[Samba] SUCCESS report: samba3 as single-sign-on provider in
heterogeneous network
Andrew Bartlett
abartlet at samba.org
Fri Oct 10 00:59:03 GMT 2003
On Wed, 2003-10-08 at 17:43, Marcus Blomenkamp wrote:
> Hi all,
>
> to raise the bug vs success ratio i'd like to express my gratitude to all
> samba members and those who, though not in-core developers, generously
> supported noobs like me on this mail list.
>
> I've set up an environment two months ago and it has run without glitches or
> tweaks since then. Now as misusing my family as beta testers has worked out
> so nicely i will deploy an identical setup in the institute i'm working for.
>
> Samba and OpenLDAP in pair function as single-sign-on provider. All
> information (passwords, users, mappings etc) is stored in ldap under strict
> permission policies - all within ldap except the password to access ldap. :)
> Authentication is handled centrally through samba. Clients are debian woody
> and windows xp machines joined into the domain. The network is heterogenous
> itself with some machines sitting on wireless lan. Roaming profiles perform
> great with only one warning being spit out on the winxp machines: 'cannot
> find active directory controller' or similar ;)
That's an interesting one - I've not seen that. Any ideas what triggers
it?
> Unix clients currently suck their uid/gid information directly from ldap as
> i'm still relying upon NFS for home directory access. I've setup auto-mount
> smb/cifs home dirs through pam_mount too, however smbfs/cifs seem far from
> usable in respect of unix specialties such as absolute symbolic links. Has
> anythind happened in this direction recently? This would definitively be the
> dot on the i.
Personally, I don't think this is the right way to do it - NFS is a much
better match for unix semantics. Now, the trouble is securing NFS -
but I think that NFSv4, SFS (www.fs.net) and the like are a better match
for this problem space.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031010/8de9b538/attachment.bin
More information about the samba
mailing list