[K12OSN] SMB-LDAP and allowing Teachers to view Students homedirectories

Daniel Kuecker kueckerd at shenandoah.k12.ia.us
Thu Dec 14 19:07:53 UTC 2006

I am having a similar problem. Iam authenticationg against active
directory with the thin clients, using pam_mount to mount their
homedirs. i am having permission problems with thier homedirs on
windows. i just installed SFU on the active directory server, but now i
cannot figure out how to make the UID match. for example, user1
permissions show on the win home dire as owner halt group domain users.
user1 cannot create a new doc and save it on thier home folder 
>>> "Tom Wolfe" <twolfe at sawback.com> 12/14/06 7:29 AM >>> 
Can you use extended attributes/ACLs? I did this with a FreeBSD file
we use with Active Directory, and though it took some time, the
issues were eliminated.
Tom Wolfe

----- Original Message-----
From: k12osn- bounces at redhat.com [mailto:k12osn- bounces at redhat.com] On
Of Julian Yap
Sent: December 14, 2006 01:06
To: Support list for opensource software in schools.
Subject: [K12OSN] SMB- LDAP and allowing Teachers to view Students

Hi all,

I'm helping with the upgrade of a local school's single K12LTSP server
to using a LDAP server and more K12LTSP labs.

Currently they have the standard Linux convention for students in that
their user name is the same as their primary group.

For example:
uid=1001(student) gid=1001(student) groups=1001(student)

The Teacher for that Student is then a member of that Student's
uid=2001(teacher) gid=2001(teacher) groups=2001(teacher),1001(student)

A Teacher can than access the Student's home directory as the
home directory's Group permissions are turned on.
$ ls - ld ~student
drwsrws---  56 student student 4096 Dec 13 19:35 /home/student

Here's the rub.  I'm having problems thinking of how this would best
translate to a SMB- LDAP environment.  Both security wise and
wise.  That is, how can I best allow Teachers the ability to access
Student's home directory files.

This is an example student in the new system:
uid=1004(student) gid=513(Domain Users)

This is an example teacher in the new system:
uid=1005(teacher) gid=513(Domain Users) groups=523(Staff),513(Domain

These are the default permissions for a Student's home directory:
$ ls - ld ~student
drwx------   3 student Domain Users 4096 Dec 13 20:53 /home/student

Any help would be great.



K12OSN mailing list
K12OSN at redhat.com
For more info see <http://www.k12os.org>

K12OSN mailing list
K12OSN at redhat.com
For more info see <http://www.k12os.org>

More information about the K12OSN mailing list