[Samba] Distributed Setup Suggestions
Scott Grizzard
scott at scottgrizzard.com
Thu Jul 10 06:58:46 GMT 2008
What types of files are you trying to share?
If they are primarily small (under 100meg) files that you need
read/write access to (especially documents), you might want to adopt
some type of document management system like KnowledgeTree instead of
using Samba. I suggest this not only because you get document
management features, but KnowlegeTree works over http, and if you are
using webdav you already have an Apache infrastructure set up.
At my last job, we used Subversion for the same purpose: distributed
document management. However, using it for distributed document
management requires training the staff to use TortoiseSVN (and
disciplining them to use locks), and the Subversion experience is not
intuitive to the "non-developer". KnowlegeTree has a much more
intuitive flow for documents. However, Subversion can use WebDav as its
interface, so the transition may not be too rough.
Subversion is very traffic efficient (in my opinion). The latest
version of Subversion (1.5.x) allows you to mirror your repositories.
Since most of the traffic is of a "read nature", mirroring your
repositories will drastically reduce your WAN traffic. In fact, the
only traffic across your WAN (if I understand the technology correctly)
is the "diff" between the old document version and the new document version.
Because both of these solutions (Subversion and KnowlegeTree) work with
Apache, you can authenticate to them using your Windows user base
(either through mod_auth_kerb if you are using Active Directory or
another Kerberos), or through mod_authnz_ldap to your Samba PDC (if you
are using NT, there is also some way to authenticate to it, but I have
never used it). However, fine grained file permissions in Subversion
are a pain to set up and maintain, so if your ACL's run 40 lines each
and are different for every file, stick to something else.
If you do go with Subversion, I recommend using Insurrection as a
front-end to mod_dav_svn. Insurrection is very difficult to set up,
especially if you need SSL support for it. But the time is worth it,
since it gives a great user front-end for repo browsing. Throw in the
Firefox TortoiseSVN menu plug-in, and you are good to go.
If the files are large and primarily read-only, set up a master server
at one office, and mirror it to the other offices using rsync. Set up
the remote samba servers as read-only, and the problem is solved
efficiently. I don't know if rsync preserves ACL's, but I heard there
was a patch in the wild somewhere...
I was very pleased how the Subversion solution came out, but I never set
up remote mirrors for anything other than read-only backups. We added
Trac for project and issue management, and made the non-developer staff
use it. The working-copy thing was tough for them to get used to, but
the webdav access worked well for them.
I just think straight Samba servers may be the wrong tool for what you
are trying to do, though they may appear to be the simplest solution.
- Scott
Bill Baird wrote:
> My company is approx 200 users. We have 10 offices each with 5-30 users
> each. A few offices work independently, but there has been a lot more
> inter-office work lately. I am looking for a way to provide fast local
> access to files stored in the same office as the user, but also acceptable
> performance for inter-office file transfers.
>
> We are currently using Oracle Drive for a central file server, it utilizes
> WebDAV and has good performance over the WAN. There are samba & adaptec snap
> servers for local file access, but these are currently only accessible when
> in the same office as the local server.
>
> - I have done a lot of research and demoing of OpenAFS (even went to their
> conference last month!). While it is a true distributed filesystem; it is
> very complex to setup, requires client software, requires a kerberos server
> and seems to have a lot of quirks of its own. I don't think I am ready to
> trust that...
>
> - I have been trying to figure out a way to have Samba servers in each
> office that would mount remote servers/folders via NFS. This would provide
> access from the local server with hopefully better speeds for remote files
> (NFS is my experience has been much faster over WAN links). But I'm not sure
> how file locking will work. From searching, it seems that samba/nfs locking
> isn't reliable. What is the current status of this? I also saw in Samba 3.2,
> the CTDB project is becoming more mature. Would this be a possibility? Or is
> that really only for clusters on a fast local network?
>
> - There is MS DFS, but we really don't want to implement MS servers.
>
> - ??
>
> I have been searching and searching, but haven't found anything that would
> solve our problem...so I'm hoping someone can help! Any suggestions would be
> greatly appreciated. Thank you!
>
> --Bill
>
More information about the samba
mailing list