I'm exploring the idea of using Linux as a workstation OS for some of the users where I work. Most of the issues I've looked at seem resolvable, but I keep running into one sticking point. We rely heavily on shared folders on our Samba server, using ACLs to restrict things on a departmental basis. What I'd need is a way to mount these folders with the permissions of the current logged-in user and honoring all the ACLs on the server. Basically I need it to act just like an NT workstation, client-wise. Winbind can do the authentication, but I've tried smbfs, and it looks like it doesn't enforce the ACLs. Is there something I'm overlooking, or is this something you just can't do with Linux? ---------- David Brodbeck, System Administrator InterClean Equipment, Inc. Ann Arbor, Michigan davidb@mail.interclean.com (734) 975-2967 x221
On Thu, Dec 20, 2001 at 12:52:59PM -0500, David Brodbeck wrote:> I'm exploring the idea of using Linux as a workstation OS for some of the > users where I work. Most of the issues I've looked at seem resolvable, but > I keep running into one sticking point. We rely heavily on shared folders > on our Samba server, using ACLs to restrict things on a departmental basis. > What I'd need is a way to mount these folders with the permissions of the > current logged-in user and honoring all the ACLs on the server. Basically I > need it to act just like an NT workstation, client-wise. Winbind can do the > authentication, but I've tried smbfs, and it looks like it doesn't enforce > the ACLs. Is there something I'm overlooking, or is this something you just > can't do with Linux?If the ACLs are POSIX ACLs on the Linux filesystem, then smbfs should have them enforced in exactly the same way as a Windows client - for the currently connected user. What exactly doesn't work ? Jeremy
You're right. I'm not sure what I thought I was seeing. ;) -----Original Message----- From: jra@samba.org [mailto:jra@samba.org] Sent: Thursday, December 20, 2001 1:27 PM To: David Brodbeck Cc: 'samba@samba.org' Subject: Re: Linux as a workstation client On Thu, Dec 20, 2001 at 12:52:59PM -0500, David Brodbeck wrote:> I'm exploring the idea of using Linux as a workstation OS for some of the > users where I work. Most of the issues I've looked at seem resolvable,but> I keep running into one sticking point. We rely heavily on shared folders > on our Samba server, using ACLs to restrict things on a departmentalbasis.> What I'd need is a way to mount these folders with the permissions of the > current logged-in user and honoring all the ACLs on the server. BasicallyI> need it to act just like an NT workstation, client-wise. Winbind can dothe> authentication, but I've tried smbfs, and it looks like it doesn't enforce > the ACLs. Is there something I'm overlooking, or is this something youjust> can't do with Linux?If the ACLs are POSIX ACLs on the Linux filesystem, then smbfs should have them enforced in exactly the same way as a Windows client - for the currently connected user. What exactly doesn't work ? Jeremy
NFS would require the UIDs to be identical on all machines. There is currently no way to ensure this when using winbind for authentication. -----Original Message----- From: Gerald (Jerry) Carter [mailto:jerry@samba.org] Sent: Thursday, December 20, 2001 3:50 PM To: Jeremy Allison Cc: David Brodbeck; 'samba@samba.org' Subject: Re: Linux as a workstation client On Thu, 20 Dec 2001, Jeremy Allison wrote:> On Thu, Dec 20, 2001 at 12:52:59PM -0500, David Brodbeck wrote: > > I'm exploring the idea of using Linux as a workstation OS for some ofthe> > users where I work. Most of the issues I've looked at seem resolvable,but> > I keep running into one sticking point. We rely heavily on sharedfolders> > on our Samba server, using ACLs to restrict things on a departmentalbasis.> > What I'd need is a way to mount these folders with the permissions ofthe> > current logged-in user and honoring all the ACLs on the server.Basically I> > need it to act just like an NT workstation, client-wise. Winbind can dothe> > authentication, but I've tried smbfs, and it looks like it doesn'tenforce> > the ACLs. Is there something I'm overlooking, or is this something youjust> > can't do with Linux? > > If the ACLs are POSIX ACLs on the Linux filesystem, then smbfs should > have them enforced in exactly the same way as a Windows client - for > the currently connected user.Along this lines, why not use NFS?
David Brodbeck wrote:> NFS would require the UIDs to be identical on all machines. There is > currently no way to ensure this when using winbind for authentication.Then why not use AFS or Coda?
Lack of familiarity, mostly, but I'll look into those if I go ahead with this project. Right now a lack of a suitable Microsoft Outlook replacement is the key hold-up, in my view. I tried Ximian Evolution but it crashes a lot. -----Original Message----- From: Robert Claeson [mailto:r.claeson@computer.org] Sent: Thursday, December 20, 2001 7:36 PM To: David Brodbeck Cc: 'Gerald (Jerry) Carter'; Jeremy Allison; 'samba@samba.org' Subject: Re: Linux as a workstation client David Brodbeck wrote:> NFS would require the UIDs to be identical on all machines. There is > currently no way to ensure this when using winbind for authentication.Then why not use AFS or Coda?
Doesn't support scheduling, as far as I know, and we use that feature heavily. Ximian now has a connector that will link it to a Microsoft Exchange server for scheduling, task lists, etc. We're going to have to be a mixed shop anyway, so interoperability is very important. Our CAD department uses AutoCAD, and there's no Linux release of that package. -----Original Message----- From: Ken Cobler [mailto:kcobler@coblercorp.com] Sent: Thursday, December 27, 2001 10:24 AM To: David Brodbeck Cc: 'Robert Claeson'; 'samba@samba.org' Subject: Re: Linux as a workstation client David Brodbeck wrote:> Lack of familiarity, mostly, but I'll look into those if I go ahead with > this project. Right now a lack of a suitable Microsoft Outlookreplacement> is the key hold-up, in my view. I tried Ximian Evolution but it crashes a > lot. >What about Netscape Communicator? It's available for Windows platform, as well as Linux. It's not plagued by the VB script viruses that Outlook has against it. Ken Cobler
On Thu, 2001-12-27 at 09:59, David Brodbeck wrote:> is the key hold-up, in my view. I tried Ximian Evolution but it crashes a > lot.Just for a curiosity, which version of Evolution did you try? I use Evolution 1.0 which hardly ever crashes, though the prereleases crashed frequently. Kohei
I was using 1.0. It kept crashing while I was configuring IMAP; if the conversation with the server didn't go exactly right, the mail component would crash and refuse to launch again until the whole program had been closed and reloaded. I decided I'd let it go and check again in a few releases. I had problems with the automated install, too. It kept failing on a missing dependancy. I had to install the RPMs by hand to get things working. -----Original Message----- From: Kohei Yoshida [mailto:kyoshida@mesco.com] Sent: Thursday, December 27, 2001 11:02 AM To: David Brodbeck Cc: samba@lists.samba.org Subject: RE: Linux as a workstation client On Thu, 2001-12-27 at 09:59, David Brodbeck wrote:> is the key hold-up, in my view. I tried Ximian Evolution but it crashes a > lot.Just for a curiosity, which version of Evolution did you try? I use Evolution 1.0 which hardly ever crashes, though the prereleases crashed frequently. Kohei
Seemingly Similar Threads
- Some users can't log in -- server shows username as " nobody"
- using pam_winbind to authenticate PPP?
- PDF printing problem - can't find Samba's file?
- Adobe Photoshop uses wrong permissions when saving, default ACLs and create mask being ignored.
- Some users can't log in -- server shows username as "nobody"