[OpenAFS] new infrastructure-afs home and backup questions
Wed, 11 May 2005 13:19:21 +0200 (CEST)
On Wed, 11 May 2005, Lars Schimmer wrote:
> Now I've got two questions.
> I want to setup OpenAFS and krb5 for filesystem and authentication.
> Is it wise to use linux-user-homes on AFS?
Generally: Yes. It has a lot of advantages, in respect of security and
flexibility. Although there are situations, where other filesystems are
more appropriate. (NFS, Netware or even SMB).
> And how to let all the PCs know, where to find the homes? E.g. 40
> users and 20 workstations. Every user should be able to login to every
> workstation and get his home. I thought about NIS, krb5 and OpenAFS.
> Any tips for me?
In the cell I maintain [*], I use LDAP to provide user-metadata to the
workstations. I do _not_ authenticate against LDAP. That is done by krb4
(nowadays I would use krb5, of course).
[*] A school with 100 WS, 1500 accounts.
> And is it possible to setup Windows-documents&Settings (windows home) to AFS?
Yes. It is. The project is called pgina.
> I want to setup a domain with a win2003 server and clients. Under NT I can setup
> the windows-homes to a samba drive. If I can do that with win2003 server, I can
> set windows & linux home in ONE home-volume.
> Any hints, tips, donots?
With pgina, you won't even need a PDC/ADS.
At our university we have a one-home, one-account strategy for Unix
(linux, solaris, etc) and Windows (NT..2003).
> 2. Backup - neverending story...
> I haven't tested the backup volume yet, neither understood it, if I find time, I
> have to read on...
I am currently evaluating the afs-builtin backup for making backups.
I have 3 fileserver with one partition each (400 GB). Each one backups
to the server next to it (afs1->afs2, afs2->afs3, afs3->afs1).
On Sunday i do a full backup and incrementals to Sunday each weekday).
I keep 2 complete weeks of backup.
Restore is not yet tested ;-)
There are alternative approaches using "vos dump" and "restore". This
allowes fine grained controll over the process of backup and restore,
but requires a little bit more setup-work.
Chris Huebsch www.huebsch-gemacht.de | TU Chemmnitz, Informatik, RNVS
GPG-Encrypted mail welcome! ID:7F2B4DBA | Str. d. Nationen 62, B204
Chemnitzer Linux-Tage 2006, 4.-5.Maerz | D-09107 Chemnitz
http://chemnitzer.linux-tage.de/ | +49 371 531-1377, Fax -1803