A modern BSD UNIX workgroup - how would you do it?
I have an upcoming project to create a modern UNIX (mainly FreeBSD-based) workgroup computing environment. If _YOU_ had your chance to do it from scratch, what technologies would you use? Basically only following are set in stone. Everything else is up to me: 1. Centralised user/password/account management 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway also running FreeBSD 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 Most people I have spoken to automatically say NIS/NFS. Although I know that NIS/NFS is a tried and true combination, I can't help but feel there must be a better way to do a modern BSD UNIX environment. As silly as it may sound I am seriously thinking about running Samba for file sharing services even though this is a fully UNIX environment. Reasons for this include excellent performance on FreeBSD and better security than NFS. Some of the other authentication/account management technologies I'm evaluating include LDAP and Kerberos. Any and comments/suggestions would be very well received... Basically what I'm asking is if you could do it all over from scratch how would you do a modern BSD UNIX workgroup? - Would you like to receive faxes to your personal email address? You can with mBox. Visit http://www.mbox.com.au/fax To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
Dear/Beste BSD, Saturday, February 15, 2003, 9:10:55 AM, you wrote: I have an upcoming project to create a modern UNIX (mainly FreeBSD-based) workgroup computing environment. If _YOU_ had your chance to do it from scratch, what technologies would you use? Basically only following are set in stone. Everything else is up to me: 1. Centralised user/password/account management 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway also running FreeBSD 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 Most people I have spoken to automatically say NIS/NFS. Although I know that NIS/NFS is a tried and true combination, I can't help but feel there must be a better way to do a modern BSD UNIX environment. As silly as it may sound I am seriously thinking about running Samba for file sharing services even though this is a fully UNIX environment. Reasons for this include excellent performance on FreeBSD and better security than NFS. Some of the other authentication/account management technologies I'm evaluating include LDAP and Kerberos. Any and comments/suggestions would be very well received... Basically what I'm asking is if you could do it all over from scratch how would you do a modern BSD UNIX workgroup? Backward compatiblity is somwat important and since NIS/NFS is a succesfull combination i would use that with kerbidos. If i needed to link other platforms, without NIS/NFS support, then i would also use LDAP transparent. -- Best regards/Met vriendelijke groet, Alex To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
BSD Freak wrote: I have an upcoming project to create a modern UNIX (mainly FreeBSD-based) workgroup computing environment. If _YOU_ had your chance to do it from scratch, what technologies would you use? Basically only following are set in stone. Everything else is up to me: 1. Centralised user/password/account management 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway also running FreeBSD 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 Most people I have spoken to automatically say NIS/NFS. Although I know that NIS/NFS is a tried and true combination, I can't help but feel there must be a better way to do a modern BSD UNIX environment. As silly as it may sound I am seriously thinking about running Samba for file sharing services even though this is a fully UNIX environment. Reasons for this include excellent performance on FreeBSD and better security than NFS. Some of the other authentication/account management technologies I'm evaluating include LDAP and Kerberos. Any and comments/suggestions would be very well received... Basically what I'm asking is if you could do it all over from scratch how would you do a modern BSD UNIX workgroup? If (and it's a fairly large if) nss_ldap was supported by FreeBSD, and if ldap authentication were supported by MacOS X, then I would go with LDAP. But 4.X doesn't support nss_ldap, and I'm not even sure if 5.x does yet. I have no clue whether MacOS X does or not. Unless I had a concern about someone sniffing my local network, I'd use NFS for file sharing. I think it's still the cleanest, even if it's not the fastest. In the more practical sense. It's probably still best to go with NIS, as it seems to be the most supported at this time. I still like NFS for file-sharing, although SMB is a viable option. YMMV -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Feb 15, 2003 at 09:07:57AM -0500, Bill Moran wrote: BSD Freak wrote: I have an upcoming project to create a modern UNIX (mainly FreeBSD-based) workgroup computing environment. If _YOU_ had your chance to do it from scratch, what technologies would you use? Basically only following are set in stone. Everything else is up to me: 1. Centralised user/password/account management 2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway also running FreeBSD 3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2 Most people I have spoken to automatically say NIS/NFS. Although I know that NIS/NFS is a tried and true combination, I can't help but feel there must be a better way to do a modern BSD UNIX environment. As silly as it may sound I am seriously thinking about running Samba for file sharing services even though this is a fully UNIX environment. Reasons for this include excellent performance on FreeBSD and better security than NFS. Some of the other authentication/account management technologies I'm evaluating include LDAP and Kerberos. Any and comments/suggestions would be very well received... Basically what I'm asking is if you could do it all over from scratch how would you do a modern BSD UNIX workgroup? If (and it's a fairly large if) nss_ldap was supported by FreeBSD, and if ldap authentication were supported by MacOS X, then I would go with LDAP. But 4.X doesn't support nss_ldap, and I'm not even sure if 5.x does yet. I have no clue whether MacOS X does or not. Unless I had a concern about someone sniffing my local network, I'd use NFS for file sharing. I think it's still the cleanest, even if it's not the fastest. And if you are concerned about somebody sniffing, why not use IPSEC? mf - -- What do you care what other people think? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+TnHfQgEMP0l2aH4RArn8AJ9eOhyCgVFI7N7Mv2q4f0nkp0roaACgv0eH 7ON11WjgMP8rYseCJD1UoGo= =OkNk -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: A modern BSD UNIX workgroup - how would you do it?
BSD Freak wrote:
[ ... ]
1. Centralised user/password/account management
2. 2-3 file servers running FreeBSD, 1 mail server and 1 VPN gateway
also running FreeBSD
3. Workstations will be 75% FreeBSD and 25% Mac OS X 10.2
Most people I have spoken to automatically say NIS/NFS. Although I know
that NIS/NFS is a tried and true combination, I can't help but feel
there must be a better way to do a modern BSD UNIX environment. As silly
as it may sound I am seriously thinking about running Samba for file
sharing services even though this is a fully UNIX environment.
Reasons for this include excellent performance on FreeBSD and better
security than NFS.
NIS support under MacOS 10.2.{0-2, haven't checked .3 yet) appears to be
broken at the moment: specificly the login window doesn't see NIS-only
users, unless you import them into the local NetInfo database.
See man niload. It's also possible to use NetInfo as your primary
authentication repository, and then use nidump to export this to Unix
flatfiles-- and then push the flatfiles via rsync, or scp, or NIS.
On the other hand, 10.2's Samba support is very good, and SMB/CIFS
handles reopening shares much better than NFS deals with mounts going
down. NFS is much lighter in weight, however, and NFS semantics match
those of FreeBSD's default filesystem and UFS under the MacOS better
than Samba does. By contrast, HFS+ and Samba are case-insensitive, and
they are more seperate independent devices (ala Windows C:, D:) than
Unix'es all filesystems get mounted under /, and a non-root
filesystem's mount point looks very much like any normal directory.
I'd probably recommend Samba filesharing for laptops and roaming users;
either SMB or NFS for static desktops, depending on what your users are
used to or would prefer.
Kerberos will probably take more work to administer and more resources
to implement than it is worth for small networks. The token-based
authentication and so forth integrates well with other large-scale
systems from MIT (and CMU): things where you also need AFS/DFS, Cyrus,
etc. In fact, I'd be curious if anyone else had some thoughts on the
size of network for which Kerberos is a benefit?
As for LDAP, do you have any junior admins reporting to you? Try
delegating the task of setting up an LDAP-based authentication system to
one, and see how long it takes before that junior admin is able to
reliably demonstrate that he can make LDAP go on a test network of 3-5
machines. Also, the degree to which LDAP authentication is integrated
well with the native OS's normal authentication, on most of the
platforms I've seen, resembles -CURRENT more than it resembles -STABLE.
As always, your mileage may vary... :-)
-Chuck
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
