Domain users accessing resources
martin at mediax.com
Wed Nov 15 00:43:38 GMT 2000
I may have been asking the wrong questions and/or not providing enough
information, so I'm going to re-ask my prior questions, I hope a little
My situation is that I have a domain controlled (currently) by Windows
NT 4.0, which will eventually become an Active Directory domain. I can
keep the NT4 compatibility running on my Active Directory domain when I
do get around to converting, however.
I have a Redhat Linux 6.2 system which I've locked down to a certain
degree; The only remotely-connectable services running on the system are
proftpd, sshd, samba, and swat. Swat will probably be removed at a later
date, or at least protected via wrappers or xinetd so that it can only
be connected to from certain addresses.
The purpose of this system is for outside users to be able to FTP into
it, and upload or download files. We have some employees who work
outside of the office, and VPN is not a reasonable solution for us.
Hence, we need these users to be able to upload their files to an FTP
server, and then the files should be copyable via windows networking
once they're inside the network here.
I don't want to maintain seperate passwords for everyone on the FTP
server, as it would be a big pain in my backside. Consequently, I want
to use domain security to allow users to log in with their domain
username and password, being mapped to a unix user and/or group if
necessary, and then able to manipulate files inside the pub and incoming
directories of the FTP servers to varying degrees; All users should have
full control over all files in incoming, and write access to pub. I will
delete any files which have been present for longer than N days by
virtue of some seperate process.
Is there any way, with any combination of free software, to allow this
scenario? I have samba 2.0.7 installed, and have been playing with the
latest pam_smb module. I haven't yet been able to come up with the
results I'm looking for. A number of the options in the body of samba
documentation which indicate that they should be able to give me the
results I'm looking for either no longer exist, or do not yet exist, so
I can't use them. I don't even mind mapping all usernames to a single
username (since all users will have the same rights) if that's what it
takes; So what does it take?
More information about the samba