[CentOS] Network FS w/o user setup

Les Mikesell lesmikesell at gmail.com
Fri Jun 13 19:01:14 UTC 2008 

Johnny Hughes wrote:
>
> You would then need to setup "Samba Authentication" for your Linux 
> Client machines.
> 
> The best method to do that depends on your business, who you have to 
> interface with, what services you are running on the network, etc.
> 
> I run a Samba PDC (using LDAP as a backend) with Samba BDC's in several 
> remote locations.  If you do not require ADS network, then this can work 
> great as LDAP databases can be replicated from the PDC to the BDCs and 
> Linux machines can easily be setup to use LDAP for authentication.
> 
> However, if you need an ADS domain, then the LDAP method does not work 
> since Samba can not be a Domain Controller for ADS.  That would require 
> you to be a Domain "Member Server" and enable samba authentication for 
> Linux clients.

I've been able to use SMB authentication against an AD just by filling 
in the entries in system-config-authentication.  I'm not sure if  that 
requires any compatibility settings on the AD side or not - it just 
worked for me so I didn't ask questions.   The down side is that you do 
have to add the users and maintain groups on the linux side which isn't 
too difficult if they don't change a lot, just
adduser -u uid -g gid login_name
with the same values on all the boxes and copy changes to /etc/group 
around. The up side is that you can control which users have access 
separately and only have to deal with passwords for users that aren't in 
AD - and you don't have to ask permission to join the linux boxes to the 
domain.

> The methods to do that are too hard to explain on list.  Much research 
> needs to be done on samba.org docs (assuming you already understand the 
> whole Windows Domain concept and how it works on Windows).  The way that 
> you will proceed is an infrastructure decision and based your individual 
> needs and infrastructure.

Winbind can automatically create users from AD, but you have to join the 
domain and I'm not sure what you have to do to coordinate the uid 
mapping across machines so NFS shares work.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list