From owner-freebsd-questions@FreeBSD.ORG Mon Oct 18 16:45:48 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8969616A4CE for ; Mon, 18 Oct 2004 16:45:48 +0000 (GMT) Received: from dnsmail1.ior.navy.mil (nocb.ior.navy.mil [205.56.210.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 254C943D49 for ; Mon, 18 Oct 2004 16:45:44 +0000 (GMT) (envelope-from JohnsoBS@vicksburg.navy.mil) Received: from cg69ubd01.vicksburg.navy.mil ([205.95.65.21]) i9IGjMxr026835; Mon, 18 Oct 2004 16:45:26 GMT Received: by CG69UBD01 with Internet Mail Service (5.5.2657.72) id <4QZ7402T>; Mon, 18 Oct 2004 19:48:48 +0300 Message-ID: From: JohnsoBS@vicksburg.navy.mil To: stheg_olloydson@yahoo.com, freebsd-questions@freebsd.org Date: Mon, 18 Oct 2004 19:48:48 +0300 X-Mailer: Internet Mail Service (5.5.2657.72) cc: bsilver@chrononomicon.com Subject: RE: feasible w/ samba? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2004 16:45:48 -0000 > -----Original Message----- > From: stheg olloydson [mailto:stheg_olloydson@yahoo.com] > Sent: Monday, October 18, 2004 6:38 PM > To: freebsd-questions@freebsd.org > Cc: bsilver@chrononomicon.com > Subject: Re: feasible w/ samba? > > > it was said: > > >What this would essentially be attempting to achieve is to > have a way > >for a geographically spread out network allow people to > easily access > >their home directories and shares no matter where they logged using > >local servers acting as time-delayed proxies...all the user login > >information, user home directory data, user shared data > >directories...it's a lot of duplicated information out there, but it > >would fix the problem with authentication and home directory > >information being temporarily inaccessible when a link is > down between > > >building locations. No matter what building they were in, > they would > >have access to that building's copy of their home directory; > the next > >day, logging into a different building, they'd get their information > >again. > > Hello, > > What you have here is a hardware, not software, problem. The > root cause > is the unreliable connectivity between buildings. To ensure > all network > resources are always available, use redundant fiber-optic connections > and set your routing such that you can reach buildingX from buildingY > via buildingZ, as well as directly. > Then you can (although it may be heresy on this list) avoid > using FBSD. > Your simplest solution is to use Windows built-in Roaming > Profiles. The > feature exists to accomplish the exact task of making the user's > resources (including desktop config) available on the login > workstation. > Doing things this way has to benefits your proposed solution does not. > First, you guarantee all net segments are reachable at all > times, which > is the root of your problem. This solves that problem and prevents > future ones being caused by this. Second, admin is greatly simplified. > Your way requires too many bits that need looking after. The long-term > cost of this solution will be greater than running the fiber. > Finally, you should look into Kerberos for a single sign-on solution. > Windows and AD both support it. > > HTH, > > Stheg > Samba has support for roaming profiles and works quite well. Also, integration with ldap and kerberos is pretty well documented and allows for a single point of authentication. Not quite a full blown Active Directory solution, but would more than accomplish all that is wanted.