Hey all,
I have a home NAS that is essentially a Debian machine with OpenZFS running with 4x 8 TB WD Reds in RAIDZ2 as one pool. I plan to add another similar pool. I have a lot of multimedia content, especially music, which is very important. (That is, it's not just a bunch of box set torrents.)
I want to share these pools to my family and friends seamlessly. They are not techies and use Mac OS X and Windows primarily. This may sound like overkill for a home network, but the point is to make this a pleasant experience for all to use, rather than having my family and friends worrying about mismatches permissions, stale file handles, etc. In other words, this needs to be implemented well to be a compelling experience for them.
I would like to use NFS. I understand that NFSv4 with LDAP+Kerberos is the proper way to map users between the NAS file server and other machines. I have a couple of few questions:
@ullbeking
I have a home NAS that is essentially a Debian machine with OpenZFS running with 4x 8 TB WD Reds in RAIDZ2 as one pool. I plan to add another similar pool. I have a lot of multimedia content, especially music, which is very important. (That is, it's not just a bunch of box set torrents.)
I want to share these pools to my family and friends seamlessly. They are not techies and use Mac OS X and Windows primarily. This may sound like overkill for a home network, but the point is to make this a pleasant experience for all to use, rather than having my family and friends worrying about mismatches permissions, stale file handles, etc. In other words, this needs to be implemented well to be a compelling experience for them.
I would like to use NFS. I understand that NFSv4 with LDAP+Kerberos is the proper way to map users between the NAS file server and other machines. I have a couple of few questions:
- Can you recommend good resources for implementing NFSv4 with OpenLDAP and Kerberos with OpenZFS on Linux? Everything I've found so far is very light on.
- If, instead of using OpenZFS, I were to use mdadm+LVM+file_system, then would this affect the user-visible functionality of the system as far as mounting shares and ensuring permissions are correct, is concerned?
- I think that auth services like OpenLDAP and Kerberos should not be virtualized, because if the virt server goes offline and other services depend on it, I could be stuck in a chicken-and-egg scenario. Therefore, would it be wise to implement the LDAP+KRB server/s on bare metal? Or can they be implemented in a VM on a properly architected system?
@ullbeking