[Samba] SMBFS, automounting and NFS

Ryan McConigley ryan at csse.uwa.edu.au
Fri Jun 13 02:36:04 GMT 2003 

	Hi all, I have a question which we think has probably been asked before, 
but I can't find any solutions.  Bofore I get to the details, I'll give 
some background.

	I work at a university and we have a bundle of undergraduate and 
postgraduate students.  Our computer system is currently divided roughly 
into a windows (XP) system and a linux (Redhat 8.0) system.  The linux 
servers have samba installed on them so if students need to access their 
linux home area they can mount it up as a windows share.

	That works well.  Or at least it did.

	Now more students are coming in with laptops, the postgraduate research is 
moving off in different directions and more and more people are having root 
access on their own machines.  We use to NFS share the top level home 
directories to IP ranges.  ie) /home/students could be mountable by any 
192.168.100.0/255.255.255.0 machine.

	Not good, but a lot easier to maintain in an environment where any student 
can use any machine.

	Like I said, this wasn't a problem while we could guarentee the security 
of a machine, but now students are bringing machines in and other people 
are getting root access, so there is nothing stopping someone from logging 
in as root on their machine, typing "su - fred" and having access to all of 
the files in fred's home directory.

	So we're looking at ways to stop this from happening.  NFSv4 with kerboros 
authentication sounds good, but its still in development.  Some people have 
said they have done it with iptables, NAT, redirection and other things, 
but details are sketchy at best and it appears to be really complicated.

	I've been looking at smbfs to try and solve it.  I've got a server which 
is set up to export out the home areas of users.  That works well, I've got 
it so the user provides a username and password and if valid, it mounts.

	However, I would like this to happen automatically.  The user provides a 
username and password, that gets validated, their home directory is mounted 
and they log in, so all their "." files are parsed correctly.

	Does anyone know if this can be done with samba or have any pointers for 
things to try?  Alternatively, feel free to suggest other things for us to try.

	Cheers,
		Ryan.
--
           Ryan McConigley - Systems Administrator                  _.-,
      Computer Science   University of Western Australia        .--'  '-._
        Tel: (+61 8) 9380 7082 - Fax: (+61 8) 9380 1089       _/`-  _      '.
Email: Ryan at cs.uwa.edu.au - http://www.cs.uwa.edu.au/~ryan  '----'._`.----. \
                                                                      `     \;
  "You're just jealous because the voices are talking to me"                ;_\

More information about the samba mailing list