[oth-Tech] Sharing Authentication between Windows and Linux
Joshua Pollak
pardsbane at offthehill.org
Thu Feb 26 16:35:00 EST 2004
On Feb 26, 2004, at 4:12 PM, Dan Barrett wrote:
> Samba can become part of a domain:
> http://us1.samba.org/samba/docs/man/domain-member.html
Thats not exactly what we want... We would want Samba to BE the PDC
(which I know it can do), while authenticating via NIS.
> ... and samba can authenticate via NIS:
> http://lists.samba.org/archive/samba-ntdom/1999-August/005965.html
Hum, that might be helpful.
> Couldn't you just make the filesystem available _both_ via NFS and
> Samba? So,
> if you're a UNIX client you'd go through NFS and authenticate via NIS,
> ignoring SMB. If you're a Windows client, you'd go through Samba,
> which
> would in turn authenticate against your PDC.
The trouble is that NFS file permissions are maintained by NIS, and SMB
file permissions are maintained by the PDC. The Snapserver looks to NIS
for NFS permissions, and to the PDC for SMB permissions, even for
shares that are accessible via both protocols.
If you locked a user out of a directory via the PDC, they could use
their Unix account via NFS, and still modify the files, since the
authentication is done via NIS. The goal is so solve this by unifying
the NIS and PDC into one database.
I noticed SuSe Server 8 can be a PDC. Can it also be an NIS server
using the same database?
--
Bush/Cheney '04:
Compassionate Colonialism.
More information about the Discuss
mailing list