Bryan Helmkamp
2003-Mar-17 05:30 UTC
[Samba] Seperate servers for home directory space and logins
I'm trying to run the PDC for my domain on a seperate server from the home directory space. Also, I want each user to be able to FTP in with their domain username and password and access files in their home directory and only -their- home directory. It seems that I would need a seperate linux account for every user on the home directory server in order to fulfill my FTP requirement. Then the problem of syncing passwords between two linux servers appears. I'd like to avoid this if at all possible. I can't seem to find any documentation on implementing a system like this. I thought of mounting the home directories on the PDC server, but then I think both the PDC and home directory server's system resources would be used when a user accesses a file. I know I need "security = user" on the PDC server, and I think I need "security = server" on the home directory server. I've looked in to Kerberos, and unfortunatly it is not an option at the moment. Any help anyone can provide would be greatly appreciated, -Bryan
Andrew Bartlett
2003-Mar-17 06:25 UTC
[Samba] Seperate servers for home directory space and logins
On Mon, 2003-03-17 at 16:30, Bryan Helmkamp wrote:> I'm trying to run the PDC for my domain on a seperate server from the > home directory space. Also, I want each user to be able to FTP in with > their domain username and password and access files in their home > directory and only -their- home directory. > It seems that I would need a seperate linux account for every user on > the home directory server in order to fulfill my FTP requirement. Then > the problem of syncing passwords between two linux servers appears. I'd > like to avoid this if at all possible. > I can't seem to find any documentation on implementing a system like > this. I thought of mounting the home directories on the PDC server, but > then I think both the PDC and home directory server's system resources > would be used when a user accesses a file. > I know I need "security = user" on the PDC server, and I think I need > "security = server" on the home directory server. > I've looked in to Kerberos, and unfortunatly it is not an option at > the moment.You want 'security=domain' on your fileserver. If you run and configure winbind you can use 'pam_winbindd' on the domain member you can have all the authentication (both Samba and FTP) redirected to the PDC. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030317/f1b5007d/attachment.bin