[Samba] samba domain vs linux network security

[Derek Harkness]

We use AFS/Kerberos/LDAP to provide home directories to our Linux/ 
Unix/OSX users, our Windows users connect into our Samba domain.   
Samba has pretty good AFS support for gatewaying SMB <-> AFS  
requests, at a minor weakening of filesystem security.  I'm hoping  
Samba4 will allow me to use Kerberos all the way through.  The  
biggest downside to the AFS/Kerberos/LDAP/Samba setup is complexity,   
each service is a pain to setup by itself, getting them working  
together nearly involved human sacrifice.  But the system has been  
working for about a year with 99.99% uptime.

A big thanks to all the Samba developers!
Derek

On Nov 10, 2005, at 8:27 AM, mourik jan c heupink wrote:

>
>> You have several options.  First, there are steps that you can  
>> take to
>> improve NFS security somewhat, such as restricting it to  
>> particular IP
>> addresses (although IP addresses can be spoofed).  Second, you can  
>> use
>> NFSv4, which supports proper authentication.  Third, you can use an
>> alternative means of sharing drives to Linux.  I've actually been
>> using SMB to access my Linux server's drives from my Linux client, to
>> avoid setting up a separate file-sharing service.  Several other
>> options exist - including SSHFS (for more of a quick-and-dirty
>> approach), AFS, and Coda, but I don't have experience with any of
>> them.
>>
> Thanks very much for the feedback.
>
> since nfs4 is NOT included in sles9 (apparently because it's acl  
> code is not yet stable..?)  I will take look at the two  
> alternatives you mention.
>
> The feedback was very much appreciated.
>
> Mourik Jan
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba