Authenticated user credentials? Single Sign on?

Jeff Sadowski jeff.sadowski at gmail.com
Thu Jan 28 22:07:11 UTC 2016 

that guide looks geared toward windows machines against a samba server. I
don't want any shares from this machine. I want an Active Directory account
used from my linux client to map its home directory
ie:
something like this

mount -t cifs //fileserver/homes/thisuser  ~/ -o
someflag_to_use_already_authenticated_info

I'm looking at smbnetfs and this might work.

reasoning
currently we use nfs. However nfs seems too open for me. Any machine
connected to the network can have it's own uid scheme and ignore the rfc2307
mappings
thus they can overwrite users files in an nfs share.
I am looking for a more authenticated solution. I will trust a machine I
have joined to the domain but I don't know how to identify it as trusted?

Maybe I need to look into nfs4 but was curious how to do this with cifs
shares

On Thu, Jan 28, 2016 at 9:42 AM, Rowland Penny <repenny241155 at gmail.com>
wrote:

> On 28/01/16 16:19, Jeff Sadowski wrote:
>
>> smb.conf
>> [global]
>>     security = ads
>>     realm = SUBDOMAIN.DOMAIN.FOREST
>>     workgroup = SUBDOMAIN
>>     idmap config * : backend = tdb
>>     idmap config * : range = 2000-7999
>>     idmap config SUBDOMAIN:backend = ad
>>     idmap config SUBDOMAIN:schema_mode = rfc2307
>>     idmap config SUBDOMAIN:range = 8000-9999999
>>     idmap uid = 8000-99999
>>     idmap gid = 8000-99999
>>     winbind nss info = rfc2307
>>     winbind use default domain = yes
>>     winbind nested groups=yes
>>     winbind expand groups=10
>>     winbind enum users = yes
>>     winbind enum groups = yes
>>
>>
>> My smb.conf looks as above. When a user logs in is there something I can
>> use for that user to mount stuff as that user so they do not need to
>> authenticate again as that user?
>>
>> I'd like to mount the users home directory as that user?
>>
>> Single sign on?
>>
>
> You could start here: https://wiki.samba.org/index.php/User_home_drives
>
> Also, you should remove these lines:
>
>    idmap uid = 8000-99999
>    idmap gid = 8000-99999
>
> They are the old way of doing things and have been replaced by the 'idmap
> config' lines, you do not need both.
>
> If you need any more help, we are going to need a bit more info, what is
> the DC, where are the users home directories stored, what are the clients
> etc etc.
>
> Rowland
>
>
>

More information about the samba-technical mailing list