[BBLISA] Chucking samba

Toby Burress kurin at delete.org
Sat Apr 24 14:17:18 EDT 2010


So at work we have several document repositories, and while most of
our clients are Windows PCs, the servers are running nix variants,
(Linux and BSD, mostly), so we have a bunch of Samba instances running
at various locations.

The Windows clients are *not* joined to any domain, and we do not have
a Windows domain controller (nor, frankly, does anyone want one).
However, the Samba machines are in pseudo-domain mode, with a "password"
server and an LDAP backend.  This works some of the time, but very often
it seems like the magic that Samba uses to authenticate users does not
work from version to version.  Right now I am struggling with a samba
server that, though its configuration is copied from a working machine,
behaves completely differently.

So I was thinking of ditching Samba for AFS.  It has a number of benefits
over Samba, I think, such as the kerberos auth, the universal namespace
(I always have users who complain that their directory was deleted from
the server, only to find out that they're talking to the wrong server),
and the (more) consistent ACL structure.

I have a working AFS cell, and from what I can tell the Windows client
(OpenAFS + MIT KfW) is fairly stable.  But I haven't been testing for
very long, and I was wondering if anyone has been here before me, and
knows what headaches I can expect.  How does AFS tend to fail, and how
often?  Has anyone ditched AFS for Samba (or anything else) and what
drove you away?  Is everyone who has used AFS in production in the past
screaming "Nnnooo!" in slow motion?  It seems like an actively developed
technology that nonetheless is rarely used, so I'm kind of working in
a vacuum of opinions.

Toby



More information about the bblisa mailing list