[Samba] samba file server with heartbeat and drbd
Hello, While working on heartbeat/pacemaker for a web service stored on drbd, I've thought what I've learnt could also be applied to samba in order to build a fault tolerant file server in our domain. While digging samba's doc, I've found that CTDB could also fulfill the need and is maybe better suited as it's samba-related. But on the other hand, I'd appreciate to begin with only samba + pacemaker + drbd. I guess that failover would be less transparent to the users but I'm not really aware of what bad things could occur during a failover. Could anyone enlighten me on this matter ? Regards, -- Mikael Kermorgant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba file server in active directory domain - manage acls
On Fri, Oct 17, 2008 at 12:56 PM, Mikael Kermorgant < [EMAIL PROTECTED]> wrote: > > > On Thu, Oct 16, 2008 at 7:45 PM, Sébastien Prud'homme < > [EMAIL PROTECTED]> wrote: > >> 2008/10/16 Mikael Kermorgant <[EMAIL PROTECTED]>: >> > Hello, >> > >> > I'm considering moving our windows shares (2003 domain) to a samba >> server, >> > to improve performance, setup clustering and use scheduled lvm >> snapshots. >> > However, I've not clarified how our current security policy would be >> applied >> > on this server and like to ask you some things (sorry, I'm sure they >> already >> > have been posted but there is so much on this topic to read I prefer to >> ask >> > again) >> > >> > Currently, we manage security on our shares by : >> > * giving full control to everybody at the "share" level >> > * restricting rights at the "security" level >> > >> > By switching to samba, we face a set of challenges : >> > >> > * Changes to our security policy. We will have to manage security at the >> > linux/samba level and this raises some questions: >> > - is it still possible to keep the security management at the file level >> (by >> > giving full control at the share level and thus eliminating botherings >> on >> > this side) ? I know there are some limitations when mapping posix acls >> to >> > windows one but that might be acceptable. >> > >> >> No problem if you edit Posix ACL directly. I advice not to use the >> Security tab in Windows (when you right click on a file/directory and >> change the Properties) to modify ACL. >> >> > - I've tried to manage posix acls on ext3 via konqueror which I could >> find a >> > good alternative to windows' gui but I'd prefer a web front end. Would >> you >> > have some nice web gui to recommend ? >> >> The only one i know is a Webmin module: >> http://webmin-fsacls.sourceforge.net/en/index.html >> >> Thanks for this info, I'll check how it works. Regarding your advice not to use the security tab in windows, that's a possibility I wasn't aware of. If I have understood how it works, you have to mount the share under a specific letter (S: for example) , and then you can manage security from there. AS this would surely be the easiest solution in our migration, could you please indicate what the drawbacks would be ? Regards, -- Mikael Kermorgant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba file server in active directory domain - manage acls
Hello, I'm considering moving our windows shares (2003 domain) to a samba server, to improve performance, setup clustering and use scheduled lvm snapshots. However, I've not clarified how our current security policy would be applied on this server and like to ask you some things (sorry, I'm sure they already have been posted but there is so much on this topic to read I prefer to ask again) Currently, we manage security on our shares by : * giving full control to everybody at the "share" level * restricting rights at the "security" level By switching to samba, we face a set of challenges : * Joining the domain and retrieving users and groups from the windows domain to the samba server. As I know, this is ok and is well done with winbind * Changes to our security policy. We will have to manage security at the linux/samba level and this raises some questions: - is it still possible to keep the security management at the file level (by giving full control at the share level and thus eliminating botherings on this side) ? I know there are some limitations when mapping posix acls to windows one but that might be acceptable. - I've tried to manage posix acls on ext3 via konqueror which I could find a good alternative to windows' gui but I'd prefer a web front end. Would you have some nice web gui to recommend ? Thanks in advance, Regards, -- Mikael Kermorgant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] simple command to check domain membership
Hello, I'm planning to automate domain joining with samba+winbind for a classroom. Using cfengine, I'll have to trigger domain joining by checking current status via a shell command. An example : has_hostname = ( '/bin/test -f /etc/hostname' ) What would be a simple and safe test to check whether or not the machine has already been joined to the domain ? Thanks in advance, -- Mikael Kermorgant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
