You are not logged in.
Hello guys,
I've got following issue and I think that someone could have been facing it in the past.
SETUP:
I've got few workstations (Ubuntu/BSD/OSX/...) and a server that runs LDAP.
We'd like to configure all of it in a way, that if a user logs in using workstation, he will have his $HOME mounted from the server.
I've tried NFS + AutoFS tandem but since all users have root access to all of the workstations using:
# su - user1gives access to the files of a user1 by any other user.
QUESTION:
There is an idea to install Samba and integrating it with LDAP and mounting $HOME directories using - for example - pam-mount.
There is a drawback though - SMB does not allow using special files resulting with not being able to use KDE/GNOME (and probably other WM's).
Another idea is to use Samba only for authentication purposes, but I don't know if that's possible at all.
Anyone of you guys had faced that problem? If so, how did he managed to make it to work?
Thanks in advance for your reply.
Offline
On the server running NFS, you could play with the squash parameters in /etc/exports (see man exports).
There's a parameter "root_squash" which will map all requests from uid/gid 0 (root user) to the guest account. Another parameter is "all_squash", which will map the requests of EVERY USER to the guest account. You then can use the "anonuid" and "anongid" to specify which guest account stuff should be squashed to. Look at the following example:
/etc/exports:
/home workstation1(rw,subtree_check,sync,all_squash,anonuid=1001,anongid=1001) workstation2(rw,subtree_check,sync,all_squash,anonuid=1002,anongid=1002) workstation3(rw,subtree_check,sync,all_squash,anonuid=1003,anongid=1003)
Assume that workstation1, workstation2 and workstation3 are your clients, you could use the client's IP-addresses instead if you wish. I assume that your server has a /home directory, with in it 3 user folders: dave, gerald and roy. The owners and groups of those user folders are respectively dave for /home/dave, gerald for /home/gerald and roy for /home/roy. Assume that those users exist in the passwd file on your server, user dave with uid 1001, user gerald with uid 1002 and user roy with uid 1003.
With the /etc/exports example from above, you make sure that workstation 1 with user dave can mount /home, where all requests are processed as if they were from the user with uid 1001 and gid 1001, what would be the user dave. The same for the users gerald on workstation 2 and roy on workstation 3.
There's one downside: you have to specify each client you want to be able to mount /home in /etc/exports and specify the uid and gid to which the requests from that client should be mapped to.
Last edited by jealma (2009-02-25 20:30:44)
Offline
Or you could authenticate with Kerberos:
http://www.freesoftwaremagazine.com/sea … e/kerberos
Zl.
Offline
Jealma,
Thanks for your response.
We're thinking about a solution more user-specific instead of host-specific (host==workstation) as users might use different workstations in the office (or even laptops at later stage).
I was thinking about using a different approach - like SSHFS or AFS or whatever else....
SSHFS wants password or password-less keys - with high number of users might be not an optimal solution.
AFS - I don't know if there are any special problems with that... despite the fact that it's experimental.
Offline