[Samba] Fwd: logon drive, ldap ssl = start_tls,
ssh and client/server encryption (and logon.bat permission tip)
Gerald (Jerry) Carter
jerry at samba.org
Tue Jul 26 13:05:03 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Henry wrote:
| 1. Is it ok, with roaming profiles on, to leave
| "logon drive = " empty, as this drive seems to
| be confusing users?
You probably won't get the home directory mapped
automatically for you. But you can still have this
mapped via a logon script. Test and see.
| 2. All my ldap stuff is using tls, and I just
| want to confirm that "ldap ssl = start_tls" is
| looking in /etc/ldap.conf for certificate
| locations etc.?
The StartTLS support is handled by the OpenLDAP client
libs so they will use their normal configuiration files.
I'm assuming you meant /etc/openldap/ldap.conf and not
the ldap.conf file used by teh PADL tools. Confusing as
it is, I know...
| 3. Is all traffic between Windows clients and
| the Samba server encrypted, or can this be done/how?
No, it not all encrypted. Some rpc exchanges are encrypted
via schannel communication. For complete data privacy, look
at a VPN or IPSec.
| 4. Nowhere in Samba How-To or Samba-Guide did it
| say that the logon.bat (logon script, whatever you wish
| to name it) should be permission 744, i.e. chmod
| 744 could we add this?
it just needs to be readable by the authenticated user.
This should be common sense I think.
| 5. Why do you need to ldap enable sshd via pam?
You don't. sshd has nothing to do with Samba.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC5jT/IR7qMdg1EfYRAkQbAJ43q0Cq7c1GUHqbicJkV0VL89eJgwCgqiqG
pjFAgWBe8XaNSyxZUJvjHsc=
=KWJc
-----END PGP SIGNATURE-----
More information about the samba
mailing list