Re: errors with ldap/init-directory

Am Dienstag, den 06.04.2021, 23:44 +0200 schrieb Maciej Delmanowski: Where would be the right place to do? Is there any "howto" section in debops documentation? Yes, I know, this sounds a little bit weird ;-) Because we think a lot about this at the moment I gonna share our thoughts. Maybe other people have comments. Well, I have to admit that my experiences with kerberos are very little. My first ldap environment was 389-ds (and it's still our standard because wie use central kolab groupware) which lacks the kerberos password overlay openldap has. So the alternative had been freepa. But this was hard to integrate. For many small environment NFS and kerberos is overkill in my opinion. We've had some ltsp installations with sshfs. We also used this with fat clients. It's secure but leads to some expected issues with destop environments because of hardlink bugs... So we have actually the choice in network filesystems: sshfs: not all filesystem features are supported nfs: unsafe without kerberos and quite complex with. nfs+kerberos: secure but complex. Another drawback (but maybe I'm wrong): we can't use it for statically mounted filesystem without user interaction because only users have tickets and not machines. samba: It works, has at least an authentication layer and we need it anyway for cross-plattform support / BYOD. So we only have to configure ONE network filesystems. It works surprisingly well - even for /home over network. A big drawback: we need unix extentions for user homes - but this is only possible with samba vers=1.0 (https://lists.samba.org/ archive/samba/2017-October/211517.html). All in all network filesystem situation for linux is everything else then satisfactory. Cheers Jan