[OpenAFS-devel] replacing ptsserver for AD integration

Brett Trotter blt@iastate.edu
Fri, 18 Jun 2004 02:47:41 -0500 (CDT) 

I have lately become deeply interested in a recoding of ptserver in order
to cause the use of Active Directory through LDAP calls instead of using
the internal database.

We have a highly diverse environment here, but all machines authenticate
to a win2k3 AD server. We've been successful with openafs 1.3.64 using the
large MS krb5 AD tickets, and we want to take it to the next step. Having
an AD integrated ptserver would mean great benefits for us. In the
university environment, being able to say 'we can do this without
constantly trying to keep the ptsserver user list and the ad user list
synched up' means a lot when trying to sell the idea to the necessary
individuals. Our AD schema has already been extended to facilitate AD->NIS
mappings and has all the necessary uid/gid information. While retooling
ptsserver to use ldap calls is no small or easy task, it certainly seems
logically simple at least.

I've seen a number of posts around here and on the web that indicate that
there is definately a desire for such a creation.

It seems that once developed, one could either set up a ptserver process
or say an adclient process.

I am not familiar enough with the ptserver code to undertake such a task
on my own. I have the will but not the way.

I would love to become involved in a project to code such a beast.

Is there anyone with the desire or the time to look into creating this
monster? I think it would cause leaps and bounds for OpenAFS appeal, not
to mention open source and linux and all that.


And two last unrelated questions:

1) How are people doing AFS backups with networker? Ditch the ACLs and
just do incrementals using the /afs filespace? Use Box Hill vosasm and
backup entire volumes at a time but preserve ACLS? Use the xtar wrapper
thing ive heard just a peep or two about?

2) Has anyone tried to set up a samba server on top of an OpenAFS 1.3.64
server? ie compile against OpenAFS 1.3.64 and successfuly integrate and do
authentication, etc?



Thanks in advance for any replies or interest.

Brett Trotter
UNIX System Administrator
Iowa State University - Engineering Computer Support Services