Samba with virtual users, How?

[lord]

I'm planning on running a file server for my clients where they share files and also have private file space. I have got a vpn running for security and would like to run samba for the file sharing.

Is it possible to have virtual users & groups in samba w/o actually adding users to /etc/passwd ? If so, How?

Like making /home/samba the root.. and then have /home/samba/company1 and /home/samba/company1/user1/ type of tree structure...

All replies are very appreciated!
_________________
Between sanity and insanity lays a thin line

[Fraggle]

[lord]

What would the advantages be? pro/cons...

The only thing i need samba for is file sharing over the internet (through a vpn).

[taskara]

I can't remember, but isn't there an option in smb.conf that asks if u want to authenticate against linux users..

and u can add a user to samba with

[lord]

I'll look into it, thx =)

About the email, I'm running qmail with Paul Gregg settings to run with virtual users, isnt that enough? I'm about to install courier-imap and squirrelmail.. will they be able to read the mailboxes and password file with Paul Gregg's way of handling mailboxes and popusers?
_________________
Between sanity and insanity lays a thin line

[ozukir@]

You're probably well on your way to finishing this project up, but I thought I'd chime in here with my two bits. You might want to consider an OpenLDAP + Apache + WebDAV + SSL solution if your doing this over the internet. WebDAV integrates very nicely with Windows clients (You know Web Folders!?). This is not a set up for the faint of heart, but it should be on the same level as OpenLDAP + Samba + VPN. I don't know the specifics of any advantages, but I know that Oracle uses a similar setup for its Internet File System and I'm pretty sure that M$ integrated WebDAV in their OSs for this specific purpose. I've never seen a side by side comparison, but I'd bet WebDAV is better suited to your task. You'll get virtual users, SSL encryption, and good OS integration even for clients outside you VPN.

This would make a sweet "Documentation, Tips & Tricks" entry to boot (hint, hint).

[lord]

Thanks for the tip! I actually hadnt gotten time to get into samba+ldap...


About the HOWTO, I dont know if it's any good. Gonna start reading it now, but there is one at http://tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/ =)

[lord]

One thing I dont get... Why does that howto install php and mysql?

[ozukir@]

I've looked over the howto, and this appears to be a very recent revision to update Apache to 2.0. The howto version (Revision v3.4) in my local install of the LDP howtos (app-doc/howto-html) makes no mention of mySQL or PHP. I'm pretty sure that neither are dependencies of Apache 2.0, but I've only been using 1.3. I suspect that the documentation is still a work in progress and that they are attempting to make it more all-inclusive.

I can't see any specific reason for including the mySQL and PHP information, as it thrown in the howto as an after thought with no explanation. If you have no need for these, there's no real reason why you can't just ignore them.

[lord]

According to apache2's own documentation, there is no need for LDAP or MYSQL to have virtual authentification for DAV folders, or any other forlder for that matter.

AuthUserFile and AuthDBMUserFile (also groupFile in same category) will do just fine ...

[lord]

One question though, is WebDAV suited to use as a network-drive?

As in having the files (documents) on the remote computer while having the software itself installed on your local drive.

[ozukir@]

I've just set up Apache2, and am working out the setup for mod_dav here at home to refresh my memory. But as far as my memory currently goes, this works in an identical fashion as SMB network drives, but they will not get mapped to drive letters (That may be possible, but I don't know). So the answer is no, they are not network drives. This is terminology M$ applies to SMB network shares mapped to drive letters, but they will function in the same manner. The network WebDAV shares will be located in the your Network Places as a folder for each share.

[lord]

There are programs which map WebDAV's to letters, suck as WebDrive. Havn't found a freeware yet though...

How well does the DAV locking mechanism work?

[ozukir@]

This may not be the solution you were hoping for. It's effectiveness is dependent upon the client applications used to access the files. If you are using M$ Office 2000 and greater to work with files, or applications that are specifically DAV enabled, then WebDAV can be a nice solution. Also, if you're looking for shared space where files can be shared, uploaded, and distributed, then WebDAV may be a great solution. While this type of usage probably accounts for the majority of network file system usage, you can begin to see its limitations. You'll just need to keep in mind that WebDAV is an extension of HTTP and inherents its limitations. Illustrating my point is this link.

I think in summary that WebDAV is a good direct replacement for FTP, but you will not have the complete functionality of SMB. I recommend WebDAV primarily because SMB is not recommeded over public networks. Securing SMB using a VPN introduces a number of unnecessary complications, that most organizations can live without (They rarely need SMB's full Windows integration and other facilities).

The effectiveness of locking will be dependent upon the client application. I'm not very familiar with mod_dav's implementation of RFC 2518, but I do know that it deviates in this particular area and is being brought into line with subsequent versions. From my limited knowledge, I understand that the client application must make a specific call to LOCK and UNLOCK the file and I don't recall Office 2000 implementing that. Maybe it's transparent, but knowing M$ it may just be ommitted. I'm not even familiar with how this is implemented in SMB, but I think that two individuals can "check out" the file and both can modify it, but ultimately the last version saved reflects only the changes for that version. The only kind of "locking" available with SMB are general file permissions (Correct me if I'm wrong).

So, most likely I've confused you to the point of hopelessness, at least that's how I'm beginning to feel. Anyways, my two bits: The killer app would be a client/server structure where two clients can simultaneously edit the same file and have their changes reflected in each other's respective client applications in real-time. I think the next best thing (at least for text documents) is CVS.

[lord]

I do know that using (DAV)clients such as WebDrive will enable locking mechanism if you choose to, and according to my weblogs files to get locked when opened and unlocked when closed by an application.

VPN+SMB or SSL+DAV right now seem to be the only choices for me since I need to distribute the files over the internet with virtual user/group access and because my clients are windows users who want seemless access to their distributed files as if they where local. If you know of any other solutions which would ultimatly give the same result, I'd be very happy to hear about them

My problem right now is that webdav is alittle slow at the moment and that it handles utf-8 filenames (iso-8859-1 (.se) to be exact) VERY VERY poorly. Files containing swedish characters or other "weird" chars are often un-openable and the server returns a 404 error code when trying to access that file. This could also be an apache problem, but I've been googling and havn't found anything helpful so far.

[lord]