Ted Miller wrote: > Johnny Hughes wrote: >> Ted Miller wrote: >>> Is there a file system + configuration that will let me share a >>> directory, and anyone who has access to something in that directory >>> on the server will also have access (and lack of access) to the same >>> files from the client? Clients will be Centos5, Win2K, WinXP. Server >>> is Centos5. >>> >>> To put it another way, all users have accounts on the server. I >>> don't want to have to set up ANY user information on the server, >>> other than what I set up to control local access. I just want to say >>> "Share /vmware" and have it available, to the same users who can >>> access it locally. >>> >>> With Samba I have to maintain duplicate user lists, password lists, >>> and share access lists. I have not been able to find a clear >>> instructions on how NFS4 handles this, but what I found didn't seem >>> any better than Samba. >>> >>> I don't mind implementing ACLs on the server if it will do what I >>> need, but I can't find anything that says it will save me any work >>> either. >> >> Well, since you want to set up shares ... and since you want to share >> between Windows and Linux machines, and to share for windows you will >> need to use samba. >> >> Since you can also set up linux to use a samba client, that would >> probably be the best method to "share these files" ... if you expect >> to just oepn them via a file manager on all platforms. > > Is there a way to set up samba so that it "just uses" ACL information > for permissions, instead of having to spell everything out for each > share and each user? Well ... you would need to Join the "Samba Server" to your "Windows Domain". If that domain is ADS (Active Directory Services) then it is a different procedure than if it is a WinNT type Windows Domain. Once the server is a member if the domain, the shares that are setup will work for your Windows users. You would then need to setup "Samba Authentication" for your Linux Client machines. The best method to do that depends on your business, who you have to interface with, what services you are running on the network, etc. I run a Samba PDC (using LDAP as a backend) with Samba BDC's in several remote locations. If you do not require ADS network, then this can work great as LDAP databases can be replicated from the PDC to the BDCs and Linux machines can easily be setup to use LDAP for authentication. However, if you need an ADS domain, then the LDAP method does not work since Samba can not be a Domain Controller for ADS. That would require you to be a Domain "Member Server" and enable samba authentication for Linux clients. The methods to do that are too hard to explain on list. Much research needs to be done on samba.org docs (assuming you already understand the whole Windows Domain concept and how it works on Windows). The way that you will proceed is an infrastructure decision and based your individual needs and infrastructure. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080613/ef44f196/attachment-0005.sig>