RE: [CentOS] NFS issue
James A. Peltier wrote: > > Peter Arremann wrote: > > On Monday 24 September 2007, Steven Haigh wrote: > > > >> Quoting Dan <[EMAIL PROTECTED]>: > >> NFS uses the user ID of the user (UID) for permissions. > You will need > >> to have the correct permissions on each system, and the correct > >> username associated with the same UID on each machine. > >> > >> If you are running multiple systems, I would suggest > looking into NIS. > >> This will allow you to create the accounts in NIS and have them use > >> the same details on each machine. > >> > > > > Good answer but I can't agree on the NIS part.. NIS is > plain text over the > > network and is deprecated for a long time. Sun is talking > about dropping > > support, HP the same and even in the Linux camp there is > some talk about > > taking NIS support out of the standard distributions. > > Add to that the fact that ldap is becoming easier and > easier to set up, you > > should probably look that way... > > > > Peter. > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > There are many alternatives to NIS that are more secure, > Kerberos, LDAP, > 411, etc that you should investigate. RHEL 5 includes RedHat > Directory > Server (IIRC) which makes it easy to setup a LDAP server and > administer it. Kerberos only does authentication and not authorization, so it only provides 1/2 (or 1/3) of the AAA puzzle. You still need some authorization service such as LDAP or NIS or 411 to provide the authorization information and it is not secure to house or provide authentication information in NIS or LDAP or 411, though a lot of people use LDAP to house Heimdal Kerberos secrets it is not considered a fully secure implementation. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS issue
Peter Arremann wrote: On Monday 24 September 2007, Steven Haigh wrote: Quoting Dan <[EMAIL PROTECTED]>: NFS uses the user ID of the user (UID) for permissions. You will need to have the correct permissions on each system, and the correct username associated with the same UID on each machine. If you are running multiple systems, I would suggest looking into NIS. This will allow you to create the accounts in NIS and have them use the same details on each machine. Good answer but I can't agree on the NIS part.. NIS is plain text over the network and is deprecated for a long time. Sun is talking about dropping support, HP the same and even in the Linux camp there is some talk about taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and easier to set up, you should probably look that way... Peter. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos There are many alternatives to NIS that are more secure, Kerberos, LDAP, 411, etc that you should investigate. RHEL 5 includes RedHat Directory Server (IIRC) which makes it easy to setup a LDAP server and administer it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS issue
Thanks for all the suggestions! As this is for a simple home rollout ldap and NIS are a little over the top. If it were a big picture item I would definitely choose ldap. I found in order for this to work I had to cp the /etc/passwd and /etc/group to the local machine that is connecting to the NFS server share. Again thanks for all the info! Dan On 9/25/07, Ross S. W. Walker <[EMAIL PROTECTED]> wrote: > > Peter Arremann wrote: > > > > On Monday 24 September 2007, Steven Haigh wrote: > > > Quoting Dan <[EMAIL PROTECTED]>: > > > NFS uses the user ID of the user (UID) for permissions. You > > will need > > > to have the correct permissions on each system, and the correct > > > username associated with the same UID on each machine. > > > > > > If you are running multiple systems, I would suggest > > looking into NIS. > > > This will allow you to create the accounts in NIS and have them use > > > the same details on each machine. > > > > Good answer but I can't agree on the NIS part.. NIS is plain > > text over the > > network and is deprecated for a long time. Sun is talking > > about dropping > > support, HP the same and even in the Linux camp there is some > > talk about > > taking NIS support out of the standard distributions. > > Add to that the fact that ldap is becoming easier and easier > > to set up, you > > should probably look that way... > > NIS doesn't have to contain passwords, you can use Kerberos for > authentication and still use NIS for user information, if you are > worried about user names and uids going across in the clear you can > use NIS+ and TLS. > > Improperly secured LDAP can have the same security issues as NIS. > > I would use whichever method works best for you, NIS or LDAP. You will > find that a lot of the LDAP implementations are highly customized to > each site, so figuring out what to use and what not to use can be a > challenge, while NIS is pretty much standardized. > > I would use Kerberos for passwords though irrespective of the choice > to use LDAP or NIS. > > -Ross > > __ > This e-mail, and any attachments thereto, is intended only for use by > the addressee(s) named herein and may contain legally privileged > and/or confidential information. If you are not the intended recipient > of this e-mail, you are hereby notified that any dissemination, > distribution or copying of this e-mail, and any attachments thereto, > is strictly prohibited. If you have received this e-mail in error, > please immediately notify the sender and permanently delete the > original and any copy or printout thereof. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] NFS issue
Peter Arremann wrote: > > On Monday 24 September 2007, Steven Haigh wrote: > > Quoting Dan <[EMAIL PROTECTED]>: > > NFS uses the user ID of the user (UID) for permissions. You > will need > > to have the correct permissions on each system, and the correct > > username associated with the same UID on each machine. > > > > If you are running multiple systems, I would suggest > looking into NIS. > > This will allow you to create the accounts in NIS and have them use > > the same details on each machine. > > Good answer but I can't agree on the NIS part.. NIS is plain > text over the > network and is deprecated for a long time. Sun is talking > about dropping > support, HP the same and even in the Linux camp there is some > talk about > taking NIS support out of the standard distributions. > Add to that the fact that ldap is becoming easier and easier > to set up, you > should probably look that way... NIS doesn't have to contain passwords, you can use Kerberos for authentication and still use NIS for user information, if you are worried about user names and uids going across in the clear you can use NIS+ and TLS. Improperly secured LDAP can have the same security issues as NIS. I would use whichever method works best for you, NIS or LDAP. You will find that a lot of the LDAP implementations are highly customized to each site, so figuring out what to use and what not to use can be a challenge, while NIS is pretty much standardized. I would use Kerberos for passwords though irrespective of the choice to use LDAP or NIS. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS issue
> Good answer but I can't agree on the NIS part.. NIS is plain text over the > network and is deprecated for a long time. Sun is talking about dropping > support, HP the same and even in the Linux camp there is some talk about > taking NIS support out of the standard distributions. > Add to that the fact that ldap is becoming easier and easier to set up, you > should probably look that way... > > Peter. I could not agree more.NIS must die.Use LDAP.There is no reason to use NIS or NIS+ in the enterprise.Google will provide plently of good result to integrate NFS with OpenLDAP and automount. Joy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS issue
On Monday 24 September 2007, Steven Haigh wrote: > Quoting Dan <[EMAIL PROTECTED]>: > NFS uses the user ID of the user (UID) for permissions. You will need > to have the correct permissions on each system, and the correct > username associated with the same UID on each machine. > > If you are running multiple systems, I would suggest looking into NIS. > This will allow you to create the accounts in NIS and have them use > the same details on each machine. Good answer but I can't agree on the NIS part.. NIS is plain text over the network and is deprecated for a long time. Sun is talking about dropping support, HP the same and even in the Linux camp there is some talk about taking NIS support out of the standard distributions. Add to that the fact that ldap is becoming easier and easier to set up, you should probably look that way... Peter. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS issue
Quoting Dan <[EMAIL PROTECTED]>: But when I try to login as that user I got the dreaded: "User's $HOME/.dmrc file is being ignored. This prevents the default sessionand languages from being saved. File should be owned by user and have 644 Permissions. User's $HOME directory must be owned by user and not writable by other users." So I looked into the permissions and this is what I see serverside: [EMAIL PROTECTED] ~]# ls -al /home total 64 drwxr-xr-x 8 rootroot4096 Sep 15 23:13 . drwxr-xr-x 24 rootroot4096 Sep 22 17:45 .. drwx-- 27 ainsley ainsley 4096 Sep 23 19:13 ainsley drwx-- 31 Dan Dan 4096 Sep 24 21:42 Dan drwx-- 27 darren darren 4096 Sep 23 18:17 darren drwx-- 33 devin devin 4096 Sep 24 07:28 devin drwx-- 22 kristi kristi 4096 Sep 24 21:35 kristi drwx-- 21 landen landen 4096 Sep 24 21:14 landen BUT when I look at the /mnt/home listing I see a completely different set of permissions: drwxr-xr-x 8 rootroot4096 Sep 15 23:13 . drwxr-xr-x 24 rootroot4096 Sep 22 17:45 .. drwx-- 27 devin devin 4096 Sep 23 19:13 ainsley drwx-- 31 Dan Dan 4096 Sep 24 21:42 Dan drwx-- 27 kristi kristi 4096 Sep 23 18:17 darren drwx-- 33 503 503 4096 Sep 24 07:28 devin drwx-- 22 504 504 4096 Sep 24 21:35 kristi drwx-- 21 505 505 4096 Sep 24 21:14 landen the ones in bold are definately wrong, and I have no idea how they are being set. unless it is because they are not accounts on the test machine yet but then neither is the "landen" account and that one has the correct permissions sort of the user numbers are correct for the user names by the way. NFS uses the user ID of the user (UID) for permissions. You will need to have the correct permissions on each system, and the correct username associated with the same UID on each machine. If you are running multiple systems, I would suggest looking into NIS. This will allow you to create the accounts in NIS and have them use the same details on each machine. -- Steven Haigh Email: [EMAIL PROTECTED] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos