[Samba] Distributed Setup Suggestions

Scott Grizzard scott at scottgrizzard.com
Thu Jul 10 06:58:46 GMT 2008

What types of files are you trying to share?

If they are primarily small (under 100meg) files that you need 
read/write access to (especially documents), you might want to adopt 
some type of document management system like KnowledgeTree instead of 
using Samba.  I suggest this not only because you get document 
management features, but KnowlegeTree works over http, and if you are 
using webdav you already have an Apache infrastructure set up.

At my last job, we used Subversion for the same purpose: distributed 
document management.  However, using it for distributed document 
management requires training the staff to use TortoiseSVN (and 
disciplining them to use locks), and the Subversion experience is not 
intuitive to the "non-developer".  KnowlegeTree has a much more 
intuitive flow for documents.  However, Subversion can use WebDav as its 
interface, so the transition may not be too rough.

Subversion is very traffic efficient (in my opinion).  The latest 
version of Subversion (1.5.x) allows you to mirror your repositories.  
Since most of the traffic is of a "read nature", mirroring your 
repositories will drastically reduce your WAN traffic.  In fact, the 
only traffic across your WAN (if I understand the technology correctly) 
is the "diff" between the old document version and the new document version.

Because both of these solutions (Subversion and KnowlegeTree) work with 
Apache, you can authenticate to them using your Windows user base 
(either through mod_auth_kerb if you are using Active Directory or 
another Kerberos), or through mod_authnz_ldap to your Samba PDC (if you 
are using NT, there is also some way to authenticate to it, but I have 
never used it).  However, fine grained file permissions in Subversion 
are a pain to set up and maintain, so if your ACL's run 40 lines each 
and are different for every file, stick to something else.

If you do go with Subversion, I recommend using Insurrection as a 
front-end to mod_dav_svn.  Insurrection is very difficult to set up, 
especially if you need SSL support for it.  But the time is worth it, 
since it gives a great user front-end for repo browsing.  Throw in the 
Firefox TortoiseSVN menu plug-in, and you are good to go.

If the files are large and primarily read-only, set up a master server 
at one office, and mirror it to the other offices using rsync.  Set up 
the remote samba servers as read-only, and the problem is solved 
efficiently.  I don't know if rsync preserves ACL's, but I heard there 
was a patch in the wild somewhere...

I was very pleased how the Subversion solution came out, but I never set 
up remote mirrors for anything other than read-only backups.  We added 
Trac for project and issue management, and made the non-developer staff 
use it.  The working-copy thing was tough for them to get used to, but 
the webdav access worked well for them.

I just think straight Samba servers may be the wrong tool for what you 
are trying to do, though they may appear to be the simplest solution.

- Scott

Bill Baird wrote:
> My company is approx 200 users. We have 10 offices each with 5-30 users
> each. A few offices work independently, but there has been a lot more
> inter-office work lately. I am looking for a way to provide fast local
> access to files stored in the same office as the user, but also acceptable
> performance for inter-office file transfers.
> We are currently using Oracle Drive for a central file server, it utilizes
> WebDAV and has good performance over the WAN. There are samba & adaptec snap
> servers for local file access, but these are currently only accessible when
> in the same office as the local server.
> - I have done a lot of research and demoing of OpenAFS (even went to their
> conference last month!). While it is a true distributed filesystem; it is
> very complex to setup, requires client software, requires a kerberos server
> and seems to have a lot of quirks of its own. I don't think I am ready to
> trust that...
> - I have been trying to figure out a way to have Samba servers in each
> office that would mount remote servers/folders via NFS. This would provide
> access from the local server with hopefully better speeds for remote files
> (NFS is my experience has been much faster over WAN links). But I'm not sure
> how file locking will work. From searching, it seems that samba/nfs locking
> isn't reliable. What is the current status of this? I also saw in Samba 3.2,
> the CTDB project is becoming more mature. Would this be a possibility? Or is
> that really only for clusters on a fast local network?
> - There is MS DFS, but we really don't want to implement MS servers.
> - ??
> I have been searching and searching, but haven't found anything that would
> solve our problem...so I'm hoping someone can help! Any suggestions would be
> greatly appreciated. Thank you!
> --Bill

More information about the samba mailing list