[COLUG] ActiveDirectory integration: home directories
Scott Merrill
skippy at skippy.net
Wed Aug 23 19:21:53 EDT 2006
Joseph Fannin wrote:
> On Wed, 2006-08-23 at 08:33 -0400, Scott Merrill wrote:
>> We want to provide a single home directory for our students in addition
>> to single sign-on; so that the student's resources are available from
>> any machine they choose to use. This is proving to be the problem.
>>
>> The home directories for our test implementation reside on our AD
>> controller. I've shared the home folder (C:\Home) as both a CIFS share
>> and an NFS share (using Windows NFS services bundled with Win2K3 R2).
>> The RHEL workstation can mount the NFS share, but cannot see any of the
>> contents of that share:
>> [root at rhel ~]# mount fqdn.ad.example.com:/Home /mnt
>> [root at rhel ~]# ls /mnt
>> ls: /mnt: Permission denied
>
> Ok, dumb question -- how are the Unix UIDs mapped to Windows?
That's a good question. I don't think they are -- the mapping is only
from Windows to Unix, if I understand everything correctly.
I followed this HOWTO to map SIDs to UIDs using nothing but LDAP:
http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-server-2003-r2-revisited/
> Being root on the linux box doesn't mean you have any permissions on
> the Windows NFS share -- in fact, I'd sort of expect it to give you less
> than with a "normal" UID (assuming some sort of UID mapping is in
> place).
Good point. When I mount the CIFS share, I specifically supply
credentials; but when I mount the NFS share, I'm just doing it as root.
I'm doing it all from the command-line at the moment, which means I
need to be root. I haven't yet tried to add an fstab entry for an NFS
share to make it user-mountable.
The mount (and nfs) man page doesn't show any means to mount the NFS
share as anyone other then root, though. Do I need to create a user
named "root" in my ActiveDirectory? Or is there another way to skin
this cat?
Thanks!
--
skippy at skippy.net | http://skippy.net/
gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49 3544 476A 7DEC 9CFA 4B35
More information about the colug432
mailing list