[OpenAFS] New "B" question: Samba versus AFS.

[Daniel Clark/Cambridge/IBM]

Charles Clancy wrote on 11/30/2002 03:49:49 PM:

> On Sat, 30 Nov 2002, Tino Schwarze wrote:
> 
> > One setup has two Linux servers (one of them is "the AFS server") and
> > only Win98 clients which access files via Samba.
> 
> The problem such a setup is that you must use unencrypted passwords, 
which
> only increases the samba's lack of security.  Plus, when using 
unencrypted
> passwords, you can't use samba as a PDC, leaving you with needing to 
find
> some other way to get people logged into their windows workstations 
(such
> as a local account).

There are methods of using Samba with AFS while preserving a degree of 
security higher then sending unencrypted passwords over the network, and 
that I believe some of them do allow use of Samba as a PDC. I wrote a page 
on the AFSLore Wiki on this topic:

http://grand.central.org/twiki/bin/view/AFSLore/SMBtoAFS

The downside to the more secure methods is that none of them seem to have 
caught on much outside of the sites they were developed at, so IMHO if you 
wanted to deploy any of them you would probably need to either be or have 
access to a C developer willing to do some integration, upkeep and porting 
work.

> IMHO, Samba should only be used sparingly, for clients who abosultely
> can't run the OpenAFS client.  If all your clients are Windows machines
> and you don't want to run the OpenAFS client, you might as well just set
> up an active directory server and stick with a pure Microsoft 
environment.

I agree Samba should be used sparingly, however in environments where AFS 
is not ubiquitous and people outside of one's core group need to 
manipulate files in AFS while they are still in AFS space (as opposed to 
making copies to local disk via scp or sftp), it seems to be a necessary 
evil.

--
Daniel Clark  #  http://www.pobox.com/users/dclark