Subject: Help with samba migration (long)
From: Jeremy Austin (admin@wsfnet.org)
Date: Fri Feb 27 2004 - 12:36:10 AKST
Mostly about WebDAV...
I'm most of the IT department for a small non-profit school etc., and
I'm mulling over some series issues here, guys. Wonder if anyone has
some thoughts to add. Sorry this is so long --
Existing services (among others):
Support >100 users
Provide cross-platform file share access
~ 100 Clients: Windows 95/98/NT4/2K/XP Home/XP Pro/Mac OS X
Public user file spaces
Web file access
Email/webmail/groupware
Must support computers not under my direct administration
New goals:
Private user file spaces
Current setup:
Mandrake 9.x
Samba 3/LDAP
Postfix/IMAP
I've been running Samba for 5 years, running a NT-style domain. I
don't have the network bandwidth to support roaming profiles, nor do I
have the space on shared computers (approx. 3 dozen, mixed OSen) for
tons of local profiles. So we've been using one account (shared) for
public file access -- shares get mounted with an on-the-fly logon
script, and individual accounts for email, groupware, web apps, etc. I
can't give all domain users Administrator privileges on newer MS OSes
-- and therefore on the domain -- and yet they must, in general, run
with admin privileges because of legacy applications we haven't the
budget to replace. So I'm pretty sure I'm going to have to stick with
single profiles on shared computers; I haven't the network bandwidth or
hard drive space for roaming profiles.
Windows 2K or XP allow one to specify an account when connecting to a
network share, so we're halfway there. Windows 9x, however, are a real
pain in the rear -- everyone can use the same local profile, but
logging on and off (to switch users) is too slow. Win2K or XP often
require one to log off anyway to reconnect to a given share with
different credentials. (I can't teach 5th graders the intricacies of
"net use /delete"...)
Possible solution:
Continue using single logon for public shares + samba and
Use something else (nfs, afp, WebDAV) for private shares
There are some reportedly good commercial NFS clients, but I don't have
the budget for it. Nor can I afford AFP clients.
I've looked into WebDAV -- South River has a client that maps drive
letters (would cost me $1500 for 100 users). Internet Explorer has its
'Web Folders' feature, which allows me to put shares into My Network
Places -- this might be adequate, and would work nicely, I think. I see
a number of universities online doing this.
Likely to be a problem with WebDAV (as in mod_dav) is that all files
(and hence user directories) must be owned by apache, thus trashing my
quotas. mod_dav FAQ says, in short, "If you understand the security
issues in running apache as root, write your own code and suid." I'm
not quite capable of doing that. "MoulDAVia", which purports to solve
this problem, appears to be 403 at the moment and sounds like it was
never finished. The universities must have this figured out, since I
see lots of them online using WebDAV.
If I give up having quota support, and roll my own, then I could do
mod_dav. I could use linux quota support for everything but
apache-owned files, and run a handy-dandy script with du -s, I'm sure,
for everything else. My home directories would look like this:
Owner Directory
someuser users /home/someuser
/home/someuser/Mail <- webmail accessible
apache apache /home/someuser/Private <- WebDAV accessible
shareduser users /home/someuser/Public <- linked to separate SMB
Public share
Does anyone think I should use mod_dav? If there are any caveats I'm
missing, I'd love to hear from anyone.
Thanks to any and all,
Jeremy Austin
Whitestone Schools
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Fri Feb 27 2004 - 12:36:38 AKST