Hello:
Mahantesh wrote,
> Good Morning friends,
> we have a Netapp file server with around 100TB which serves space for
> all of our *nix boxes. So let us call it as Homer for our discussion.
> This system does not have any OS with it. One can mount its space on
> any of the system.
Ok.
> We would like to create home folder of each user on this. So the
> folder named "mahantesh" should be accessible only to user
> "mahantesh". This is straight forward if user "mahantesh" is on Homer
> itself. But homer acts as file-server, no one could directly log-on to
> it.
AFAIK, you can provide home folder access w/o directly logging on to
Netapp filer.
> We would need to access this folder from any system on the network. So
> when I log-in to Windows client(which get authenticated by a domain
> controller in Active Directory), I should be able to access my dir
> "mahantesh".
This is certainly doable and AFAIK, this is the preferred way of using
the Netapp filer. The idea is to "join" the Netapp server to your AD
controller and then use a netlogin batch script to mount the user's home
directory from the Netapp server.
> For this does Homer has to support CIFS or samba is enough?(I guess
> CIFS is another name given by MS for SMB).
Netapp _does_ support CIFS/SMB.
> Another possiblity is when I log in to Unix box.... Now user
> "mahantesh" logged into Unix box, should be recognised as the same
> user "mahantesh" who logged in through Active Directory.
Sure. I had a couple of boxes here doing just that.
> Our challenge lies in making Linux box (through which we give access
> to Homer) think that, user accessing his folder is the same user from
> wherever he accesses his home folder. This means a single sigh on(it
> should not ask auth details again and again).
Why dont you want to allow users to mount their shares direclty from the
Netapp server instead of going thru the Linux gateway.
I would go about doing the setup liks this -
For the Single Sign On Solution (SSO) part:
Chuck out Active directory/Win2k and replace it with OpenLDAP and Samba.
If this is a win centric LAN then:
- Set up AD for the domain.
- Install MS Services for UNIX and enable UNIX extensions for all users.
SFU does provide NIS services too, but for the sake of security, use
only the LDAP protocol. You could also use AD4Unix for extending the
AD schema to support POSIX attributes.
- Install pam_ldap and nss_ldap on all unix servers and configure them
to look up active directory for UNIX attributes.
For the user home dir part:
- "join" the Netapp server to the AD controlled domain. You may need to
read netapp docs for this but I am pretty sure it can be done.
- Modify the logon script to map shares to the Netapp filer
Net USE H: \\homer H: /yes
> The first though came to me was mapping users using NIS, but that does
> not seem to be a good solution.
Nah, don't use NIS.
> Any thoughts/ ideas will be very hepful.
See:
Microsoft Active Directory for Unixes:
http://www.css-solutions.ca/ad4unix/index.html
-- Shanu
http://shankerbalan.com/
--
Disco is to music what Etch-A-Sketch is to art.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
