[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] AccessSpace NIS (lots of Q's)

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] AccessSpace NIS (lots of Q's)
From: nospam [at] alexhudson.com
Date: Wed, 4 Apr 2001 17:54:36 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz
User-Agent: Mutt/1.3.12i

> NFS ====>
> We don't seem to have much trouble with NFS on its own. Maybe I'm 
> missing something, but NFS _seems_ entirely stable. It's the NIS 
> that's a pain in the r*ctum. Have we just been lucky with NFS?

Hmm.. What kernel version are you running? 2.0.x was pretty good for nfs.
2.2.x sucked, without patches. 2.4.x is supposed to be okay, but I haven't
tried it myself yet...

> What sorts of problems usually manifest themselves with NFS?

Things that were mounted are not mounted, files that are mounted block when
anything tries to access them...  stuff like that..

> NIS ====>

Sucks , I know :)

> Does LDAP have plain text config files? If it does, hell, I'm in 
> favour, even if they are complex!

Ohh yes :)

> LDAP ====>
> We've just been given a load (16) of 166-200mhz Pentiums with 32mB 
> RAM. Do you reckon they'd be beefy enough to run LDAP without too 
> much logon lag?

I would say so, especially if you had a dedicated authentication box, or
maybe replicated to a few. I wonder what Matt thinks? Give it a shot, and
see.

> PAM ====>
> I don't really understand the relationship between PAM and LDAP. (If 
> there is one...) What are "Pluggable Authentication Modules"? Are 
> they the bits of data served out by LDAP? I'm struggling. Please help!

Firstly, PAM is nothing to do with LDAP. PAM is the software used for
authentication on your Linux box. PAM basically provides the authentication
service, and then the extra modules you add in allow you to use different
authentication methods - LDAP, Win NT domains, whatever. And anything which
uses PAM then allows the new method, without the need for any software
recompilation etc...

> We have a Samba print server running which we (sort of) understand. 
> Hell, it works! It's clearly within our powers to learn this sort of 
> thing, but I don't want to flail around researching stuff when its 
> inappropriate for our purposes. (That's why I'm asking all of these 
> dumb questions).

Samba as a file server is pretty easy to setup. I would prefer it to NFS,
but, if NFS works for you, why change?

> What advantages might there be of running Samba over NFS in 
> preference to just plain NFS for remote directory mounting? Could we 
> run Samba over OpenAFS? Why?

You wouldn't run Samba over any of them. Samba, NFS and OpenAFS are all
discrete technologies - you pick one, or more if you like, but use them on
their own. Particularly, mounting an SMB share that is located on a machine
which mounts that area over NFS (if that makes sense) is a particularly poor
solution :)

> What about print servers? Which is best, Samba, plain remote 
> printers, or some other system? (Remember, think "lightweight"!).

lpd works okay for me, esp. if all your machines are Unix.

> Does this work as a pretty-much direct alternative to NFS? (i.e. 
> Server daemon with permissions set in a config file, Client daemon 
> readily available and lightweight, so it's pretty much fire & forget?)

I've no experience with it, but I would say yes.

> Kerberos =====>
> What is it?

An authentication mechanism. I've not really used it much myself..

> I think I get that (in layman's terms) LDAP is a "permissions 
> server"

Not really!! LDAP is much like a database - it just holds information. The
PAM modules you get for LDAP query the database for account information, and
use that instead of /etc/passwd (for example). 

> So, there's a load of questions. At the moment the provisional plan 
> is to Firewall and IP MASQ with a freestanding box, not address DNS 
> serving inside the network at all (yet) except with a caching Proxy 
> (more dumb DNS questions later...), get an LDAP server running on a 
> freestanding box and use either plain NFS, Open AFS or Samba over NFS 
> to mount remote directories on another freestanding box. Then the 
> idea is to have 100% redundancy, with cold backups for everything. 
> Not very clever, but robust.

Sounds good.

Cheers,

Alex.
-- 
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] AccessSpace NIS (lots of Q's)
  - From: James Wallbank <james [at] lowtech.org>

References:
- [Sheflug] AccessSpace NIS (lots of Q's)
  - From: James Wallbank <james [at] lowtech.org>

Prev by Date: [Sheflug] Re: Wrox Books
Next by Date: Re: [Sheflug] Linux Magazine
Prev by thread: [Sheflug] AccessSpace NIS (lots of Q's)
Next by thread: Re: [Sheflug] AccessSpace NIS (lots of Q's)
Index(es):
- Date
- Thread