Topic: 2 SME Servers, 1 user/group database, SSO?

[ngomes]

Hi,

Does anyone know how to share/replicate one user/group database between 2 SME Servers? The goal is to split SME services across 2 servers on the same LAN (only windows XP/2000 clients) using the same user/group database:

# Server 1: file/print/wins server + domain controller
# Server 2: email server + dns/dhcp/ntp server + internet gateway

We are running for this project against a Microsoft Certified Partner. I'm telling you this because we know how to setup this project using Microsoft technologies (pretty simple) but we want to purpose a Linux SME Server solution.

Anyone?

[cactus]

Hi,

Does anyone know how to share/replicate one user/group database between 2 SME Servers? The goal is to split SME services across 2 servers on the same LAN (only windows XP/2000 clients) using the same user/group database:

# Server 1: file/print/wins server + domain controller
# Server 2: email server + dns/dhcp/ntp server + internet gateway

We are running for this project against a Microsoft Certified Partner. I'm telling you this because we know how to setup this project using Microsoft technologies (pretty simple) but we want to purpose a Linux SME Server solution.

Anyone?

Try to search the forums for high availability, I remember having seen a route to your solution somewhere along that line.

[ngomes]

Try to search the forums for high availability, I remember having seen a route to your solution somewhere along that line.

Yes, I recall that. The problem is that almost all posts about HA (high availability) point to an inexistent URL at http://www.star-support.com

[ngomes]

Is HA (high availability) some how related with GFS (Global File System)?

I saw this link just now:
Red Hat Global File System

Regards,

[cactus]

Try to search the forums for high availability, I remember having seen a route to your solution somewhere along that line.

Yes, I recall that. The problem is that almost all posts about HA (high availability) point to an inexistent URL at http://www.star-support.com

Did you also find this one: http://no.longer.valid/phpwiki/index.php/Linux%20High%20Availability%20How-To%20for%20Mitel%20SME%20v5.1.2?
I know it is outdated and might not be working, but it might be perhaps a starting point as it contains a lot of links (which I did not check however, a lot of them seems pretty outdated).

[dmay]

# Server 1: file/print/wins server + domain controller
# Server 2: email server + dns/dhcp/ntp server + internet gateway

If you are approaching this need from a Microsoft background I agree it makes sense to separate your Exchange and PDC/file server onto two servers. Exchange needs a dedicated box. However I would simply propose this:

1) Install a dedicated firewall/gateway device.
2) Print TCP/IP direct. No server overhead required.
3) Set up a smeserver in server-only mode behind your dedicated firewall/gateway device.

Darrell

[ngomes]

If you are approaching this need from a Microsoft background I agree it makes sense to separate your Exchange and PDC/file server onto two servers. Exchange needs a dedicated box.

Yes, I must admit we have a good Microsoft background. But in the last 5 years we have also implemented around 35 SME Servers on micro/small businesses (small lans between 3 to 10 computers).

Our major problem with SME Server comes when we need to setup 2 or more SME servers on medium networks. In this scenario we always need user single-sign-on (SSO) in place. And that's something we can easilly achieve with Windows Active Directory (I do this job) or with a lot of work with Debian/Centos servers (my partner does this).

We really like SME Server (is indeed a good piece of engineering) but it lacks this feature (SSO between 2 or more servers) in an "out-of-the-box" way.

Regards,

[ngomes]

Try to search the forums for high availability, I remember having seen a route to your solution somewhere along that line.

Did you also find this one: http://no.longer.valid/phpwiki/index.php/Linux%20High%20Availability%20How-To%20for%20Mitel%20SME%20v5.1.2?
I know it is outdated and might not be working, but it might be perhaps a starting point as it contains a lot of links (which I did not check however, a lot of them seems pretty outdated).

Thanks Cactus. After my first reading and from the The High-Availability Linux Project, as I understand the HA feature is used to build something like a network cluster of servers to provide continuous availability of services to users (samba shares, mailboxes, etc). That's something we will look into in the future.

But, we are not looking for HA for this project. We are looking for SSO, i.e., single sign-on, in order to use the same user credentials against an email server, a samba server and a proxy server (all running SME Server).

Nuno

[crazybob]

Although written for SME6, you may want to look at this
http://sme.swerts-knudsen.com/index.html?frame=http%3A//sme.swerts-knudsen.com/howtos/howto_31.htm
It may need tweaking for SME 7.

Bob

[cactus]

Try to search the forums for high availability, I remember having seen a route to your solution somewhere along that line.

Did you also find this one: http://no.longer.valid/phpwiki/index.php/Linux%20High%20Availability%20How-To%20for%20Mitel%20SME%20v5.1.2?
I know it is outdated and might not be working, but it might be perhaps a starting point as it contains a lot of links (which I did not check however, a lot of them seems pretty outdated).

Thanks Cactus. After my first reading and from the The High-Availability Linux Project, as I understand the HA feature is used to build something like a network cluster of servers to provide continuous availability of services to users (samba shares, mailboxes, etc). That's something we will look into in the future.

But, we are not looking for HA for this project. We are looking for SSO, i.e., single sign-on, in order to use the user same credentials against an email server, a samba server and a proxy server (all running SME Server).

Nuno

I was in the opinion that it could be usefull as you need both servers to have the same user base in their own database as I don't know of one SME Server being able to use the userbase of SME Server 2.

[ngomes]

Although written for SME6, you may want to look at this
http://sme.swerts-knudsen.com/index.html?frame=http%3A//sme.swerts-knudsen.com/howtos/howto_31.htm
It may need tweaking for SME 7.

Thanks Bob. After reading the howto we came to the conclusion that was not what we have in mind, because we don't like to modify the way SME behaves by default, although we install (ocasionally) some contribs to add some specific features.

Because SME Server doesn't use OpenLDAP (yet, perhaps on SME7.1?) to store user/group/machine and other samba related information, we were thinking on something like a PDC/BDC Samba architecture:

- SME 1: PDC + WINS/File/Print Server (server only)
- SME 2: BDC + Email Server + DNS/DHCP/NTP Server (server only)
- SME 3: BDC + Proxy Server (gateway)
- All desktops are running Windows XP/200 Pro

After searching for more info we found:

- SME 5.x Remote Samba Server Howto
- SME 5.x Domain Client Howto

Does anyone have tried one of these with SME7?

Nuno

[ngomes]

As far as my knowledge goes (correct me if I am wrong) in order to have user single-sign-on (SSO) across 2 or more SME Servers we currently have these options (all requiring some SME template customization):

(1) 1 NIS Master + n NIS Clients -> SME6.x Howto from Jesper Knudsen

(2) 1 Samba PDC + n BDC Domain Clients -> SME5.x Howto from Greg Zartman

And for SME7 we have a blending edge development, mostly from Charlie, using OpenLDAP for user account information and authentication -> Bug 1543

Are there any more options?

Nuno

[ksc133]

ya man,

SME server is great stand alone.
but this PDC BDC limitation is really a down side for SME servers.

would really hope to see a LDAP master and slave option in the future SME releases.

thanks

[ryan]

Directory/user replication is the reason I switched to Centos 4 from SME 6.  

I now use Fedora Directory server (FDS)on Centos 4.4.  Importing samba schema into Fedora server allows smb useraname & password to be stored FDS.  PAM and samba authentication on each server is configured to use FDS.  pGina allows microsoft clients to authenticate against LDAP (or anything you want).  With pgina, XP home edition can authenticate against FDS.  I use the ldap attribute 'employeeType' to mark if a user is a admin (pgina controls if user is a admin or reg. user).  

For email,  I use Scalix community version which is amazing.  Scalix is configured to authenticate against FDS also.  

Making all this work took a significant amount of time compared to setting up a SME lan.  

If SME could incorporate FDS Masters and Slaves so replication could occur, it would be a superior server simply due to the ease of install and administration.   Scalix is also a very polished feature rich open source email server.  The community version is free and the "standard" users have the same features as SME email users.  Community version allows 25 premium users that can use public folders & calendars with delegation of rights to others, all through Outlook, Evolution, or the sweet AJAX web client.  It also has a mobile web client for PDAs.

ryan

[ksc133]

hi ryan

so whats the difference of using FDS vs openLDAP master and slave config?

i thought openLDAP is the roadmap for samba3 on their website?

another thing about SME7 is the backup problems.
if using a stand alone SME7 simply connect a tape drive and backup
but waht if there's 2 SME7?
there's no veritas or arcserve like software to run backup on remote servers to the main backup server.

pls advise

thanks