ronfishtamu
asked on
OpenIndiana SAMBA LDAP solution
I'm looking for some input on the best way to get SAMBA with OpenLDAP backend set up and using an OpenIndiana/Nappit box for all storage. I already have my ZFS pool set up and running fine.
I am running 2 Proxmox nodes with Ubuntu server vm's on them for various processing applications. My end users run Windows, OSX and Ubuntu workstations. They shell in to the vm's to run their apps and generally save the output in their home folders. They also need their home folder mappings on their workstations.
So it looks like I need a SAMBA server for them to have home folders and permissions to work accordingly across all platforms. SMB seems to be the best protocol for accomodating such a heterogenous environment. And then to have SAMBA use OpenLDAP for authentication. Does this amount to a SAMBA PDC scenario?
I want to have all data land on the ZFS box first and foremost. So it looks like I will end up having all the vm's mounting shares via cifsmount. I really want to avoid NFS altogether because i see permissions getting tangled up. Plus I want LDAP involved on any data access.
I am running 2 Proxmox nodes with Ubuntu server vm's on them for various processing applications. My end users run Windows, OSX and Ubuntu workstations. They shell in to the vm's to run their apps and generally save the output in their home folders. They also need their home folder mappings on their workstations.
So it looks like I need a SAMBA server for them to have home folders and permissions to work accordingly across all platforms. SMB seems to be the best protocol for accomodating such a heterogenous environment. And then to have SAMBA use OpenLDAP for authentication. Does this amount to a SAMBA PDC scenario?
I want to have all data land on the ZFS box first and foremost. So it looks like I will end up having all the vm's mounting shares via cifsmount. I really want to avoid NFS altogether because i see permissions getting tangled up. Plus I want LDAP involved on any data access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
While I haven't done this on a Solaris box. I have a number of environments that are very similar. Each has a Linux server with OpenLDAP/Samba providing authentication & file storage to a network containing Linux, Windows, & OS X clients. In a few cases there are additional Linux pure file servers to meet the data flow requirements. Once properly set up I've had no issues.
ASKER
great response!
ASKER
Haha, spoke too soon. Solaris fell into Oracle's hands, I think they prefer it having a Solaris LDAP server as well.
Gonna throw LDAP and Samba on a vm and shoot the data thru iscsi to the Solaris box. Bottleneck or not I need it done. Maybe I can IOMMU the NIC on the vm.
Gonna throw LDAP and Samba on a vm and shoot the data thru iscsi to the Solaris box. Bottleneck or not I need it done. Maybe I can IOMMU the NIC on the vm.
OpenLDAP + smbldap-tools will result in a Linux/Unix/Windows integrated environment. I don't know how that combination will play with the native Solaris LDAP system.
ASKER
i just grabbed the openldap vm and the pdc drop in vm from Turnkey. Gonna tie them together with the tools and see if I get lucky.
Do you use the phpldapadmin or similar to manage the LDAP users?
Do you use the phpldapadmin or similar to manage the LDAP users?
I mostly manage these networks from the command line, but I do install phpldapadmin and use it occasionally.
ASKER
thank you for your time I know you're busy. One last thing and i will pull my bootstraps up and go forth.
The first order of business for me when this is in production is to migrate my users off NIS and on to LDAP. Since it is obvious I look for shortcuts, do you know of a script or tool of some sort that would automate this? There are around 50 users on this network.
The first order of business for me when this is in production is to migrate my users off NIS and on to LDAP. Since it is obvious I look for shortcuts, do you know of a script or tool of some sort that would automate this? There are around 50 users on this network.
What you need to do depends on the client OS. The configuration for Ubuntu will be different than that for CentOS/Redhat/Unix and different for OS X or windows. For a given OS you might be able to use a script, once you know exactly what changes are needed.
ASKER
thanks again.