[OpenAFS] Evaluating AFS for in house use, RFCs...
Thu, 02 Feb 2006 16:30:54 -0800
Forget Samba. AFS is better and more secure and more hack proof.
If you need aLinux print server use CUPS.
Gordon Bowersox wrote:
> I hope this is not an abuse of the list...
> I am at the early stages of examining AFS for use in our company. I
> have my pipe-dream model and have started reading up on everything I
> need to understand before I dive into proof of concept. The list of
> things I need to understand is growing faster than the list of things
> I understand. I need solid POC for budget approval May 2006. I am
> often accused of terse email and would be happy to continue this with
> more description offline or online.
> Currently I have identified these components in my speculations. Many
> of these are new systems to me and my understanding at this point is
> based on reading only and not always up-to-date material.
> Kerberos - Kerberos The Definitive Guide (O'REILLY)
> openAFS - Managing AFS The Andrew File System by Richard Campbell
> samba (we have some 2.x)
> MS Active Directory (we have one, not integrated to ldap or samba)
> openLDAP (in use as address book, md5 hash auth for in house
> I am leaning towards MIT version. Reason it seems to offer better
> password aging and strength rules. This will be the first component I
> install since it provide immediate benefits to the MIS department
> beyond openAFS.
> The problem.
> We have 36 distributed offices across the United States. T1 or dual
> T1 access. Our current File Sharing system is distributed Novell 4.11
> servers. 36 (old) servers 36 tape backup jobs 36 people who forget to
> change tapes at least once a week.
> Dream model ala carte.
> New files server at each location running openAFS with samba on CentOS.
> My goal is samba as the openAFS client, not the actual client PC.
> Linking the afs root to /samba/data/...
> Remote data is mirrored back to HQ via RO replica.
> All backup jobs of remote RO replicas and local HQ RW replicas to run
> at HQ nightly, possibly a few incremental jobs during the day.
> The extras
> Role based rights to files and folders
> ldap based pointers to 'My Documents' and 'Local Folder' for email
> single admin point for all AD/samba UID
> Kerberos authentication for users to samba, Citrix, web apps, Internet
> proxy (Kerberos will likely be a continuous evolution)
> Any hidden gotchas on my path? Any obvious mistakes on my part?
> Gordon Bowersox
> OpenAFS-info mailing list