[Samba] Roaming Desktops with Linux Clients

Dave Ewart davee at ceu.ox.ac.uk
Wed Apr 11 11:14:26 GMT 2007


On Wednesday, 11.04.2007 at 20:35 +0930, Daniel O'Connor wrote:

> On Wednesday 11 April 2007 19:40, Dave Ewart wrote:
> > > That combined with pam_winbind and nss_winbind should get you what
> > > you want.
> >
> > Seconded.
> >
> > We use direct LDAP authentication for the Linux workstations
> > (Windows PCs use LDAP via Samba) and pam_mount - works very nicely.
> 
> If I was using LDAP directly then I would just mount /home on each of
> the Linux machines.
> 
> IMO pam_mount is only useful if you don't trust root on the Linux
> boxes, or the master repository for files doesn't do NFS, or the home
> directories aren't available in a single directory.
> 
> (pam_mount seems more evil than using NFS like that IMO :)

Well, we clearly have different opinions here.  I don't fancy mounting
/home (via NFS) on every Linux box.  That just strikes me as the wrong
way to do it: a local machine root compromise puts the entirety of /home
at risk.  pam_mount at least ensures that you only get the home
directory for the current logged-in user remotely-mounted.

Dave.
-- 
Dave Ewart
davee at ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
Cancer Research UK / Oxford University
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7518, W 1.2016
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba/attachments/20070411/ba5c1ef4/attachment.bin


More information about the samba mailing list