Suggestions for Network Filesystem Technology?

4 01 2009

I’m looking for suggestions on how best to set up filesystem services for my local network. I’ve built out a decent fileserver (‘yawl’, running Ubuntu Linux) with a series of external HD’s, and I want to make those filesystem(s) available to client machines.

There’s a couple caveats. Whatever solution I use has to have the following features:

  • Centralized Authentication / Authorization
    Per my recent post, I’m liking the idea of using a centralized authentication server for account management. This is the role traditionally filled by Microsoft Active Directory. I have no interest in dedicating a new machine, paying Microsoft money, and introducing a whole new layer of ‘customizations’ to standards, as Microsoft is wont to do. Whatever solution I use needs to provide cross-platform support based on existing standards and tools. LDAP + Kerberos is what I have running now, but I can look at others.
  • Multi Platform Support
    I’ll need support for various client platforms. The big three – Linux, Mac, and Windows are a given. I don’t mind needing to install simple tools on each platform (for instance, for Kerberos ticketing on Windows, you need Kfw, etc).
  • Inexpensive or Free
    I have zero budget for this project, other than hardware. If I’m supporting my half dozen clients initially, with a possibility of a larger deployment later, the solution should be available in opensource.

Now, I already hear the cry. “Why not just use CIFS, the ‘windows’ fileshare protocol? Everyone uses it, and Samba is a great system.” That’s because from everything I’ve read, Samba cannot use an external authentication system OTHER than active directory. It vaguely supports Kerberos, and vaguely supports LDAP, but only to the level that an Active Directory server provides. I can find no clear documentation or even loose information that states how to configure Samba to authenticate in a non-windows Kerberos realm.

So where’s that leave us? Well, there’s a couple to consider:

  • AFS – Andrew Filesystem
    AFS is used at MIT and CMU, and is directly coupled with Kerberos. My understanding is it’s pretty damned cool, but it’s not really meant for ‘small’ environments like mine. I’d be happy to be proven wrong. I also don’t know if AFS clients exist for Mac and Windows
  • SSHFS – the SSH filesystem
    Not a bad idea. SSH is widely supported, well known, and seems like it’d do the job. Unfortunately, the sshfs is a FUSE system, and requires some tweaking on the Linux box to make it work. Secondly, I can find no support for sshfs clients in Windows or Mac. Alas.
  • NFS – The original Sun Network Filesystem
    Ahh, the good old days of NFS. Everyone knows it, everyone supports it, as far as I know, no one really likes it. At least NFS’s weaknesses are well known. In addition, I don’t know how good the NFS client support in Windows and Mac is.

So whadya think, world, what should I look at? Is there hope?

Advertisements

Actions

Information

6 responses

4 01 2009
Matt

We are using glusterfs (gluster.org) at work. I doubt it it will do what you need, but it is kind of neat.
For your purpose, I would recommend AFS. In fact, I tried to convince the folks at work that it would be a good idea. But, I don’t have a PhD, so what do I know?
There are quite a few folks on the #lopsa channel that are quite familiar with AFS.

4 01 2009
4 01 2009
dbs

@matt – Yah Gluster seems a bit overkill for what I’m doing. petabytes? 🙂 I have about a terabyte online now, probably going up to 2-3, that’s about it for now.
I may re-look at AFS, thanks.
@JB – Hmmm. That’ll enable FUSE on macs, but is there an sshfs implementation that runs in that? That still also leaves Windows out of the picture. (the windows client need is actually more important right now)

4 01 2009
dbs

@jb – duh, 5 seconds of clicking shows the sshfs implementation. Thanks 🙂

4 01 2009
Imre

AFS compares to a network file system like Mass General Hospital compares to a doctor’s office. I would not consider it for a home network, I rejected it for much larger installations as well (and I did my homework, read all the docs, set up a test environment, learned all the caveats.)
I would still go with Samba – several companies built other auth in it, and it lends itself to auth modifications relatively easily. Look around for customized samba server packages.
(or WebDAV? 🙂

7 01 2009
anonymous

Nothing wrong with NFS & NIS+. It’s been used for years and works. People complain about it because linux/*bsd systems used to have some fairly bad bugs and quirks. These days, its not so bad. There are windos clients for it too, but they’re either not free, or have even more quirks.

Authentication sounds like the main reason why you’re not using samba (the most obvious choice to me) here – since you’re dealing with non-UNIX stuff. In which case, you need to look into it more carefully. Someone has already mentioned samba supports a central auth. facility as part of the server. It’s quite easy, and if I remember right, is even the default. With a bit of effort you can even have it inherently linked to the user accounts on the fileserver.

In any case, truly distributed filesystems don’t sound like what you want, so AFS, CODA, etc aren’t for you; stick with the basics.

Hope that helps.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: