Thanks for your reply,
Connecting to SMB/CIFS over the internet tends to be extremely slow. I'm not sure why that should be the case, but having played with direct access over the internet vs over a VPN, the internet one is substantially slower (to the point of being practically unusable). That might be less of an issue if you are their ISP.
That we are. Bandwidth in Japan is pretty good. But even then, I get the feeling some users would be happy with slow but "easier" means of accessing their content. But I guess that depends on just how bad it is, but naturally I am setting up a proof-of-concept on the test system first.
Mapping a drive could also cause problems. In the past I have had issues with very long delays opening My Computer when network drives are slow to respond. I've just tried to replicate this issue and it doesn't appear to be a problem in Vista but I have certainly seen it with some versions of XP.
This is true, I experienced this in my past. But perhaps not a permanent mapping, if there was a icon the could double click or similar, to temporarily set up the drive. I will keep that in mind.
I hesitate to say that storing passwords in plain-text is "good", but in this case it will greatly simplify things. You will need to add the samba schema.
I know, I know.. in the past, there was no choice with some software. CHAP/SAUTH etc, needed it. Recently, most software can do auth-bind on a leaf for testing which is much better.
There is no way around adding Samba schema? Not that is a big deal, but curious. Can I perhaps ask samba to merely query a script for authentication and retrieval of uid/gid/homeDirectory? If so, I could (temporarily) work around the schema.
Samba is able to talk to LDAP directly and fully understands the fields in the POSIX schema, there are plenty of OSs supported by Samba that don't use PAM (Slackware, AIX, probably the various BSDs).
Ok so it will get the attributes without PAM, but the schema and attribute-names are hard-coded.
Not without having to make changes to how the client PCs will authenticate, so pretty much "no". However since you have the passwords in plaintext it isn't too much of a hassle to generate the hashes.
Perhaps I should ignore LDAP and simply add a smbpasswd user and test it first.
Lund -- Jorgen Lundman | <[email protected]> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
