Re: More questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



winbind authentication is available through the Samba project, and
with a some config-monkeying you can use that to join an AD domain.
But to my knowledge there is no good way to mount Winders(TM) home
folders at login, unless all of your home folders have the same path
except for the username. It's been a couple of years, but IIRC
pam_mount lets you specify a home folder path where the username is
replaced with the name of the current user, but that's not sufficient
for many schools' needs. Many districts have year-of-graduation in
home folder paths. For example:

\\PDC\homes\YOG07\asenior
\\PDC\homes\YOG08\ajunior
\\PDC\homes\YOG09\asophomore
\\PDC\homes\YOG10\afreshman

As I recall the situation, pam_mount doesn't have any capability of
querying the AD server to directly fetch the appropriate home folder
path for the current user, and that's something it should really be
able to do.

WRT a Linux-centric auth/files network, Samba4 is attempting to
provide AD-like services for Linux servers. I haven't been following
the developers' discussions or anything, but from what I hear we have
no real ETA on Samba4, so I'm not making any plans around it now.

In the meantime the Samba team has improved LDAP support in Samba3
(yay!), so that use of the smbldap-tools project is no longer
necessary. This is a step forward, but based on what I read about it
(I haven't tried it yet) it's still far too difficult/confusing for
non-programmer/non-UNIX types to configure; I'm not at all comfortable
telling most folks who are comfortable with an AD server to switch to
Samba/LDAP on a Linux box.

In the meaner meantime, I've got a config-file-munging set of Perl
scripts that get Samba/LDAP running on a server. It asks the right
questions and puts the right stuff in config files. It's definitely
not a polished solution and I've been waiting for years now for it to
become obsolete. Nevertheless, quite a few people have found it
useful. It lives at http://majen.net/smbldap

--matt

Greg Dekoenigsberg wrote:    [Mon Apr 23 2007, 04:12:14PM EDT]
> On Mon, 23 Apr 2007, Matt Oquist wrote:
> 
> >I consult for some schools and I work for a school district.
> >
> >I hesitated to write this as a reply to the other question, but now
> >you've asked the question to which I REALLY have an answer.
> >
> >And the answer is... single sign on and MS Active Directory.
> >
> >We want to be able to join a Linux box (K12LTSP server, usually) to an
> >AD network and have home directories automagically mounted correctly
> >(pam_mount needs to be enhanced to query the AD server, etc.), and we
> >want to be able to configure Samba/LDAP easily for non-AD
> >environments.
> >
> >Our desired state of affairs is one username/password/homedir per
> >person. If there's an AD server in place, we should be able to add the
> >K12LTSP server to the AD domain and use the Windows home directories.
> >If it's a new network, we should be able to create a new Samba/LDAP
> >domain (answering a bare minimum of questions, with some "advanced"
> >configuration options available) and be able to join Windows
> >workstations to it with no hassles.
> 
> Is any work going on here that you know of?
> 
> --g
> 
> -- 
> Greg DeKoenigsberg
> Community Development Manager
> Red Hat, Inc. :: 1-919-754-4255
> "To whomsoever much hath been given...
> ...from him much shall be asked"
> 
> _______________________________________________
> Fedora-education-list mailing list
> Fedora-education-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-education-list
--
Open Source Software Engineering Consultant
http://majen.net/

_______________________________________________
Fedora-education-list mailing list
Fedora-education-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-education-list

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

  Powered by Linux