samba - Oct 2003 - SUCCESS report: samba3 as single-sign-on provider in heterogeneous network

Hi all,

to raise the bug vs success ratio i'd like to express my gratitude to all 
samba members and those who, though not in-core developers, generously 
supported noobs like me on this mail list. 

I've set up an environment two months ago and it has run without glitches or
tweaks since then. Now as misusing my family as beta testers has worked out 
so nicely i will deploy an identical setup in the institute i'm working for.

Samba and OpenLDAP in pair function as single-sign-on provider. All 
information (passwords, users, mappings etc) is stored in ldap under strict 
permission policies - all within ldap except the password to access ldap. :) 
Authentication is handled centrally through samba. Clients are debian woody 
and windows xp machines joined into the domain. The network is heterogenous 
itself with some machines sitting on wireless lan. Roaming profiles perform 
great with only one warning being spit out on the winxp machines: 'cannot 
find active directory controller' or similar ;)

Unix clients currently suck their uid/gid information directly from ldap as 
i'm still relying upon NFS for home directory access. I've setup
auto-mount
smb/cifs home dirs through pam_mount too, however smbfs/cifs seem far from 
usable in respect of unix specialties such as absolute symbolic links. Has 
anythind happened in this direction recently? This would definitively be the 
dot on the i.

big thanks from here, Marcus

Le mer 08/10/2003 à 09:43, Marcus Blomenkamp a écrit :
> Hi all,
> 
> to raise the bug vs success ratio i'd like to express my gratitude to
all
> samba members and those who, though not in-core developers, generously 
> supported noobs like me on this mail list. 
You meant to raise the success vs bug ratio of course ;-)

D.Morel

On Wed, 2003-10-08 at 17:43, Marcus Blomenkamp wrote:
> Hi all,
> 
> to raise the bug vs success ratio i'd like to express my gratitude to
all
> samba members and those who, though not in-core developers, generously 
> supported noobs like me on this mail list. 
> 
> I've set up an environment two months ago and it has run without
glitches or
> tweaks since then. Now as misusing my family as beta testers has worked out
> so nicely i will deploy an identical setup in the institute i'm working
for.
> 
> Samba and OpenLDAP in pair function as single-sign-on provider. All 
> information (passwords, users, mappings etc) is stored in ldap under strict
> permission policies - all within ldap except the password to access ldap.
:)
> Authentication is handled centrally through samba. Clients are debian woody
> and windows xp machines joined into the domain. The network is heterogenous
> itself with some machines sitting on wireless lan. Roaming profiles perform
> great with only one warning being spit out on the winxp machines:
'cannot
> find active directory controller' or similar ;)
That's an interesting one - I've not seen that.  Any ideas what triggers
it?
> Unix clients currently suck their uid/gid information directly from ldap as
> i'm still relying upon NFS for home directory access. I've setup
auto-mount
> smb/cifs home dirs through pam_mount too, however smbfs/cifs seem far from 
> usable in respect of unix specialties such as absolute symbolic links. Has 
> anythind happened in this direction recently? This would definitively be
the
> dot on the i.
Personally, I don't think this is the right way to do it - NFS is a much
better match for unix semantics.    Now, the trouble is securing NFS -
but I think that NFSv4, SFS (www.fs.net) and the like are a better match
for this problem space.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031010/8de9b538/attachment.bin