Alexander Lazarevich wrote:
> Hi,
>
> samba-3.0.9-1.3E.2 on RHEL3-AS.
>
> Let's say we have a samba 3 PDC (workgroup = testdomain) on
> linux.host.1, and the passwd backend is NIS ypbind that binds to
> ypserv on liunx.host.2. Further, linux.host.2 also runs samba 3, not
> as a PDC, but rather points it's authentication to an NT4 PDC
> (workgroup = realdomain). Even further, linux.host.2 also holds the
> user /home directories.
>
> Now, if we NFS mount linux.host.2:/home onto linux.host.1, and then
> setup the smb.conf on linux.host.1 to share out that NFS mount of
> /home, my question is this: will samba on linux.host.2 be involved in
> any of the authentication? I think it shouldn't be. Samba on
> linux.host.1 should handle all the auth, right? Samba on linux.host.2
> shouldn't even know that anything is being shared out, right?
linux.host.2 will be involved in NIS authentication, as it is the ypserv
that linux.host.1 is ypbound to.
But it won't play any role in Windows authentication, since linux.host.1
is (a) in a different workgroup/domain, and (b) likely referring only to
itself for SMB-related authentication. Your nsswitch.conf or pam
modules might say otherwise, but that would be (more) convoluted.
So, linux.host.1 should be doing the shares just as though /home was a
local drive. Of course, /home is NFS mounted, but that simply adds a
layer of overhead between the data source and the data destination. It
will slow things down for the end-user. But it should not impact the
authentication architecture, for the most part. Obviously, if
linux.host.2 is not properly exporting the filesystem to linux.host.1,
then the share won't work, even though Samba on linux.host.1
authenticates the client user.
Hope this helps!
--Dragon