[Samba] SMBFS, automounting and NFS
Ryan McConigley
ryan at csse.uwa.edu.au
Fri Jun 13 02:36:04 GMT 2003
Hi all, I have a question which we think has probably been asked before,
but I can't find any solutions. Bofore I get to the details, I'll give
some background.
I work at a university and we have a bundle of undergraduate and
postgraduate students. Our computer system is currently divided roughly
into a windows (XP) system and a linux (Redhat 8.0) system. The linux
servers have samba installed on them so if students need to access their
linux home area they can mount it up as a windows share.
That works well. Or at least it did.
Now more students are coming in with laptops, the postgraduate research is
moving off in different directions and more and more people are having root
access on their own machines. We use to NFS share the top level home
directories to IP ranges. ie) /home/students could be mountable by any
192.168.100.0/255.255.255.0 machine.
Not good, but a lot easier to maintain in an environment where any student
can use any machine.
Like I said, this wasn't a problem while we could guarentee the security
of a machine, but now students are bringing machines in and other people
are getting root access, so there is nothing stopping someone from logging
in as root on their machine, typing "su - fred" and having access to all of
the files in fred's home directory.
So we're looking at ways to stop this from happening. NFSv4 with kerboros
authentication sounds good, but its still in development. Some people have
said they have done it with iptables, NAT, redirection and other things,
but details are sketchy at best and it appears to be really complicated.
I've been looking at smbfs to try and solve it. I've got a server which
is set up to export out the home areas of users. That works well, I've got
it so the user provides a username and password and if valid, it mounts.
However, I would like this to happen automatically. The user provides a
username and password, that gets validated, their home directory is mounted
and they log in, so all their "." files are parsed correctly.
Does anyone know if this can be done with samba or have any pointers for
things to try? Alternatively, feel free to suggest other things for us to try.
Cheers,
Ryan.
--
Ryan McConigley - Systems Administrator _.-,
Computer Science University of Western Australia .--' '-._
Tel: (+61 8) 9380 7082 - Fax: (+61 8) 9380 1089 _/`- _ '.
Email: Ryan at cs.uwa.edu.au - http://www.cs.uwa.edu.au/~ryan '----'._`.----. \
` \;
"You're just jealous because the voices are talking to me" ;_\
More information about the samba
mailing list