Admin of users from NT
Roeland M.J. Meyer
rmeyer at mhsc.com
Mon Oct 13 10:29:04 GMT 1997
At 05:17 PM 10/12/97 +1000, Dave Wreski wrote:
>Hi all. I'm running 1.9.17p1 on two Linux boxes, each having three shares
>available to a group of NT 3.51 and 4.0 workstation SP3/5 boxes. Also one
>of the NT boxes is sharing a printer and three local shares. There is no
>NT server available on the network.
>My user's have some unexpected complaints that I hoped someone could help
>1. Three shares per machine is becomming too many to manage. The users
>get confused as to which drive letter goes to which machine/share. Is
>there a better way to define how the drives and shares are layed out, so
>its easier from a user perspective?
This is a management problem which will also occur on a WinNTserver setup.
Although you can arrange it any way you want, there are some practices that
can make it easier. One of them is a common files system approach. I use
this myself. For a small number of servers, it is quite convenient,
provided that the LAN isn't too crowded.
I use NFS to create a common files system between two of my Linux servers.
On each server, the directory structure looks identical.I have two home
directories, one for STAFF and another for USERS. Using NFS, and a series
of sym-links, both home branches appear as if they were on the same
machine. They are not. Each one is on a different machine. Now recall that
Samba will share out an NFS mounted file system. Both machines share out
the same [homes] directories, except that the STAFF directories will only
share RW from the STAFF machine.
On the client-side, I permanently mount U:\ as the users home directory.
All their user-specific stuff is there. Users do not use local storage for
their workspace. For my accounting staff, I have a LEDGERS directory which
is forced to an accounting uuid and gid. Of course, I have controls on who
can mount that share. I then tell them that U: is for USER and L: is for
LEDGERS. Most of my users do not know how to mount and dis-mount shares,
although some are learning. Windows applications are loaded locally for
each WinNTworkstation, this is why there is no local storage available,
it's filled with MS-bloatware. Besides, it also makes back-ups easier. The
performance hit is minimal, on a 100baseTX FDX LAN, since the LAN is almost
as fast as the server's hard-drives.
I also have workgroup directories mounted under W:\, for Working Group, and
mount the appropriate share for the users primary gid at that location.
I've assigned P:\ as a corporate public share and F:\ as the FTP area,
assigning the appropriate directory from the NFS space..
>3. Is there a way to manage the list of users that are on each machine,
>rather than modifying the Linux box directly? Is it possible to have a
>common place to store the list of users that will be using the shares? In
>other words, the user has to log into his local machine, then use the
>filemanage to connect to the share, and also specify the username that he
>will be connecting as. It then prompts him for a passwd.
>How can I have the user simply log into the local NT box, and
>automagically be allowed to connect to the remote linux shares, and not
>have to specify a password?
This one is more difficult. I ran into some severe security bugs, with
WinNTws40SP3 and require users passwords on login. I don't have the time to
explain it, but this is a more secure approach, especially if any of your
machines are shared among multiple users, which some of mine are.
>I tried working with the netlogon scripts, but I could not get it working.
>Is this the proper method to define drive mappings when the user logs in?
>Would I be better off creating a login script for each user on the local
>machines, that defines which shares the user can connect to, and which
>drive it maps to? Possibly someone could provide an example?
I set it up once, for each user, and they're permanently connected at
>3. Continuing with the last question, is it possible to have a central
>machine that contains all usernames? It seems one user can log in to
>different machines in the office, so I must provide login IDs for each
>user at each of the 15 or so machines.. This is very time consuming, and
>passwords need to be changed at each station. Is this the purpose of NT
I don't have this problem, but I recommend looking into setting up a
WinNTws40 box as a password-server.
>4. Does anyone have any experience with Apache and samba? It seems the
>users are having problems using Composer, and 'Publishing' the documents
>to the web server. I don't have all the details at this point, but I
>hoped someone might know of a refernce to find more information on this
I use all of them myself [Apache/Samba/Composer]. Composer has a real
problem. It wants to turn extra dot into underscores. I have html files
called "about.mhsc.html" and Composer wants to turn them into
"about_mhsc.html". I have to delete the old file and rename the update
everytime I edit an html file <Grrrr>.No, Apache has no problems reaching
across an NFS mouinted file system to get its files.
Roeland M.J. Meyer, ISOC (InterNIC RM993)
e-mail: mailto:rmeyer at mhsc.com
Personalweb pages: http://www.mhsc.com/~rmeyer
Company web-site: http://www.mhsc.com/
"The FBI doesn't want to read encrypted documents,
they want to read YOUR encrypted documents."
More information about the samba