On 9 Aug 2008, at 14:52, Yoav Luft wrote:
In an ideal world users should use their domain username &
password to log on when they sit down at the Linux box. And they
should be mounting the directories they need off the file server
by (double-clicking on a drive icon on their KDE desktop if
necessary and) using their same unique credentials (*not yours!*).
If you want to fully implement this then it's not a two minute
job; you shouldn't need much from the Windows IT admins except the
name of the domain and perhaps the resolvable name of the domain
master server - you should be able to test using your own domain
\user:pass
That is, actually, what I'm trying to achieve, but what is crucial
to the usability of the linux box is that each user (a would be
developer) would have access to his own files and the departments
files on the server without any knowledge of the working of Linux,
Samba, or others. It would be especially nice if logon names would
be taken from the server, and those relief users to manually add
and configure more users.
I can think on an awkward solution, making a script that sets up a
new user and assumes the user name is the same as the one in the
domain. But I am sure there is a cleaner, better solution, only
that I haven't found it yet.
So, I will sum up shortly what I want, starting from most important:
1. Users will have access to the departments files without root
access with their own privileges rather then mine (achieved through
given sudo to mount, and putting it all in a script).
2. Users will have access to their own personal files (achieved
through the same script. Not sure if it is run automatically when a
user logs on)
3. Any user on the domain will be able to log on to the machine,
and have access to his files, will automatically authenticate
himself to network services, etc.
http://www.google.com/search?q=authenticating+linux+users+against
+windows+domain
Sorry to say "read teh g0ggles, newb", but I'd need to read a number
of these pages myself before I could say "you want to do it this way
not that" or before I was even aware of the advantages &
disadvantages of the different approaches.
Mostly you shouldn't need much from the Windows admins. If you were
to install XP Pro on a new PC and bring it into the office, all you'd
need to do is right-click on my computer and change from "My
Workgroup" to "My Domain" (or "BobsElectricals" or whatever) - the
next time the machine starts you'll need to log on using your
username:password on the domain. Likewise all you *should* need to
add the Linux box to the domain is its name, and perhaps the
hostname / ip address of the master domain server.
The approach for mounting shares isn't obvious to me right now, but
hopefully will become clear to you during the days that you spend
setting the authentication up. On a Linux Samba box there is a
special share called "homes" and mounting that seems to automatically
use the ~ of the user authenticating; on Windows you can refer to %
user%, although you probably can't combine these two methods
directly. I don't use Linux on the desktop, but KDE or Gnome or
whatever probably has a facility to run scripts upon logon; write a
Bash script calling var=`whoami` ; mount \\domainserver\$var and put
it in /etc/skel (or the KDE / Gnome equivalent).
Stroller.