[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] can I authenticate ltsp users against win2000AD?



> creation of a home directory if it didn't already exist.  After that
> point I was thinking about using smbmount to mount that users home
> directory at ~/Home after login.  Unfortunately we were completely
> unable to get SMB file connections to work to the Windows.NET beta
> server.  I suspect that they changed the protocol again to lock out
> Samba.  Anyone know if the Samba developers would like to SSH into our
> test network and debug this?  We would give full VNC access to the
> Windows.NET and Windows XP, and SSH to a Linux box.  Or perhaps it is
> just a configuration option on the .NET server that would need to be
> changed.
> 
> Anyway, without working file mounts and the problematic RID mapping
> synchronization, we decided to make the Linux authentication and file
> storage separate for the semester.  We are now using OpenLDAP and NFS
> for those desktops when they boot into Linux.
> 

I believe I can address each of  your issues here:
1) mounting home directories at logon: there is also an existing PAM
module to do this as well (I believe it is called pam_mount, but I'm not
certain)
2) well, my guess as to why Samba connections don't work is that it's
either because Windows.NYET is using NTLMv2 for authentication
exclusively (w/o fallbacks for older clients, do you have any problems
connecting to .NYET with 9x, NT, or 2k?) or the SignOrSeal stuff might
be biting you in the butt, either way (I suspect it's the NTLMv2,
personally) I know it is configurable, EXACTLY how, I'm not sure,
SignorSeal is a registry key and the authentication stuff is too, but I
think it has some actual control panel for changing it.

Until they get the RID mapping stuff worked out (I'm surprised you can't
actually store that stuff in the LDAP server, something I should look
into) if you don't need to use the .NYET beta server (which I'm guessing
you do, given the fact that you're using beta software at all ;-) ) the
easiest way to ensure synchronisation of accounts between linux and
windows is to use a combination of Samba and LDAP for authentication:
but you have to use Samba as your PDC, so it probably isn't a workable
solution for  you.

--Shahms





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]