[Samba] Fwd: logon drive, ldap ssl = start_tls, ssh and client/server encryption (and logon.bat permission tip)

Gerald (Jerry) Carter jerry at samba.org
Tue Jul 26 13:05:03 GMT 2005

Hash: SHA1

Paul Henry wrote:

| 1. Is it ok, with roaming profiles on, to leave
| "logon drive = " empty, as this drive seems to
| be confusing users?

You probably won't get the home directory mapped
automatically for you.  But you can still have this
mapped via a logon script.  Test and see.

| 2. All my ldap stuff is using tls, and I just
| want to confirm that "ldap ssl = start_tls" is
| looking in /etc/ldap.conf for certificate
| locations etc.?

The StartTLS support is handled by the OpenLDAP client
libs so they will use their normal configuiration files.
I'm assuming you meant /etc/openldap/ldap.conf and not
the ldap.conf file used by teh PADL tools.  Confusing as
it is, I know...

| 3. Is all traffic between Windows clients and
| the Samba server encrypted, or can this be done/how?

No, it not all encrypted.  Some rpc exchanges are encrypted
via schannel communication.  For complete data privacy, look
at a VPN or IPSec.

| 4. Nowhere in Samba How-To or Samba-Guide did it
| say that the logon.bat (logon script, whatever you wish
| to name it) should be permission 744, i.e. chmod
| 744 could we add this?

it just needs to be readable by the authenticated user.
This should be common sense I think.

| 5. Why do you need to ldap enable sshd via pam?

You don't.  sshd has nothing to do with Samba.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list