Hello Buchan,
First of all I'd like to thank you for your quick and usefull answer, as
often. I apologize for not been able to do the same, but I currently have
more than a lot of work.. :-(
> Be aware that NFS is currently the best generic (ie exlucing AFS and Coda)
> unix-to-unix file sharing system available, and NFSv4 should probably
> provide for the only reasons you would want to use smb over NFS.
I definitly agree, but on small networks I thought it wouldn't have a huge
impact to only use smb, and it would have make things easier to just have one
single network protocol (with one single auth method).
> At present it is not possible to run GNOME or KDE on a SMB/CIFS-mounted
> home directory, even with a samba server running on a unix machine with
> unix extensions available (or at least it was last time I tested which was
> just before cifs went into the Mandrake kernel).
You're also right when saying that you can't make KDE running with a home
folder on smb (I didn't test with Gnome).
I didn't notice it because I'm still old fashion (I've just learn that there
was someting higher than '$ init 3' ;-) ). It's probably The Reason why my
idea was stupid.
I'v made some tests with lastest CIF : the problem come from symbolic links,
and more exactly with absolute path symbolic links. There are ways to handle
absolute symlinks on server side (symlink.translations), but in all cases
result must point to a destination within the share to which the client is
connected ... so not good for KDE symlinks ...
> Are you using group mapping? If so, is it working (I have problems using
> the Windows User Manager for Domains under certain circumstances, but I
> have a bug open on it ...).
>
Yes/No. I've mapped my groups to well known ones. I've found "a lot" of
tutorials on Web explaining how to migrate passwd files or a NT4 system to
ldap, but none to build a new one from scratch. I've been a bit lost in the
black magic of some smbldap tools handling rid/gid :
(...)
For Samba users, rid is 2*uidNumber+1000, and primaryGroupID
to create a sambaDomainName administrator (admin rid is 0x1F4 = 500 and
grouprid is 0x200 = 512)
(...)
I've found some explanations at
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q243/3/30.ASP&NoWebContent=1
On my small network there is only two groups : domain users and domain
admins...
I currently don't have any WinXP professionnal box, I'll do more test asap.
I'm going to try to make a kind of DirectoryAdministrator, but based on Qt and
with a tigher KDE integration ... if I have I have time. I've yet build this
week-end a C++ layer over libldap, it's a first draft but I can list/search
throug an ldap server and modify objects attribute ;-). Now I have to learn
the gui part of Qt to make a (usefull) fronted, and to find time ... which
could take some time ... :-(
BTW, smbldap-useradd3.pl is trying to invoke smbldap-passwd.pl (line 360)
instead of smbldap-passwd3.pl, which prevent the -P option to work as
expected (I'm using pre1.2mdk).
> > The last pam_mount version is the 9.4, I'll compile it and see if things
> > are going to another way.
Again wrong, the lastest version is 0.9.6, and it don't change anything.
> Some comments:
> 1)I don't think it is useful putting pam_mount in system-auth, since I
> don't see any value having your smb share mounted when you read your mail
> via an IMAP on such a machine, or when you connect to a samba printer (if
> you use 'obey pam restrictions = yes') etc. Also, I have had some problems
> using pam_mount in system-auth (maybe it doesn't work too well with
> pam_stack) in the past.
I only use pam_mount is on clients, so there are no problems whith server
auth, and for imap it depends on where are your mail dirs...
pam_mount now function correctly, with the differents remarks I made on its
position in the stack.
> BTW, IMHO there is only (currently) one scenario where smbfs/cifs would be
> a good idea for sharing home directories (if symlinks worked correctly)
I gess we still have to use nfs ... symlinks are working correctly, as long as
targets remain on file server. Not really usefull for Unix workstations.
> IMHO, the best method (currently) to manage file sharing between unix
> machines in a network is with autofs (specifically automount maps in
> LDAP).
I'm going to try this instead, seems great, especially with LDAP mapping.
> Regards,
> Buchan
Thanks for your time,
Sébastien.
