winbind authentication is available through the Samba project, and with a some config-monkeying you can use that to join an AD domain. But to my knowledge there is no good way to mount Winders(TM) home folders at login, unless all of your home folders have the same path except for the username. It's been a couple of years, but IIRC pam_mount lets you specify a home folder path where the username is replaced with the name of the current user, but that's not sufficient for many schools' needs. Many districts have year-of-graduation in home folder paths. For example: \\PDC\homes\YOG07\asenior \\PDC\homes\YOG08\ajunior \\PDC\homes\YOG09\asophomore \\PDC\homes\YOG10\afreshman As I recall the situation, pam_mount doesn't have any capability of querying the AD server to directly fetch the appropriate home folder path for the current user, and that's something it should really be able to do. WRT a Linux-centric auth/files network, Samba4 is attempting to provide AD-like services for Linux servers. I haven't been following the developers' discussions or anything, but from what I hear we have no real ETA on Samba4, so I'm not making any plans around it now. In the meantime the Samba team has improved LDAP support in Samba3 (yay!), so that use of the smbldap-tools project is no longer necessary. This is a step forward, but based on what I read about it (I haven't tried it yet) it's still far too difficult/confusing for non-programmer/non-UNIX types to configure; I'm not at all comfortable telling most folks who are comfortable with an AD server to switch to Samba/LDAP on a Linux box. In the meaner meantime, I've got a config-file-munging set of Perl scripts that get Samba/LDAP running on a server. It asks the right questions and puts the right stuff in config files. It's definitely not a polished solution and I've been waiting for years now for it to become obsolete. Nevertheless, quite a few people have found it useful. It lives at http://majen.net/smbldap --matt Greg Dekoenigsberg wrote: [Mon Apr 23 2007, 04:12:14PM EDT] > On Mon, 23 Apr 2007, Matt Oquist wrote: > > >I consult for some schools and I work for a school district. > > > >I hesitated to write this as a reply to the other question, but now > >you've asked the question to which I REALLY have an answer. > > > >And the answer is... single sign on and MS Active Directory. > > > >We want to be able to join a Linux box (K12LTSP server, usually) to an > >AD network and have home directories automagically mounted correctly > >(pam_mount needs to be enhanced to query the AD server, etc.), and we > >want to be able to configure Samba/LDAP easily for non-AD > >environments. > > > >Our desired state of affairs is one username/password/homedir per > >person. If there's an AD server in place, we should be able to add the > >K12LTSP server to the AD domain and use the Windows home directories. > >If it's a new network, we should be able to create a new Samba/LDAP > >domain (answering a bare minimum of questions, with some "advanced" > >configuration options available) and be able to join Windows > >workstations to it with no hassles. > > Is any work going on here that you know of? > > --g > > -- > Greg DeKoenigsberg > Community Development Manager > Red Hat, Inc. :: 1-919-754-4255 > "To whomsoever much hath been given... > ...from him much shall be asked" > > _______________________________________________ > Fedora-education-list mailing list > Fedora-education-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-education-list -- Open Source Software Engineering Consultant http://majen.net/ _______________________________________________ Fedora-education-list mailing list Fedora-education-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-education-list
