[COLUG] ActiveDirectory integration: home directories

Scott Merrill skippy at skippy.net
Wed Aug 23 19:46:01 EDT 2006 

Brian Miller wrote:
> On Wednesday 23 August 2006 6:16 pm, Joseph Fannin wrote:
>> On Wed, 2006-08-23 at 08:33 -0400, Scott Merrill wrote:
> 
>>> The RHEL workstation can mount the NFS share, but cannot see any of the
>>> contents of that share:
>>> [root at rhel ~]# mount fqdn.ad.example.com:/Home /mnt
>>> [root at rhel ~]# ls /mnt
>>> ls: /mnt: Permission denied
>>     Ok, dumb question -- how are the Unix UIDs mapped to Windows?
>>
>>     Being root on the linux box doesn't mean you have any permissions on
>> the Windows NFS share -- in fact, I'd sort of expect it to give you less
>> than with a "normal" UID (assuming some sort of UID mapping is in
>> place).
>>
> I was going to suggest something along the same lines.  One of the options  
> for Services for Unix is a map file that maps Windows users to UID numbers 
> for UNIX.  If you want users to be able to write, this mapping must be set 
> up.  I never messed with it much, since we were only try to export CD's from 
> Windows systems to UNIX servers (the old anonymous access works great for 
> read-only permissions).  But the option to set it up is somewhere within the 
> Services for UNIX MMC plugin.

Ah, that's a helpful lead. Thanks!

>From the link I shared in my last reply, I learned that I needed to
install the "Server for NIS" component.  It's not really used, except to
assign Unix UIDs to those users who I want to be able to use Unix
machines in the domain.

I'll poke around the MMC and the snap-ins.  As I mentioned, we're using
Windows Server 2003 R2, which bundles many of the old SFU components, so
things might live in different locations now.  Any additional info you
can provide to help me pinpoint this will be most appreciated.

> By the way, this will require that all users have the same UID across all 
> Linux systems, since Windows will ready the UID presented by the client, and 
> map that to the Windows user.

This is a goal, anyway, and I think I've got it working already.  See above.

Cheers,
Scott

-- 
skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35

More information about the colug432 mailing list