Hi all, I have a question which we think has probably been asked before, but I can't find any solutions. Bofore I get to the details, I'll give some background.
I work at a university and we have a bundle of undergraduate and postgraduate students. Our computer system is currently divided roughly into a windows (XP) system and a linux (Redhat 8.0) system. The linux servers have samba installed on them so if students need to access their linux home area they can mount it up as a windows share.
That works well. Or at least it did.
Now more students are coming in with laptops, the postgraduate research is moving off in different directions and more and more people are having root access on their own machines. We use to NFS share the top level home directories to IP ranges. ie) /home/students could be mountable by any 192.168.100.0/255.255.255.0 machine.
Not good, but a lot easier to maintain in an environment where any student can use any machine.
Like I said, this wasn't a problem while we could guarentee the security of a machine, but now students are bringing machines in and other people are getting root access, so there is nothing stopping someone from logging in as root on their machine, typing "su - fred" and having access to all of the files in fred's home directory.
So we're looking at ways to stop this from happening. NFSv4 with kerboros authentication sounds good, but its still in development. Some people have said they have done it with iptables, NAT, redirection and other things, but details are sketchy at best and it appears to be really complicated.
I've been looking at smbfs to try and solve it. I've got a server which is set up to export out the home areas of users. That works well, I've got it so the user provides a username and password and if valid, it mounts.
However, I would like this to happen automatically. The user provides a username and password, that gets validated, their home directory is mounted and they log in, so all their "." files are parsed correctly.
Does anyone know if this can be done with samba or have any pointers for things to try? Alternatively, feel free to suggest other things for us to try.
Cheers,
Ryan.
--
Ryan McConigley - Systems Administrator _.-,
Computer Science University of Western Australia .--' '-._
Tel: (+61 8) 9380 7082 - Fax: (+61 8) 9380 1089 _/`- _ '.
Email: [EMAIL PROTECTED] - http://www.cs.uwa.edu.au/~ryan '----'._`.----. \
` \;
"You're just jealous because the voices are talking to me" ;_\-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
