Date: Mon, 18 Oct 2004 19:48:48 +0300 From: JohnsoBS@vicksburg.navy.mil To: stheg_olloydson@yahoo.com, freebsd-questions@freebsd.org Cc: bsilver@chrononomicon.com Subject: RE: feasible w/ samba? Message-ID: <CE2BFBAA80DD874BB737A4E2C53AA44903B01926@CG69UBD01>
next in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: stheg olloydson [mailto:stheg_olloydson@yahoo.com] > Sent: Monday, October 18, 2004 6:38 PM > To: freebsd-questions@freebsd.org > Cc: bsilver@chrononomicon.com > Subject: Re: feasible w/ samba? > > > it was said: > > >What this would essentially be attempting to achieve is to > have a way > >for a geographically spread out network allow people to > easily access > >their home directories and shares no matter where they logged using > >local servers acting as time-delayed proxies...all the user login > >information, user home directory data, user shared data > >directories...it's a lot of duplicated information out there, but it > >would fix the problem with authentication and home directory > >information being temporarily inaccessible when a link is > down between > > >building locations. No matter what building they were in, > they would > >have access to that building's copy of their home directory; > the next > >day, logging into a different building, they'd get their information > >again. > > Hello, > > What you have here is a hardware, not software, problem. The > root cause > is the unreliable connectivity between buildings. To ensure > all network > resources are always available, use redundant fiber-optic connections > and set your routing such that you can reach buildingX from buildingY > via buildingZ, as well as directly. > Then you can (although it may be heresy on this list) avoid > using FBSD. > Your simplest solution is to use Windows built-in Roaming > Profiles. The > feature exists to accomplish the exact task of making the user's > resources (including desktop config) available on the login > workstation. > Doing things this way has to benefits your proposed solution does not. > First, you guarantee all net segments are reachable at all > times, which > is the root of your problem. This solves that problem and prevents > future ones being caused by this. Second, admin is greatly simplified. > Your way requires too many bits that need looking after. The long-term > cost of this solution will be greater than running the fiber. > Finally, you should look into Kerberos for a single sign-on solution. > Windows and AD both support it. > > HTH, > > Stheg > Samba has support for roaming profiles and works quite well. Also, integration with ldap and kerberos is pretty well documented and allows for a single point of authentication. Not quite a full blown Active Directory solution, but would more than accomplish all that is wanted.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CE2BFBAA80DD874BB737A4E2C53AA44903B01926>