[Samba] SUCCESS report: samba3 as single-sign-on provider in heterogeneous network

Andrew Bartlett abartlet at samba.org
Fri Oct 10 00:59:03 GMT 2003 

On Wed, 2003-10-08 at 17:43, Marcus Blomenkamp wrote:
> Hi all,
> 
> to raise the bug vs success ratio i'd like to express my gratitude to all 
> samba members and those who, though not in-core developers, generously 
> supported noobs like me on this mail list. 
> 
> I've set up an environment two months ago and it has run without glitches or 
> tweaks since then. Now as misusing my family as beta testers has worked out 
> so nicely i will deploy an identical setup in the institute i'm working for.
> 
> Samba and OpenLDAP in pair function as single-sign-on provider. All 
> information (passwords, users, mappings etc) is stored in ldap under strict 
> permission policies - all within ldap except the password to access ldap. :) 
> Authentication is handled centrally through samba. Clients are debian woody 
> and windows xp machines joined into the domain. The network is heterogenous 
> itself with some machines sitting on wireless lan. Roaming profiles perform 
> great with only one warning being spit out on the winxp machines: 'cannot 
> find active directory controller' or similar ;)

That's an interesting one - I've not seen that.  Any ideas what triggers
it?

> Unix clients currently suck their uid/gid information directly from ldap as 
> i'm still relying upon NFS for home directory access. I've setup auto-mount 
> smb/cifs home dirs through pam_mount too, however smbfs/cifs seem far from 
> usable in respect of unix specialties such as absolute symbolic links. Has 
> anythind happened in this direction recently? This would definitively be the 
> dot on the i.

Personally, I don't think this is the right way to do it - NFS is a much
better match for unix semantics.    Now, the trouble is securing NFS -
but I think that NFSv4, SFS (www.fs.net) and the like are a better match
for this problem space.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031010/8de9b538/attachment.bin

More information about the samba mailing list