[K12OSN] SMBLDAP Directory Permissions
Rob Owens
rob.owens at biochemfluidics.com
Fri Nov 21 19:26:27 UTC 2008
Nicolas Roussi wrote:
> Hi, I am very new to LDAP and I need some initial help with a couple of
> issues. I have an LDAP server (S1) that is used only to hold usenames,
> passwords etc.
> I have an LTSP server that I set up as an LDAP client (S2) and
> authenticates to the LDAP server. The authentication is working
> perfectly and I used the smbldap scripts. The problem is that S2 needs
> to have all user directories stored on it. Therefore, I exported
> /ldaphomes from S2 and mounted it on S1. The permissions on S2 for
> /ldaphomes is 0777 and each subdirectory that I want for my users should
> be 0700. When I run smbldap-useradd -m -d /ldaphomes/testuser testuser
> on S1, the command runs successfully and the home directory is created
> but it is created as nobody:nogroup for owner and group. Does anyone
> know what script I need to modify in order for each user home directory
> to be created as owner:group of the user I am creating and permissions
> 0700?
>
smbldap-useradd should give you the appropriate permissions for the home
directory. I suspect this is an NFS problem. I think what's happening
is root on S1 is trying to create folders on S2, but S2 doesn't
"recognize" S1's root user privileges. In order to overcome this, you
need to export /ldaphomes with the no_root_squash option.
Or instead of that, is there a way to run smbldap-useradd from S2, and
have it modify the ldap database on S1? I don't see that as an option
in the man page, but if it could be done you'd be using S2's local root
user and the permissions should get set correctly.
-Rob
********************************************************
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this transmission in
error please notify the sender immediately and then delete this e-mail.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard copy
version.
********************************************************
More information about the K12OSN
mailing list