[nzlug] Maintaining owners /groups over network shares
Anton
anton.list at gmail.com
Mon May 5 21:12:29 NZST 2008
2008/5/5 Paul Lowman <paul_lowman at xtra.co.nz>:
> My question is what is the recommended way of dealing with this scenario
> such that the client machine has the same permissions as the server.
To do it properly (ie without hacks like copying around the passwd and
group files), you generally need two parts:
1) a centralised user account database - eg: Active Directory (either
with SFU3.5 or 2003 R2 posix extensions), Samba domain controllers
(with LDAP backends ideally), or possibly plain old LDAP or even NIS
(only bother if it is already there though).
and
2) NSS/PAM libraries set up on the clients and 'member' servers to
use the centralised account database - eg windbind (recommended), or
maybe pam_krb5 / nss_ldap (this does work but is more complex to set
up, and has some drawbacks) if the backend is either AD or native
Kerberos/LDAP.
It's all fairly involved, and takes a bit of reading (and rereading)
through the Samba doc before it sinks in and all the different options
make sense. The main factor in choosing between the various solutions
is whether or not you are on an Active Directory network or not.
some docs:
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
--
Cheers
Anton
More information about the NZLUG
mailing list