From owner-freebsd-questions@FreeBSD.ORG Mon Oct 18 18:26:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B18016A4CE for ; Mon, 18 Oct 2004 18:26:58 +0000 (GMT) Received: from web53903.mail.yahoo.com (web53903.mail.yahoo.com [206.190.36.126]) by mx1.FreeBSD.org (Postfix) with SMTP id 8196343D41 for ; Mon, 18 Oct 2004 18:26:57 +0000 (GMT) (envelope-from stheg_olloydson@yahoo.com) Message-ID: <20041018182657.8959.qmail@web53903.mail.yahoo.com> Received: from [68.157.56.37] by web53903.mail.yahoo.com via HTTP; Mon, 18 Oct 2004 11:26:57 PDT Date: Mon, 18 Oct 2004 11:26:57 -0700 (PDT) From: stheg olloydson To: Bart Silverstrim In-Reply-To: <239BA16E-2126-11D9-BCBA-000D9338770A@chrononomicon.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: feasible w/ samba? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2004 18:26:58 -0000 --- Bart Silverstrim@chrononomicon.com> wrote: >Actually, it would be connectivity + bandwidth + geography. > >Some of the buildings are close together...close enough that you can >lean on the wall of one and throw a softball to hit the other. > >Others are over 20 miles apart, and it's not really 3 buildings...I >was using that just to simplify the scenario. there would be 7. >Unfortunately, there's no way we currently know of to lay out enough >fiber for every building and still have reliable (and *fast*) >transfers compared to a "proxy" approach as I was envisioning in my >head. Ahhhh! This is a much different scenario. I was think of something like an office park or college campus. Let me go over your questions in order >1) is this type of setup feasible? Yes. About eight years ago, we did almost this exact thing on RedHat. >2) is it possible to "duplicate" accounts from the master server easily >to remote servers if they're ununixccounts, or is it simpler to use a >different authentication and permission scheme? Include all relevant account data (e.g. password files) in the sync. >3) Would it be possible to have each of the workstations hardcoded to >log into their individual domains and, based on that, map the user's >home directory to their "local" server's version of the home directory >in question? I don't want them to be manipulating home directory data >on a server in building one when they're actually logged into a >workstation in building two, for example...I want the workstation >they're sitting at to log into the domain for domain2 and then map >their "home drive" to domain2's local server for later syncing with the >master server (and subsequent distribution to other systems). Does this make a difference? What if a user went to several buildings in one day? How do you merge the data? What may be easiest is for all users to always log into the master server if it's available. Before syncing, the master checks who logged into the remotes and which files they edited. Only those get synced. If a user logged into two remotes and edited the "same" file on each, then create a copy of each on the master. >4) What security problems would be immediately apparent with respect to >home directory access? I'd like just the owner of the directory and >root to have access to the home directories, but there may be other >shares for select groups of people to access being distributed as well. This is a sound policy. Home directories shouldn't contain files others need to access. The users should put those in shares with the appropriate permissions. BTW, FBSD has its own ACL facility. >5) can users be "remotely created" easily by just copying a few files >among the servers? Yes. This is the same as 2). HTH, Stheg _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com