[OpenAFS] new infrastructure-afs home and backup questions

Chris Huebsch chris.huebsch@informatik.tu-chemnitz.de
Wed, 11 May 2005 13:19:21 +0200 (CEST)


On Wed, 11 May 2005, Lars Schimmer wrote:

> Now I've got two questions.
> 1.
> I want to setup OpenAFS and krb5 for filesystem and authentication.
> Is it wise to use linux-user-homes on AFS?

Generally: Yes. It has a lot of advantages, in respect of security and
flexibility. Although there are situations, where other filesystems are
more appropriate. (NFS, Netware or even SMB).

> And how to let all the PCs know, where to find the homes?  E.g. 40
> users and 20 workstations. Every user should be able to login to every
> workstation and get his home. I thought about NIS, krb5 and OpenAFS.
> Any tips for me?

In the cell I maintain [*], I use LDAP to provide user-metadata to the
workstations. I do _not_ authenticate against LDAP. That is done by krb4
(nowadays I would use krb5, of course).

[*] A school with 100 WS, 1500 accounts.

> And is it possible to setup Windows-documents&Settings (windows home) to AFS?

Yes. It is. The project is called pgina.

> I want to setup a domain with a win2003 server and clients. Under NT I can setup
> the windows-homes to a samba drive. If I can do that with win2003 server, I can
> set windows & linux home in ONE home-volume.
> Any hints, tips, donots?

With pgina, you won't even need a PDC/ADS.

At our university we have a one-home, one-account strategy for Unix
(linux, solaris, etc) and Windows (NT..2003).

> 2. Backup - neverending story...

> I haven't tested the backup volume yet, neither understood it, if I find time, I
> have to read on...

I am currently evaluating the afs-builtin backup for making backups.

I have 3 fileserver with one partition each (400 GB). Each one backups
to the server next to it (afs1->afs2, afs2->afs3, afs3->afs1).

On Sunday i do a full backup and incrementals to Sunday each weekday).
I keep 2 complete weeks of backup.

Restore is not yet tested ;-)

There are alternative approaches using "vos dump" and "restore". This
allowes fine grained controll over the process of backup and restore,
but requires a little bit more setup-work.

Chris Huebsch    www.huebsch-gemacht.de | TU Chemmnitz, Informatik, RNVS
GPG-Encrypted mail welcome! ID:7F2B4DBA |   Str. d. Nationen 62, B204
  Chemnitzer Linux-Tage 2006, 4.-5.Maerz |       D-09107 Chemnitz
     http://chemnitzer.linux-tage.de/    |  +49 371 531-1377, Fax -1803