to go from here?  Well, Samba 4 should allow Linux
to manage Windows boxes as good as AD manages Windows boxes... so that's
some level of success but do we really want to reinforce Microsoft's AD
product and validate it?  I guess it is ok if you are managing Windows
boxes but what about the Linux boxes.  I'd really not care to see Samba
4 as AD controller replacement used to manage Linux boxes... and I don't
think there are any plans to do that anyway.  When is Samba 4 going to
be done and production ready anyway.

This is an interesting topic BUT I don't know there are any reasonable
solutions... but there is definitely a grand opportunity.  My guess is
that if FreeIPA is able to maintain its sponsorship it will eventually
be the first bull in the ring.

I know that was a little bit beyond the question about a home / small
business solution.

TYL,
-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
_______________________________________________
Discuss mailing list
Discuss at bozemanlug.org
http://lists.bozemanlug.org/mailman/listinfo/discuss