Tweet
Originally posted by alokhan
View Post
-
If your clients are Windows? No. Windows only does SMB / CIFS. If your clients are Linux/FreeBSD or OS X then just use NFS. To get user security you have to have a central login mechanism, like LDAP, so that your UIDs are the same or manually make sure your UIDs / GIDs are mapped across systems. This is error prone though, so only recommended for very small networks or home use. Security for the actual mount can be delegated to Kerberos now if you use NFSv4.
-
True, to some extent. But user mapping is impossible to work with, at least on NFSv4. It works once in a while and no one knows which stars exactly have to be aligned for it to work again.Originally posted by jeffgus View Post
And without it, you basically have to have synchronized UIDs and GIDs on all machines. Crap.
Last edited by Brane215; 27 January 2016, 06:38 AM.Comment
-
Yes there is none, it puzzled me a long time but years after, still nothing...Originally posted by alokhan View Post
Because Unix was at start client/server oriented there was no need for it, clients being X client only.
Then Samba filled the gap with simple share management (but not as simple as Windows shares...)
I do use NFS mainly but it is much more complicated than Samba to set up, so my advice is:
- If you need performance or security and you like to tweak, go NFS
- if you need something simple to setup or need to share with Win boxes, go Samba
Comment
-
If you use active directory or ldap on your servers and winbind or sssd on your clients you can have different users also on the same box.Originally posted by jeffgus View Post
But perhaps something like dlna (using rygel or so) might be what some people here want?
Personally I am a big fan of samba, since it enables you to use linux in your server room and still have windows clients in your office.
Don't forget that samba since version 4.0 also supports acting as an active directory domain controller. I just wish configuring it was easier.
Comment
-
I find it incredibly hard to set up Kerberos. Basic auth works for login/ssh, but how to create all domains and such for NFS and other protocols. There are no good guides or graphical tools.Originally posted by rhavenn View PostComment
-
-
No but thanks for the info. I've managed to set up auth for many services, but file serving seemed too daunting. The FreeBSD/Arch/Gentoo/Ubuntu wikis and forums didn't really help.Originally posted by Zan Lynx View PostComment
-
Originally posted by caligula View Post
Use FreeIPA ( http://www.freeipa.org ). It is basically the same as setting up Windows with AD. It makes setting up LDAP/Kerberos as simple a running a command. Joining machines to the IPA domain is also a simple command.Last edited by jeffgus; 27 January 2016, 04:38 PM.Comment
-
Originally posted by caligula View Post
Yeah, FreeIPA makes it sooooo much easier. The main difference between it and Miccrosoft AD is that it is tuned for Unix/Linux. So things like ssh host keys and user public keys are pulled automatically from LDAP. The magic is in the sssd daemon. The sssd daemon cal also work with AD, but some features are missing (ssh keys)Comment
-
Originally posted by Brane215 View Post
And how does Windows map users between computers? Unless you are using AD, you would have to auth to each machine individually. Unix doesn't think in those terms for file sharing.
I just remembered that Gnome has a filesharing plugin that uses WebDAV for sharing. WebDAV is decidedly not good at performance, but for a simple fileshare, it works.
Also, if you use MacOSX, then you should probably be using Netatalk, not Samba for fileshares. It is the native filesharing protocol for MacOSX.Comment
Comment