Discussion:
[OpenAFS] new infrastructure-afs home and backup questions
Lars Schimmer
2005-05-11 11:05:28 UTC
Permalink
Hi!

I'm in to setup a complete new infrastructure with new PCs, new users,etc.pp.

Now I've got two questions.
1.
I want to setup OpenAFS and krb5 for filesystem and authentication.
Is it wise to use linux-user-homes on AFS? And how to let all the PCs know,
where to find the homes?
E.g. 40 users and 20 workstations. Every user should be able to login to every
workstation and get his home. I thought about NIS, krb5 and OpenAFS. Any tips
for me?
And is it possible to setup Windows-documents&Settings (windows home) to AFS?
I want to setup a domain with a win2003 server and clients. Under NT I can setup
the windows-homes to a samba drive. If I can do that with win2003 server, I can
set windows & linux home in ONE home-volume.
Any hints, tips, donots?

2. Backup - neverending story...
Til yet we use RO copies of the volumes to do a 1-day-go-back-backup.
Therefore I will setup the new cell with 160 or 250 GB HDs and partitions in
that size, i don't want to backup THIS big partitions to streamer or else.
It is a pain in the ass if only a 2 MB file is missing and I have to get that
250 gig backup back and so on...
Is there a more nicely way to do it?
I thought about a big fileserver in a different location with RO copies of all
volumes I setup, but thats only 1 step back, and I want to get 3 days up to 1
week...
I haven't tested the backup volume yet, neither understood it, if I find time, I
have to read on...


Cya
Lars Schimmer
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109 E-Mail: ***@cg.cs.tu-bs.de
PGP-Key-ID: 0xB87A0E03
Chris Huebsch
2005-05-11 11:19:21 UTC
Permalink
Hello,
Post by Lars Schimmer
Now I've got two questions.
1.
I want to setup OpenAFS and krb5 for filesystem and authentication.
Is it wise to use linux-user-homes on AFS?
Generally: Yes. It has a lot of advantages, in respect of security and
flexibility. Although there are situations, where other filesystems are
more appropriate. (NFS, Netware or even SMB).
Post by Lars Schimmer
And how to let all the PCs know, where to find the homes? E.g. 40
users and 20 workstations. Every user should be able to login to every
workstation and get his home. I thought about NIS, krb5 and OpenAFS.
Any tips for me?
In the cell I maintain [*], I use LDAP to provide user-metadata to the
workstations. I do _not_ authenticate against LDAP. That is done by krb4
(nowadays I would use krb5, of course).

[*] A school with 100 WS, 1500 accounts.
Post by Lars Schimmer
And is it possible to setup Windows-documents&Settings (windows home) to AFS?
Yes. It is. The project is called pgina.
Post by Lars Schimmer
I want to setup a domain with a win2003 server and clients. Under NT I can setup
the windows-homes to a samba drive. If I can do that with win2003 server, I can
set windows & linux home in ONE home-volume.
Any hints, tips, donots?
With pgina, you won't even need a PDC/ADS.

At our university we have a one-home, one-account strategy for Unix
(linux, solaris, etc) and Windows (NT..2003).
Post by Lars Schimmer
2. Backup - neverending story...
I haven't tested the backup volume yet, neither understood it, if I find time, I
have to read on...
I am currently evaluating the afs-builtin backup for making backups.

I have 3 fileserver with one partition each (400 GB). Each one backups
to the server next to it (afs1->afs2, afs2->afs3, afs3->afs1).

On Sunday i do a full backup and incrementals to Sunday each weekday).
I keep 2 complete weeks of backup.

Restore is not yet tested ;-)

There are alternative approaches using "vos dump" and "restore". This
allowes fine grained controll over the process of backup and restore,
but requires a little bit more setup-work.


Chris
--
Chris Huebsch www.huebsch-gemacht.de | TU Chemmnitz, Informatik, RNVS
GPG-Encrypted mail welcome! ID:7F2B4DBA | Str. d. Nationen 62, B204
Chemnitzer Linux-Tage 2006, 4.-5.Maerz | D-09107 Chemnitz
http://chemnitzer.linux-tage.de/ | +49 371 531-1377, Fax -1803
Lars Schimmer
2005-05-11 11:37:19 UTC
Permalink
Post by Chris Huebsch
In the cell I maintain [*], I use LDAP to provide user-metadata to the
workstations. I do _not_ authenticate against LDAP. That is done by krb4
(nowadays I would use krb5, of course).
[*] A school with 100 WS, 1500 accounts.
Yeah, so i need to get to known to LDAP, ldap should be better than NIS. But I
anticipated to learn LDAP ;-)
Post by Chris Huebsch
Post by Lars Schimmer
And is it possible to setup Windows-documents&Settings (windows home) to AFS?
Yes. It is. The project is called pgina.
Post by Lars Schimmer
I want to setup a domain with a win2003 server and clients. Under NT I can setup
the windows-homes to a samba drive. If I can do that with win2003 server, I can
set windows & linux home in ONE home-volume.
Any hints, tips, donots?
With pgina, you won't even need a PDC/ADS.
At our university we have a one-home, one-account strategy for Unix
(linux, solaris, etc) and Windows (NT..2003).
pgina looks nice. But I don't know if it fully replace a windows server. I think
i need some testing.
Anyone here has any experience with pgina in production? E.G. how it works
together with .NET studio and WinXP and OfficeXP...
Post by Chris Huebsch
Chris
Thx,
Lars
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109 E-Mail: ***@cg.cs.tu-bs.de
PGP-Key-ID: 0xB87A0E03
Jeffrey Altman
2005-05-11 15:23:02 UTC
Permalink
Post by Lars Schimmer
Post by Chris Huebsch
Post by Lars Schimmer
I want to setup a domain with a win2003 server and clients. Under NT I can setup
the windows-homes to a samba drive. If I can do that with win2003 server, I can
set windows & linux home in ONE home-volume.
Any hints, tips, donots?
With pgina, you won't even need a PDC/ADS.
At our university we have a one-home, one-account strategy for Unix
(linux, solaris, etc) and Windows (NT..2003).
pgina looks nice. But I don't know if it fully replace a windows server. I think
i need some testing.
Anyone here has any experience with pgina in production? E.G. how it works
together with .NET studio and WinXP and OfficeXP...
If you do have an Active Directory domain in which the workstations are
members, you can implement a cross-realm trust between the Kerberos
realm and the AD domain. You can then map user principals in the
Kerberos realm to user accounts in the AD. Logins to the workstations
can then be performed with the Kerberos principal.

By installing the OpenAFS for Windows clients on the workstations, each
workstation will be able to contact AFS via the UNC path

\\AFS\cellname\path

As part of the user profile you can assign the home directory to point
to the user's AFS home volume via a UNC path. In addition, you should
specific via Group Policy redirected folder paths to ensure that the
My Documents, Application Data, and other special folders are not copied
to the local disk with the rest of the user profile.

Jeffrey Altman
Dean Knape
2005-05-11 20:03:58 UTC
Permalink
Post by Jeffrey Altman
Post by Lars Schimmer
Post by Chris Huebsch
Post by Lars Schimmer
I want to setup a domain with a win2003 server and clients. Under NT I can setup
the windows-homes to a samba drive. If I can do that with win2003 server, I can
set windows & linux home in ONE home-volume.
Any hints, tips, donots?
With pgina, you won't even need a PDC/ADS.
At our university we have a one-home, one-account strategy for Unix
(linux, solaris, etc) and Windows (NT..2003).
pgina looks nice. But I don't know if it fully replace a windows server. I think
i need some testing.
Anyone here has any experience with pgina in production? E.G. how it works
together with .NET studio and WinXP and OfficeXP...
If you do have an Active Directory domain in which the workstations are
members, you can implement a cross-realm trust between the Kerberos
realm and the AD domain. You can then map user principals in the
Kerberos realm to user accounts in the AD. Logins to the workstations
can then be performed with the Kerberos principal.
By installing the OpenAFS for Windows clients on the workstations, each
workstation will be able to contact AFS via the UNC path
\\AFS\cellname\path
As part of the user profile you can assign the home directory to point
to the user's AFS home volume via a UNC path. In addition, you should
specific via Group Policy redirected folder paths to ensure that the
My Documents, Application Data, and other special folders are not copied
to the local disk with the rest of the user profile.
Jeffrey Altman
This was Re: [OpenAFS] new infrastructure-afs home and backup questions
but so not to confuse that thread I'm starting anew.

We've successfully implemented a cross-realm trust between a Kerberos
realm and single AD domain. After principal mapping, users are able to
login with their Kerberos principle at AD domain member workstations.

The next thing we need to test and get working is the integration of a
Kerberos realm into a multimaster AD domain model. Here's our current
AD model:

enterprise AD domain ....... TOP
| \
| D
| /
|--------
/ \ |
/ \ |
/ \ |
user AD domains ......... A B |
|
|
|
resource AD domain ................. C


external Kerberos realm ( domain D floating up there )


This gives us:

Active directory domains
------------------------
TOP.njit.edu
A.TOP.njit.edu
B.TOP.njit.edu
C.TOP.njit.edu

Kerberos realm
--------------
D.njit.edu

Our AFS cell
------------
D.njit.edu

Our TOP domain contains no users (only domain admin & related). This is
the root of our AD and provides DNS, etc. to subdomains.

Domain A & B contain user accounts and some workstation accounts.

Domain C is resource domain and primarily for lab computer accounts and
servers providing services to both students and faculty. There are no
user accounts here either. Users from domain A and B need to have their
identities mapped in such a way so they can sit at lab workstation whos
computer account is in domain C but their user account is in either
domain A or domain B. We're fortunate to have user uniques user
accounts across user domains.


Now for my question -

What trust relationships and user identity mappings are needed to have
to have users from domains A & B login to workstations/servers with
computer accounts in domain C using their Kerberos realm identity?

sweating ...

thanks.

dean
Jeffrey Altman
2005-05-11 20:29:04 UTC
Permalink
Post by Dean Knape
This was Re: [OpenAFS] new infrastructure-afs home and backup questions
but so not to confuse that thread I'm starting anew.
By replying to the previous thread, you are still in the previous
thread. Changing the name of the subject does not alter what message
thread you are in.
Post by Dean Knape
We've successfully implemented a cross-realm trust between a Kerberos
realm and single AD domain. After principal mapping, users are able to
login with their Kerberos principle at AD domain member workstations.
The next thing we need to test and get working is the integration of a
Kerberos realm into a multimaster AD domain model. Here's our current
enterprise AD domain ....... TOP
| \
| D
| /
|--------
/ \ |
/ \ |
/ \ |
user AD domains ......... A B |
|
|
|
resource AD domain ................. C
external Kerberos realm ( domain D floating up there )
Active directory domains
------------------------
TOP.njit.edu
A.TOP.njit.edu
B.TOP.njit.edu
C.TOP.njit.edu
Kerberos realm
--------------
D.njit.edu
Our AFS cell
------------
D.njit.edu
Our TOP domain contains no users (only domain admin & related). This is
the root of our AD and provides DNS, etc. to subdomains.
Domain A & B contain user accounts and some workstation accounts.
Domain C is resource domain and primarily for lab computer accounts and
servers providing services to both students and faculty. There are no
user accounts here either. Users from domain A and B need to have their
identities mapped in such a way so they can sit at lab workstation whos
computer account is in domain C but their user account is in either
domain A or domain B. We're fortunate to have user uniques user
accounts across user domains.
If you are going to be mapping Kerberos principals from D to accounts
in the forest, the user accounts should exist in TOP not A and not B.
You are centrally controlling the name space at D, therefore you should
not be giving the ability to create user accounts mapped to that name
space to individual departments via the use of sub-domains.
Post by Dean Knape
Now for my question -
What trust relationships and user identity mappings are needed to have
to have users from domains A & B login to workstations/servers with
computer accounts in domain C using their Kerberos realm identity?
sweating ...
The sub-domains should have knowledge of the existence of realm D
but do not have to have trusts with it. The trust relationship is
between D and TOP.

Note: By using a multi-domain forest you will be making it impossible
(due to a Microsoft bug) for you to provide roaming profiles mapped
to AFS.

Jeffrey Altman
k***@njit.edu
2005-05-12 00:50:13 UTC
Permalink
Post by Lars Schimmer
Post by Dean Knape
This was Re: [OpenAFS] new infrastructure-afs home and backup
questions
Post by Dean Knape
but so not to confuse that thread I'm starting anew.
By replying to the previous thread, you are still in the previous
thread. Changing the name of the subject does not alter what message
thread you are in.
Silly me!
Post by Lars Schimmer
Post by Dean Knape
We've successfully implemented a cross-realm trust between a
Kerberos
Post by Dean Knape
realm and single AD domain. After principal mapping, users are able
to
Post by Dean Knape
login with their Kerberos principle at AD domain member
workstations.
Post by Dean Knape
The next thing we need to test and get working is the integration of
a
Post by Dean Knape
Kerberos realm into a multimaster AD domain model. Here's our
current
Post by Dean Knape
enterprise AD domain ....... TOP
| \
| D
| /
|--------
/ \ |
/ \ |
/ \ |
user AD domains ......... A B |
|
|
|
resource AD domain ................. C
external Kerberos realm ( domain D floating up there )
Active directory domains
------------------------
TOP.njit.edu
A.TOP.njit.edu
B.TOP.njit.edu
C.TOP.njit.edu
Kerberos realm
--------------
D.njit.edu
Our AFS cell
------------
D.njit.edu
Our TOP domain contains no users (only domain admin & related). This
is
Post by Dean Knape
the root of our AD and provides DNS, etc. to subdomains.
Domain A & B contain user accounts and some workstation accounts.
Domain C is resource domain and primarily for lab computer accounts
and
Post by Dean Knape
servers providing services to both students and faculty. There are
no
Post by Dean Knape
user accounts here either. Users from domain A and B need to have
their
Post by Dean Knape
identities mapped in such a way so they can sit at lab workstation
whos
Post by Dean Knape
computer account is in domain C but their user account is in either
domain A or domain B. We're fortunate to have user uniques user
accounts across user domains.
If you are going to be mapping Kerberos principals from D to accounts
in the forest, the user accounts should exist in TOP not A and not B.
You are centrally controlling the name space at D, therefore you should
not be giving the ability to create user accounts mapped to that name
space to individual departments via the use of sub-domains.
Thank you. This confirms my understanding of the problem and is exactly hoping
not to hear.
Post by Lars Schimmer
Post by Dean Knape
Now for my question -
What trust relationships and user identity mappings are needed to
have
Post by Dean Knape
to have users from domains A & B login to workstations/servers with
computer accounts in domain C using their Kerberos realm identity?
sweating ...
The sub-domains should have knowledge of the existence of realm D
but do not have to have trusts with it. The trust relationship is
between D and TOP.
Note: By using a multi-domain forest you will be making it impossible
(due to a Microsoft bug) for you to provide roaming profiles mapped
to AFS.
Jeffrey Altman
Klaas Hagemann
2005-05-11 12:24:04 UTC
Permalink
Hi Lars,

i just set up an enviroment with 11.000 Clients and user-homes in afs,
where i made some experiences:

I would recommend to leave the user-home on the local file system and to
link all the very important directories into it after login. We suffered
under performance-problems, because some applications do save temporary
files under users home-directory. With this symlink-solution, you can
decide for every application where to store its files and keep
afs-volumes smaller.

Another point is, that many login-managers (like kdm or gdm) require
access to the users-home directory, for which no ticket is available at
this point.

For the location of the home-directories i implementet rules where this
directories are mountet, eg:
/afs/cell.name/usr/<first letter of login-name>/login-name
If you have lots of users, you can devide them into more subdirectories.
Then you can find this directories script-based and symlink them under
/home/

For backup, 2 solutions can be combined:
1. user backup-volumes and mount them seperately for the user. So every
user can access his backup under a subdirectory.
A backup-volume is a logical snapshot of a volume, which needs only
very little space on the file-system. You can mount this volume with fs
mkmount <volumename>.backup anywehre in afs-space.
A backup-volumes does not cover hardware-failures...

2. I did the backup with vos dump and saved the dump-files on a
third-party backup-system. Here you have many possibilities to restore
older configurations. Read-Only Clones are not useful, because the
client will access read-only clones by default and so the home-directory
will not work.

Have fun,
Klaas
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I'm in to setup a complete new infrastructure with new PCs, new users,etc.pp.
Now I've got two questions.
1.
I want to setup OpenAFS and krb5 for filesystem and authentication.
Is it wise to use linux-user-homes on AFS? And how to let all the PCs know,
where to find the homes?
E.g. 40 users and 20 workstations. Every user should be able to login to every
workstation and get his home. I thought about NIS, krb5 and OpenAFS. Any tips
for me?
And is it possible to setup Windows-documents&Settings (windows home) to AFS?
I want to setup a domain with a win2003 server and clients. Under NT I can setup
the windows-homes to a samba drive. If I can do that with win2003 server, I can
set windows & linux home in ONE home-volume.
Any hints, tips, donots?
2. Backup - neverending story...
Til yet we use RO copies of the volumes to do a 1-day-go-back-backup.
Therefore I will setup the new cell with 160 or 250 GB HDs and partitions in
that size, i don't want to backup THIS big partitions to streamer or else.
It is a pain in the ass if only a 2 MB file is missing and I have to get that
250 gig backup back and so on...
Is there a more nicely way to do it?
I thought about a big fileserver in a different location with RO copies of all
volumes I setup, but thats only 1 step back, and I want to get 3 days up to 1
week...
I haven't tested the backup volume yet, neither understood it, if I find time, I
have to read on...
Cya
Lars Schimmer
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgeb4VguzrLh6DgMRAsUqAKDSJlD4UlcJNIdnTdUvtRNXyIn5SACgrBJ1
JNQEpuYT+A9GcjJ4hblmWZo=
=tdLA
-----END PGP SIGNATURE-----
_______________________________________________
OpenAFS-info mailing list
https://lists.openafs.org/mailman/listinfo/openafs-info
Chris Huebsch
2005-05-11 12:49:37 UTC
Permalink
Hi,
I would recommend to leave the user-home on the local file system and to link
all the very important directories into it after login. We suffered under
performance-problems, because some applications do save temporary files under
users home-directory. With this symlink-solution, you can decide for every
application where to store its files and keep afs-volumes smaller.
I guess, your users do not move around, but use the same computer every
day. Do they remote-login into other computers?

Do you create their homes dynamically (via pam_creteuserdir or something
like that)?
Another point is, that many login-managers (like kdm or gdm) require access
to the users-home directory, for which no ticket is available at this point.
Really? I think a correct PAM-configuration does handle that.

I know 3 different installation (2 with AFS, 1 with pam_createuserdir),
which work with <any>DM.
For the location of the home-directories i implementet rules where this
/afs/cell.name/usr/<first letter of login-name>/login-name
If you have lots of users, you can devide them into more subdirectories. Then
you can find this directories script-based and symlink them under /home/
Yes. That is recommended. But perhaps not usr, but home (i have the
impression, that binaries are in usr-directories).
1. user backup-volumes and mount them seperately for the user. So every user
can access his backup under a subdirectory.
A backup-volume is a logical snapshot of a volume, which needs only very
little space on the file-system. You can mount this volume with fs mkmount
<volumename>.backup anywehre in afs-space.
Only if the content of the volume does not change too much. If the user
changes all files during 2 vos-backups, the backup-clones need the same
space as the rw-original.

The backups need to be recreated on a regular basis!
A backup-volumes does not cover hardware-failures...
That is true!
2. I did the backup with vos dump and saved the dump-files on a third-party
backup-system. Here you have many possibilities to restore older
configurations. Read-Only Clones are not useful, because the client will
access read-only clones by default and so the home-directory will not work.
Of course they are. You have to mount the rw-originals with "fs mkmount
$HOME <volume> -rw" in order to reach them via $HOME. The ro-clones can
be used as an additional backup. (And this even on an other fileserver!)


Chris
--
Chris Huebsch www.huebsch-gemacht.de | TU Chemmnitz, Informatik, RNVS
GPG-Encrypted mail welcome! ID:7F2B4DBA | Str. d. Nationen 62, B204
Chemnitzer Linux-Tage 2006, 4.-5.Maerz | D-09107 Chemnitz
http://chemnitzer.linux-tage.de/ | +49 371 531-1377, Fax -1803
Klaas Hagemann
2005-05-11 14:00:56 UTC
Permalink
Hi,
Post by Chris Huebsch
Hi,
Post by Klaas Hagemann
I would recommend to leave the user-home on the local file system and
to link all the very important directories into it after login. We
suffered under performance-problems, because some applications do
save temporary files under users home-directory. With this
symlink-solution, you can decide for every application where to store
its files and keep afs-volumes smaller.
I guess, your users do not move around, but use the same computer every
day. Do they remote-login into other computers?
No, they moved around and where able to move around. But their rights
were very restricted, standard-desktop, standard-icons,
standard-applications. We had complete home-directories in afs, but i
wish we had customised local home-directories. It would have improved
speed and stability.
Post by Chris Huebsch
Do you create their homes dynamically (via pam_creteuserdir or something
like that)?
We wrote our own pam-module, which executes some shell-skripts for doing
all these stuff....
Post by Chris Huebsch
Post by Klaas Hagemann
Another point is, that many login-managers (like kdm or gdm) require
access to the users-home directory, for which no ticket is available
at this point.
Really? I think a correct PAM-configuration does handle that.
I know 3 different installation (2 with AFS, 1 with pam_createuserdir),
which work with <any>DM.
We tested kdm and gdm. Ok, we did not play around with special
configurations, but they all wanted to access users homedir for looking
the last used window mananger. And that was the point it was failing.
Post by Chris Huebsch
Post by Klaas Hagemann
For the location of the home-directories i implementet rules where
/afs/cell.name/usr/<first letter of login-name>/login-name
If you have lots of users, you can devide them into more
subdirectories. Then you can find this directories script-based and
symlink them under /home/
Yes. That is recommended. But perhaps not usr, but home (i have the
impression, that binaries are in usr-directories).
Ok....
Post by Chris Huebsch
Post by Klaas Hagemann
1. user backup-volumes and mount them seperately for the user. So
every user can access his backup under a subdirectory.
A backup-volume is a logical snapshot of a volume, which needs only
very little space on the file-system. You can mount this volume with
fs mkmount <volumename>.backup anywehre in afs-space.
Only if the content of the volume does not change too much. If the user
changes all files during 2 vos-backups, the backup-clones need the same
space as the rw-original.
Ok, but if you have lots of users and do the vos backup every day, you
should only need one quarter (?) more disk space.
Post by Chris Huebsch
The backups need to be recreated on a regular basis!
Post by Klaas Hagemann
A backup-volumes does not cover hardware-failures...
That is true!
Post by Klaas Hagemann
2. I did the backup with vos dump and saved the dump-files on a
third-party backup-system. Here you have many possibilities to
restore older configurations. Read-Only Clones are not useful,
because the client will access read-only clones by default and so the
home-directory will not work.
Of course they are. You have to mount the rw-originals with "fs mkmount
$HOME <volume> -rw" in order to reach them via $HOME. The ro-clones can
be used as an additional backup. (And this even on an other fileserver!)
Ok, that is another way to do this.
Post by Chris Huebsch
Chris
Klaas
Derek Harkness
2005-05-15 14:56:00 UTC
Permalink
Here's the solution I've put in place. Background medium size
university 12k+ users.

I have three Linux AFS servers connected to XRaids for 1TB of disk
space available for user home directories. The servers are
replicated every four hours, backup volumes are generated nightly and
mounted inside the user's home directory, and all data is backed up
to tape every two days. AFS was put in place to replace our aging
Novell system and to unify our Windows desktop environment and our
Unix backend. So I've setup Samba servers to act as a gateway for
AFS directories. Most user account data is stored in LDAP, kerberos
is used for unix logins, and samba passwords are currently in LDAP
(There's a strange magic piece that allows the Samba server to issue
AFS tokens so my users have a krb5 password and a SMB password). I'm
hoping Samba 4 will allow me to use kerberos for desktop logins.
This setup has been in place and working since December.

The samba environment provides domain management and control and file
and print sharing to Windows clients. Unix and Mac clients run the
AFS client and use CUPS. Samba has allowed us to really unify the
environment from the users point of view while at the same
simplifying our backend environment by eliminating our need for
Novell, NFS, and Windows servers.

I currently use a slightly hacked Veritas Netbackup for tape
backups. It has some problems, like not backing up ACLs, but at
least it gets the file data. My ACLs structure is very simple and
very easy to recreate if a restore is needed.

Derek
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I'm in to setup a complete new infrastructure with new PCs, new users,etc.pp.
Now I've got two questions.
1.
I want to setup OpenAFS and krb5 for filesystem and authentication.
Is it wise to use linux-user-homes on AFS? And how to let all the PCs know,
where to find the homes?
E.g. 40 users and 20 workstations. Every user should be able to login to every
workstation and get his home. I thought about NIS, krb5 and
OpenAFS. Any tips
for me?
And is it possible to setup Windows-documents&Settings (windows home) to AFS?
I want to setup a domain with a win2003 server and clients. Under NT I can setup
the windows-homes to a samba drive. If I can do that with win2003 server, I can
set windows & linux home in ONE home-volume.
Any hints, tips, donots?
2. Backup - neverending story...
Til yet we use RO copies of the volumes to do a 1-day-go-back-backup.
Therefore I will setup the new cell with 160 or 250 GB HDs and
partitions in
that size, i don't want to backup THIS big partitions to streamer or else.
It is a pain in the ass if only a 2 MB file is missing and I have to get that
250 gig backup back and so on...
Is there a more nicely way to do it?
I thought about a big fileserver in a different location with RO copies of all
volumes I setup, but thats only 1 step back, and I want to get 3 days up to 1
week...
I haven't tested the backup volume yet, neither understood it, if I find time, I
have to read on...
Cya
Lars Schimmer
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgeb4VguzrLh6DgMRAsUqAKDSJlD4UlcJNIdnTdUvtRNXyIn5SACgrBJ1
JNQEpuYT+A9GcjJ4hblmWZo=
=tdLA
-----END PGP SIGNATURE-----
_______________________________________________
OpenAFS-info mailing list
https://lists.openafs.org/mailman/listinfo/openafs-info
Loading...