[H-GEN] How to do single signon and filesharing across platforms at home?

Sarah Hollings sarah at humanfactors.uq.edu.au
Sun Sep 14 23:22:57 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Ben Fowler wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> 
> Hi All,
> 
> At home, I have PCs running Windows XP and Linux, specifically, Debian
> unstable (and maybe a Mac on the way), as client machines.  I also have
> a Sun Ultra 10 running Solaris acting as a file server.

> * File sharing
>    - Samba

No experience with NFS, use Samba for acheiving most of the (snipped) 
above.  Dunno about krb5, OTP and cards tho' - seems pretty extreme for 
home  ;-) (unless you're experimenting for real application).

>    - NFS
> * Single signon, account management
>    - Samba with NTLM authentication
>    - Samba, bleeding-edge with Active Directory support
>    - LDAP (although I don't know about Windows client support)

I've got the padl.com stuff working well for auth and nss on Linux. 
macosx comes with openldap, and its probably OK on solaris too.

There's a reasonably well documented way of using ldap to replace your 
smbpasswd file.

But doing both is tricky.

When you create samba accounts (for users or trusts, ie $machine 
accounts) sambas tools increment a record stored in ldap to keep track 
of ntuids.

samba's ldap schema doesnt include the posixAccount schema stuff you 
need for auth/nss stuff, so you either have to put hooks in or use 
someone's scripts to sync the two.

A mob called idealx have done quite a bit in the samba PDC area which 
overlaps a lot with the above.  They put out a howto, along with a lot 
of perl scripts and other useful stuff, however they seem to have gone 
commercial recently and their site has changed....

You can get their (GPL) how to from here:

http://www.dcs.shef.ac.uk/~davea/Library/samba-ldap-howto.pdf

and I'm pretty sure their scripts were GPL'ed so they may be out there 
somewhere too.


>    - NIS/NIS+
>    - Kerberos (?)
>    (using something that allows me to completely centralise accounts on
> the network would be nice)
> 
> Does the HUMBUG Collective have any hot tips on what
> software/technologies/etc I ought to be considering to set all this up? 
> Any and all ideas are welcome.

I think LDAP's probably the best for flexibility, tho there's a bit of 
hacking involved in getting it working.  You can integrate kerberos 
schema's as well if you want the extra security.  ldap v3 makes 
integrating the schema's a bit more tricky, so maybe stick with 2.2.

Rgds

Sarah


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list