PAOLACCI S�bastien wrote: > Hello Buchan, > > First of all I'd like to thank you for your quick and usefull answer, as > often. I apologize for not been able to do the same, but I currently have > more than a lot of work.. :-( > > >>Be aware that NFS is currently the best generic (ie exlucing AFS and Coda) >>unix-to-unix file sharing system available, and NFSv4 should probably >>provide for the only reasons you would want to use smb over NFS. > > > I definitly agree, but on small networks I thought it wouldn't have a huge > impact to only use smb, and it would have make things easier to just have one > single network protocol (with one single auth method). >
But, it's much less work to use NFS :-). > >>At present it is not possible to run GNOME or KDE on a SMB/CIFS-mounted >>home directory, even with a samba server running on a unix machine with >>unix extensions available (or at least it was last time I tested which was >>just before cifs went into the Mandrake kernel). > > > You're also right when saying that you can't make KDE running with a home > folder on smb (I didn't test with Gnome). > I didn't notice it because I'm still old fashion (I've just learn that there > was someting higher than '$ init 3' ;-) ). It's probably The Reason why my > idea was stupid. The idea isn't stupid (in fact it is necessary IMHO in some situations), unfortunately CIFS doesn't currently support the features required for this to work. CIFS with unix extenstions is supposed support all unix filesystem semantics ... but this isn't the case yet. > > I'v made some tests with lastest CIF : the problem come from symbolic links, > and more exactly with absolute path symbolic links. There are ways to handle > absolute symlinks on server side (symlink.translations), but in all cases > result must point to a destination within the share to which the client is > connected ... so not good for KDE symlinks ... > > >>Are you using group mapping? If so, is it working (I have problems using >>the Windows User Manager for Domains under certain circumstances, but I >>have a bug open on it ...). >> > > > Yes/No. I've mapped my groups to well known ones. I've found "a lot" of > tutorials on Web explaining how to migrate passwd files or a NT4 system to > ldap, but none to build a new one from scratch. I've been a bit lost in the > black magic of some smbldap tools handling rid/gid : > > (...) > For Samba users, rid is 2*uidNumber+1000, and primaryGroupID > to create a sambaDomainName administrator (admin rid is 0x1F4 = 500 and > grouprid is 0x200 = 512) > (...) > > I've found some explanations at > http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q243/3/30.ASP&NoWebContent=1 > > On my small network there is only two groups : domain users and domain > admins... > I have had some issues when a user is in a group which is the same as his username (default on many linux distributions), where group memberships aren't resolved correctly in some cases, so I can't run User Manager for Domains from a normal user account with Domain Admin at present (but the user does get Admin rights on the client). I haven't had time to document all the issues ... > I currently don't have any WinXP professionnal box, I'll do more test asap. > > I'm going to try to make a kind of DirectoryAdministrator, but based on Qt and > with a tigher KDE integration ... if I have I have time. I've yet build this > week-end a C++ layer over libldap, it's a first draft but I can list/search > throug an ldap server and modify objects attribute ;-). Now I have to learn > the gui part of Qt to make a (usefull) fronted, and to find time ... which > could take some time ... :-( Look in the source for kdebase, there is an ldap kioslave, and I think it uses an existing KLDAP interface (so if you haven't finished your libldap stuff, maybe you can save time?). IMHO, it should not be necessary to have a seperate GUI for this, kio_ldap can be viewed (partially) in Konqueror (a tree view doesn't work right). But, what is missing is a kpart for viewing/modifying LDIF files. If that were there, I think it might be feasible to edit attributes directly in Konqueror. Of course, such a kpart would be useful if you were to do a standalone LDAP admin tool. There are aldready some projects on this (myldapklient I think was one). > > BTW, smbldap-useradd3.pl is trying to invoke smbldap-passwd.pl (line 360) > instead of smbldap-passwd3.pl, which prevent the -P option to work as > expected (I'm using pre1.2mdk). Thanks, I will take a look (guess I missed it since most of my machines have about 2 or 3 versions of samba ;-). > > >>>The last pam_mount version is the 9.4, I'll compile it and see if things >>>are going to another way. > > > Again wrong, the lastest version is 0.9.6, and it don't change anything. > > >>Some comments: >>1)I don't think it is useful putting pam_mount in system-auth, since I >>don't see any value having your smb share mounted when you read your mail >>via an IMAP on such a machine, or when you connect to a samba printer (if >>you use 'obey pam restrictions = yes') etc. Also, I have had some problems >>using pam_mount in system-auth (maybe it doesn't work too well with >>pam_stack) in the past. > > > I only use pam_mount is on clients, so there are no problems whith server > auth, and for imap it depends on where are your mail dirs... > pam_mount now function correctly, with the differents remarks I made on its > position in the stack. > > >>BTW, IMHO there is only (currently) one scenario where smbfs/cifs would be >>a good idea for sharing home directories (if symlinks worked correctly) > > I gess we still have to use nfs ... symlinks are working correctly, as long as > targets remain on file server. Not really usefull for Unix workstations. > > >>IMHO, the best method (currently) to manage file sharing between unix >>machines in a network is with autofs (specifically automount maps in >>LDAP). > > I'm going to try this instead, seems great, especially with LDAP mapping. > And autofs-4.1 will make life even easier for this by supporting direct mounts ... I must get around to trying it ... Regards, Buchan -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
