Connecting LINUX to NT server
OK - I'm trying to do it back to front. We have an NT box (several in fact...) which are part of two domains (admin and teaching) If pupils use LINUX it would be handy if they could connect to their NT account. Root can create a 'mount' using mount -t smbfs //netserver/usershare /home/username/NTmount but ordinary users can't create mounts in this manner. And administrators can't do it faor them as they don't know the passwords. Is there a way to allow users to connect to NT shares with SAMBA? -- Alan Davies Head of Computing Birkenhead School
On Wed, 28 Mar 2001, Alan Davies wrote:
OK - I'm trying to do it back to front. We have an NT box (several in fact...) which are part of two domains (admin and teaching) If pupils use LINUX it would be handy if they could connect to their NT account. Root can create a 'mount' using mount -t smbfs //netserver/usershare /home/username/NTmount but ordinary users can't create mounts in this manner. And administrators can't do it faor them as they don't know the passwords. Is there a way to allow users to connect to NT shares with SAMBA?
You're not going to like this answer, but the easiest way to do it is to hold the folders on a Linux machine and serve them via Samba (to NT clients) and NFS (to Linux clients). If this is not an option: Do you have a command called "smbmount"? If so, this may help with your problem - you should be able to run smbmount //netserver/usershare ~/NTmount as an ordinary user. Of course, you still have to solve the problem of requiring users to re-type their passwords ... As an alternative, you could look for an NFS server for the NT box. There are a few available, but I have never used any of them so can't comment on which one to go for. HTH, Michael
My understanding is that smbmount is not and will not be supported on current and future releases of LINUX. You have to do mount -t smbfs.... There was something about suid - that I didn't understand. I am not ready to move home directory hosting to LINUX - for several reasons... NT server (PDC and BDC) have mirrored technology, software raid and gigabit fibre backbone connections....all of which I don't have on LINUX - and may not even be supported by LINUX....yet. I suppose I could allow pupils to access LINUX files from NT by creating samba shares.....which would need shadow password files....and some script to set it up. ....It would be ideal to do it both ways of course. On Wed 28 Mar, Michael Brown wrote:
On Wed, 28 Mar 2001, Alan Davies wrote:
OK - I'm trying to do it back to front. We have an NT box (several in fact...) which are part of two domains (admin and teac hing) If pupils use LINUX it would be handy if they could connect to their NT account. Root can create a 'mount' using mount -t smbfs //netserver/usershare /home/username/NTmount but ordinary users can't create mounts in this manner. And administrators can't do it faor them as they don't know the passwords. Is there a way to allow users to connect to NT shares with SAMBA?
You're not going to like this answer, but the easiest way to do it is to hold the folders on a Linux machine and serve them via Samba (to NT clients) and NFS (to Linux clients).
If this is not an option:
Do you have a command called "smbmount"? If so, this may help with your problem - you should be able to run
smbmount //netserver/usershare ~/NTmount
as an ordinary user. Of course, you still have to solve the problem of requiring users to re-type their passwords ...
As an alternative, you could look for an NFS server for the NT box. There are a few available, but I have never used any of them so can't comment on which one to go for.
HTH,
Michael
-- Alan Davies Head of Computing Birkenhead School
On Thu, 29 Mar 2001, Alan Davies wrote:
My understanding is that smbmount is not and will not be supported on current and future releases of LINUX. You have to do mount -t smbfs....
smbmount works here, on a "latest production release".
There was something about suid - that I didn't understand.
There's a helper program called smbmnt that has to be installed suid-root.
I am not ready to move home directory hosting to LINUX - for several reasons... NT server (PDC and BDC) have mirrored technology, software raid and gigabit fibre backbone connections....all of which I don't have on LINUX - and may not even be supported by LINUX....yet.
Software raid definitely is, gigabit ethernet almost certainly is, mirroring...what is being mirrored?
A useful idea would be to create a script, make it executable only to users other than root. Make the script have the root password in it - and make it work with parameters? I.e. you pass to it the username and password of the user and it will then mount it properly. Just an idea That sounds like worth a try. I sort of forgot that LINUX can have a file 'executable' but not 'readable' So the password should be safe.....? As long as the script does not 'abort' when root has access leaving the user with root access.....
Nonononononononononononononononononono!!!!!!!!!!! PLEASE don't do this!!! Passwords should never be stored in clear-text, especially not the root password - it's sheer insanity. What you are trying to do (enable ordinary users to execute a specific program with root privileges) already exists as a widely-used facility - it's the "suid" thing, and smbmount is already designed to work this way. There are several major security implications of what you are trying to do. In particular: o Suid programs are inherently dangerous and you should be very careful when using them. o Command line contents are publicly visible. If, for example, you pass a username and password to a script on the command line, then these will be visible to any other user on the system. Michael
On Thu 29 Mar, Michael Brown wrote:
On Thu, 29 Mar 2001, Alan Davies wrote:
My understanding is that smbmount is not and will not be supported on current and future releases of LINUX. You have to do mount -t smbfs....
smbmount works here, on a "latest production release".
According to O'Reilly...'Using Samba'...page 36.....Smbmount....this feature wasn't being maintained at the time of writing (Jan 2000) so its left as an optional feature in the compile of the kernel (and I assume not in SUSE7.0) ....and provide smbwrapper instead - but it doesn't explain what that is.
There was something about suid - that I didn't understand.
There's a helper program called smbmnt that has to be installed suid-root.
What's a helper program? And what is installing 'suid-root'?
I am not ready to move home directory hosting to LINUX - for several reasons... NT server (PDC and BDC) have mirrored technology, software raid and gigabit fibre backbone connections....all of which I don't have on LINUX - and may not even be supported by LINUX....yet.
Software raid definitely is, gigabit ethernet almost certainly is, mirroring...what is being mirrored?
NT allows you to have two discs (or even servers) which 'mirror' the contents of the other. If one fails.....its OK.
-- Alan Davies Head of Computing Birkenhead School
On Thu, 29 Mar 2001, Alan Davies wrote:
smbmount works here, on a "latest production release". According to O'Reilly...'Using Samba'...page 36.....Smbmount....this feature wasn't being maintained at the time of writing (Jan 2000) so its left as an optional feature in the compile of the kernel (and I assume not in SUSE7.0) ....and provide smbwrapper instead - but it doesn't explain what that is.
smbmount is now being maintained by a member of the Samba team.
There was something about suid - that I didn't understand. There's a helper program called smbmnt that has to be installed suid-root. What's a helper program? And what is installing 'suid-root'?
"suid" is "set user ID" - it's a flag you can set on an executable file which means that when the file is run, it runs with the privileges of the user who *owns* the file rather than the current user. Most commonly used for programs owned by root - this allows users to execute commands requiring root privileges. The programs which are flagged as suid-root must be very careful not to compromise the system security by allowing users to do things other than those intended.
I am not ready to move home directory hosting to LINUX - for several reasons... NT server (PDC and BDC) have mirrored technology, software raid and gigabit fibre backbone connections....all of which I don't have on LINUX - and may not even be supported by LINUX....yet. Software raid definitely is, gigabit ethernet almost certainly is, mirroring...what is being mirrored? NT allows you to have two discs (or even servers) which 'mirror' the contents of the other. If one fails.....its OK.
How are you distinguishing between disc mirroring and RAID? Disc mirroring is just RAID level 1. Michael
participants (2)
-
Alan Davies
-
Michael Brown