Marcus Blomenkamp
2003-Oct-08 07:43 UTC
[Samba] SUCCESS report: samba3 as single-sign-on provider in heterogeneous network
Hi all, to raise the bug vs success ratio i'd like to express my gratitude to all samba members and those who, though not in-core developers, generously supported noobs like me on this mail list. I've set up an environment two months ago and it has run without glitches or tweaks since then. Now as misusing my family as beta testers has worked out so nicely i will deploy an identical setup in the institute i'm working for. Samba and OpenLDAP in pair function as single-sign-on provider. All information (passwords, users, mappings etc) is stored in ldap under strict permission policies - all within ldap except the password to access ldap. :) Authentication is handled centrally through samba. Clients are debian woody and windows xp machines joined into the domain. The network is heterogenous itself with some machines sitting on wireless lan. Roaming profiles perform great with only one warning being spit out on the winxp machines: 'cannot find active directory controller' or similar ;) Unix clients currently suck their uid/gid information directly from ldap as i'm still relying upon NFS for home directory access. I've setup auto-mount smb/cifs home dirs through pam_mount too, however smbfs/cifs seem far from usable in respect of unix specialties such as absolute symbolic links. Has anythind happened in this direction recently? This would definitively be the dot on the i. big thanks from here, Marcus
David Morel
2003-Oct-08 08:40 UTC
[Samba] SUCCESS report: samba3 as single-sign-on provider in heterogeneous network
Le mer 08/10/2003 à 09:43, Marcus Blomenkamp a écrit :> Hi all, > > to raise the bug vs success ratio i'd like to express my gratitude to all > samba members and those who, though not in-core developers, generously > supported noobs like me on this mail list.You meant to raise the success vs bug ratio of course ;-) D.Morel
Andrew Bartlett
2003-Oct-10 00:59 UTC
[Samba] SUCCESS report: samba3 as single-sign-on provider in heterogeneous network
On Wed, 2003-10-08 at 17:43, Marcus Blomenkamp wrote:> Hi all, > > to raise the bug vs success ratio i'd like to express my gratitude to all > samba members and those who, though not in-core developers, generously > supported noobs like me on this mail list. > > I've set up an environment two months ago and it has run without glitches or > tweaks since then. Now as misusing my family as beta testers has worked out > so nicely i will deploy an identical setup in the institute i'm working for. > > Samba and OpenLDAP in pair function as single-sign-on provider. All > information (passwords, users, mappings etc) is stored in ldap under strict > permission policies - all within ldap except the password to access ldap. :) > Authentication is handled centrally through samba. Clients are debian woody > and windows xp machines joined into the domain. The network is heterogenous > itself with some machines sitting on wireless lan. Roaming profiles perform > great with only one warning being spit out on the winxp machines: 'cannot > find active directory controller' or similar ;)That's an interesting one - I've not seen that. Any ideas what triggers it?> Unix clients currently suck their uid/gid information directly from ldap as > i'm still relying upon NFS for home directory access. I've setup auto-mount > smb/cifs home dirs through pam_mount too, however smbfs/cifs seem far from > usable in respect of unix specialties such as absolute symbolic links. Has > anythind happened in this direction recently? This would definitively be the > dot on the i.Personally, I don't think this is the right way to do it - NFS is a much better match for unix semantics. Now, the trouble is securing NFS - but I think that NFSv4, SFS (www.fs.net) and the like are a better match for this problem space. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031010/8de9b538/attachment.bin
Possibly Parallel Threads
- EVERYONE USING DOVECOT PLEASE SIGN: Thanks, Administrators of Dovecot!
- WINS server looses election irregular in a heterogeneous network
- Snow Rmpi Heterogeneous Cluster
- [LLVMdev] Supporting heterogeneous computing in llvm.
- [LLVMdev] Supporting heterogeneous computing in llvm.