[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: your mail

Subject: Re: your mail
From: Damion Yates <nospam [at] rd.bbc.co.uk>
Date: Oct 11 1999 07:01:22 EDT
On Wed, 6 Oct 1999, Robert Speed wrote:

> I'm trying to setup a test Linux network with desktop apps, blah blah blah.
> This is so as to attempt to convince my boss that Linux is a viable
> alternative to 'doze and Netware.

You should see Coral's offering, this is exactly what they are tying to
demonstraight with the new distribution.

> Can anyone Email me the URL of a site (or even any docs) for allowing any
> user to logon at any machine on a network, and having a certain directory
> exported via NFS.

http://www.linuxdoc.org/HOWTO/NFS-HOWTO.html and
http://www.linuxdoc.org/HOWTO/NIS-HOWTO.html

> I've got NIS up and running, and NFS exporting a directory to a known host,
> but I'm trying to get it so that a user can go to any machine and logon as
> they currently can under Netware.

You don't actually do this with NFS normally and infact you can now not do it
with samba with a different kernel module to smbfs.o

You would normally mount as root a whole mount point, which itself would
contain files with varying permissions, the NIS between the two boxes will
mean that file ownership works as you would expect. This is saddly a little
insecure if people can plug NIS enabled linux boxes they have root on, on to
any network and access files as any user they like using su. This is fixed
somewhat with kerberos (man kerberos on a sun) or simply by disallowing root
on any boxes with physical security, fixed ethernet address->ip secure
switches/hubs, servers in server rooms, etc.. We use the later and I don't
have root on my Sun workstation I'm using at the moment for example.

The vast advantage of this is that it's stateless, a server can be downed
moved to another room and brought up again and you're NFS session from your
client box doesn't even know (apart from a long delay if you were
read/writing). There are also no passwords flying around the place.

SMB and NCP work differently with a user logging on to a server or domain and
gaining a mount of only files they own or have rights to access, then if the
server goes down you loose your connection (actually every windows client
seems to crash when this happens in my experience). You need to authenticate
again with each server you try to access and other people need to
authenticate again if they want a mount even if they are on the same Linux
box as you. Windows9x these days stores your password on the box
and re-authenticates if it looses contact with the server, you probably loose
data if this happens as well as it being pointlessly insecure. Okay it's
encrypted and these days the encryption is pretty good, Netware was famous
(about 5 years back) for being very secure in the challange handshake of
authentication while mapping drive letters (DOS).

Linux supports everything and can evan re-export most mounts as other styles.
I once mounted a Netware3.11 server on /mnt/system, a WfW3.11 share on
/mnt/windows and exported in ipx/NCP the whole of /mnt, this was using
mars_nwe the Netware Emulator, 255 users could log on using normal netware3
map commands. These days Linux can do Netware 4.11 thanks to Caldera, I
think you can get a demo 3 user licence of netware4 FOR Linux, but anything
greater then 50 users and you enter the thousands of pounds mark. I believe
you can attach to an NDS (Netware Directory Services) tree for free though.

Linux is one of the few Unix systems that can mount SMB shares, all can run
smbclient for ftp style access but only Linux and Solaris (AFAIK and the sol
one is a commercial addon) can mount as a filesystem. An old userland
program called Rumba converts SMB to NFS but I don't know how reliable it is.
All UNIX systems can run samba to export NT style SMB shares, this is a
direct threat to MS especially as (from what we've found at the BBC with out
E450 sun) it outperforms NT :) This is only over tcp/ip there seemed to be
a minor movement in the Linux world to support netBEUI/ipx or whatever it is
when you don't use ip with SMB. But it looks like it died away.

So both systems have advantages and disadvantages. I've not really made my
mind up as to which I prefer. I like the safe reliable statelessness of NFS,
it's a good standard, I haven't played with keberos, but I'd love to when I
get the time it might be the answer to all problems. NFS is the norm for
UNIX systems, infact I think it would be very rare for a UNIX based setup
(such as BBC RD) to use ipx/NCP or ip/SMB. I've used Linux on netware in my
previous job and kind of liked being able to ncpmount as a user to any old
directory and it being only my files, it was pretty reliable too.

Linux on the hole is slagged off greatly for all network filesystem
implementations, which is obviously unfair when you consider that it's the
only one that does some of them. The latest kernel is supposed to vastly
improve the NFS serving (probably mounting too) but I still have my doubts.

> Now I've just hit a snag, there doesn't seem to be much in the way of info
> for going further - none of the HOWTOs go into it, they all stop short, and
> I've found other peoples requests for help (on Deja), but no (working)
> answers posted.

Damion

--
Damion Yates - Damion.Yates [at] bbc.co.uk

Start your own FREE mailing list at

&copy; 2000 Microsoft Corporation. All Rights Reserved
Prev by Date: Re: dual processors
Next by Date: Re: dual processors
Prev by thread: Re: Quick time for Linux
Next by thread: Fwd: Linux books for novice users
Index(es):
- Date
- Thread