I'm just curious how you guys handle your Linux file servers. I assume you're all using Samba/CIFS as your protocol of choice. But what is your platform based on? Did you just install Samba and manually edit the smb.conf file? Do your users just link over to their home directory or do you export their data elsewhere? For example, at home I'm used to just mounting the drives in /media. So right now I have a pair of raid 1 drives going to /media/NAS, and within NAS I just create folders with certain permissions that I need.
Do you guys manually edit the config file?
Do you use a simple gui like system-config-samba?
Do you use OpenFiler or FreeNAS instead?
Or do you use some other web based utility to help remotely manage the file server?
I think that's my main issue. I want to be able to remotely handle my Samba shares since physical access isn't always the easiest thing. But I'm having a hard time finding a decent web based GUI. Webmin isn't recommended, SWAT is dead, system-config-samba is simple but very handy for the basic stuff and has no web based frontend, and Zentyal is kind of strange since it edits system files in a very strange way.
Do your users just link over to their home directory or do you export their data elsewhere?
You mean do I make their Samba-exported Windows home folder also their Linux home folder, i.e. mount a disk array to /home and export it via Samba for Windows to use as home folders? I've tried it with Ubuntu, and also having integrated logins on the Ubuntu machine so people logged in using their Active Directory username and password, but ran in to difficulties when I was trying to get more than one file server to match up UIDs and GIDs. It's not a technial problem as such, once you realise it's there, it's just something you've got to think about and organise before you go mounting volumes and having users logging in.
Do you mean the actually location of the export in the filesystem? I'll preface this by saying that I'm actually using Centrify Direct Control to give mac users a home folder, but in principle it's the same thing... I don't use the standard home folder location (/home/username), I do create a separate location for user folders and then export that. There isn't really a reason that I do this, other than to clearly differentiate between the home folder for a local user and the home folder for network user, and if you had your home folders being created automatically with the skeleton directory options in Samba, it might be more logical to actually keep it all in the usual place as it, in a sense, self-managed. My folders and permissions are setup by scripts and not autogenerated by the server, so (to me) it makes more sense to distance the location from the normal one to reflect this.
As dhicks says, the main issue you will encounter with Samba file servers are the correct implementation of a user mapping backend that scales. If you have one server, or it's just for read-only files content it's not so much of a problem, but if you have two or more file servers and a user's id numbers don't match then that's usually not that useful.
I also use Debian (with no GUI) and just edit the configuration files manually rather than use any kind of local or web-based configuration tools. For remote configuration you can just use something like OpenVPN to get through firewalls that directly block the remote access ports and then control the entire server with an ssh session. You can use testparm to check your changes to the Samba configuration file before it gets loaded.
For example, how do users authenticate? If the Linux file server is on the domain via likewise open, does it just automagically work when users try to hit their \\fileserver share? Or do you have to do additional tasks to make it communicate in that manner?
On top of that, I was also curious how you guys managed shares. For example, if you keep the users working with their "homes" directory, would that mean a new share for them would be automatically populated on the fly? Whereas if you managed their shares in say, /media/storage, then you'd have to add a share each time for each user. Correct?
To have it automatically work as a home folder you need to be able to resolve the username against something that maps to the equivalent uid / gid numbers (e.g. winbind, LDAP lookup etc) and also have appropriate permissions set on the folder. You would also have to have kerberos authentication working so that a users credentials are actually passed to the server, without this they will get prompted to authenticate to the share (and this might break parts of Windows logon, as opposed to an OS X logon which pretty much logs you in without a home folder but then mounts it imediately)
The creation of the folders varies of the software you are using. Samba can allow creation of folders on the fly (using the skeleton directory options), something like Likewise Open would probably have something similar. With Centrify DirectControl, the way I provision the users means that it's easier for me to use a central share and then have individual home folders under that, but this is slightly differernt as unix user settings are actually stored in an AD container so there is a lot less going on in terms of server configuration.
If the Linux file server is on the domain via likewise open, does it just automagically work when users try to hit their \\fileserver share?
Yes - same for Samba, there's no need for the user to type in their username/password again.
For example, if you keep the users working with their "homes" directory, would that mean a new share for them would be automatically populated on the fly? Whereas if you managed their shares in say, /media/storage, then you'd have to add a share each time for each user.
I know Samba will let you specify a script to be run when it sees a user for the first time, so that script can go and make a folder for the user and set permissions appropriatly - @CyberNerd wrote an example script, linked to from that post I linked too above.
If you're using Linux with iSCSI targets on a SAN, do you have to set up anything permissions wise on the Linux box or do the permissions sit at the SAN level? It sounds like this might be easier than I thought... Ubuntu on the domain via likewise open, install samba, configure a few things, iSCSI, and... done??
An iSCSI target will appear as an attached disk so the setup is exactly the same. Authentication parameters on a SAN are just for authenticating the iSCSI initiator to make sure that only nobody else can mount it.