[CentOS] Network FS w/o user setup

Fri Jun 13 15:04:22 UTC 2008
Johnny Hughes <johnny at centos.org>

Ted Miller wrote:
> Johnny Hughes wrote:
>> Ted Miller wrote:
>>> Is there a file system + configuration that will let me share a 
>>> directory, and anyone who has access to something in that directory 
>>> on the server will also have access (and lack of access) to the same 
>>> files from the client? Clients will be Centos5, Win2K, WinXP.  Server 
>>> is Centos5.
>>>
>>> To put it another way, all users have accounts on the server.  I 
>>> don't want to have to set up ANY user information on the server, 
>>> other than what I set up to control local access.  I just want to say 
>>> "Share /vmware" and have it available, to the same users who can 
>>> access it locally.
>>>
>>> With Samba I have to maintain duplicate user lists, password lists, 
>>> and share access lists.  I have not been able to find a clear 
>>> instructions on how NFS4 handles this, but what I found didn't seem 
>>> any better than Samba.
>>>
>>> I don't mind implementing ACLs on the server if it will do what I 
>>> need, but I can't find anything that says it will save me any work 
>>> either.
>>
>> Well, since you want to set up shares ... and since you want to share 
>> between Windows and Linux machines, and to share for windows you will 
>> need to use samba.
>>
>> Since you can also set up linux to use a samba client, that would 
>> probably be the best method to "share these files" ... if you expect 
>> to just oepn them via a file manager on all platforms.
> 
> Is there a way to set up samba so that it "just uses" ACL information 
> for permissions, instead of having to spell everything out for each 
> share and each user?

Well ... you would need to Join the "Samba Server" to your "Windows 
Domain".  If that domain is ADS (Active Directory Services) then it is a 
different procedure than if it is a WinNT type Windows Domain.

Once the server is a member if the domain, the shares that are setup 
will work for your Windows users.

You would then need to setup "Samba Authentication" for your Linux 
Client machines.

The best method to do that depends on your business, who you have to 
interface with, what services you are running on the network, etc.

I run a Samba PDC (using LDAP as a backend) with Samba BDC's in several 
remote locations.  If you do not require ADS network, then this can work 
great as LDAP databases can be replicated from the PDC to the BDCs and 
Linux machines can easily be setup to use LDAP for authentication.

However, if you need an ADS domain, then the LDAP method does not work 
since Samba can not be a Domain Controller for ADS.  That would require 
you to be a Domain "Member Server" and enable samba authentication for 
Linux clients.

The methods to do that are too hard to explain on list.  Much research 
needs to be done on samba.org docs (assuming you already understand the 
whole Windows Domain concept and how it works on Windows).  The way that 
you will proceed is an infrastructure decision and based your individual 
needs and infrastructure.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080613/ef44f196/attachment-0005.sig>