CIFS VFS and X-logins
Steven French
sfrench at us.ibm.com
Wed Aug 20 19:09:00 GMT 2003
>testing to see if the CIFS VFS is a viable solution for Home Directories
on Linux clients
I have not tested homedirs with the cifs vfs and GDM but I suspect the
problem is that Samba support for mknod (creating pseudo-files for sockets
etc.) is disabled by default in the server code. mknod is almost
certainly necessary for adequate homedir support. There needs to be a
fallback mechanism for creating pseudo-files in the cifs vfs (for Windows
servers if for no other reason) and some reasonable ideas have recently
been suggested (similar issue shows up for symlinks for which I can read
Windows reparse points for a similar purpose). I will investigate more -
there is e.g. an obvious approach to doing emulation of mknod via storing
info in xattrs or the equivalent (over the network this could be done via
EAs or streams). More testing is needed here but it shouldn't be that
hard to get working. I may end up testing kde first since that is what I
have running on more test systems but the same issues are probably in
both.
> however it seems that mount -t cifs wants/needs an entry in smbpasswd
database to work?
Yes. Unless you are running winbind on your server, I would expect that
an smbpasswd entry is necessary for each authenticated user (unless you
are authenticated as guest). It may be that configuring on the server
for pass through authentication would avoid the needs for this if the
domain controller supports ntlm (which seems likely), but note that the
cifs vfs (intentionally) has disabled the support for the older, weak, lm
authentication for security reasons (it can be reenabled trivially by
changing code but I don't want to encourage anyone to use the lm password
hash mechanism). In some cases in the past I noticed that pass through
authentication used the lm password hash (which I have disabled for
security reasons).
Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com
More information about the samba-technical
mailing list