How do I get the correct file ownerships to show in the client machines?
Starting a new thread as the other thread got into other problems that got solved. Running NFS Server on a server with the /home directory shared. /home/afore ownership afore UID 1000 /home/lilo ownership lilo UID 1002 Client machine (afore) running NFS Client. Mounted remote file system shows /home/afore ownership afore UID 1000 /home/lilo ownership 1002 Other client machine (lilo) running NFS Client, Mounted remote file system shows /home/afore ownership lilo UID 1000 /home/lilo ownership 1002 How can I get the ownership of the shared directories to be corret, that is, the same on both client machines and the server? Art
On Mon, 2005-08-08 at 15:55 -0700, Art Fore wrote:
Starting a new thread as the other thread got into other problems that got solved.
Running NFS Server on a server with the /home directory shared.
/home/afore ownership afore UID 1000 /home/lilo ownership lilo UID 1002
Client machine (afore) running NFS Client. Mounted remote file system shows
/home/afore ownership afore UID 1000 /home/lilo ownership 1002
Other client machine (lilo) running NFS Client, Mounted remote file system shows
/home/afore ownership lilo UID 1000 /home/lilo ownership 1002
How can I get the ownership of the shared directories to be corret, that is, the same on both client machines and the server?
Art
You need to use a NIS server/client setup or copy over the groups,password,shadow files to the clients. I would use the NIS setup as we do. Brad Dameron SeaTab Software www.seatab.com
On Tuesday 09 August 2005 02:13, Brad Dameron wrote:
On Mon, 2005-08-08 at 15:55 -0700, Art Fore wrote:
Starting a new thread as the other thread got into other problems that got solved.
Running NFS Server on a server with the /home directory shared.
/home/afore ownership afore UID 1000 /home/lilo ownership lilo UID 1002
Client machine (afore) running NFS Client. Mounted remote file system shows
/home/afore ownership afore UID 1000 /home/lilo ownership 1002
Other client machine (lilo) running NFS Client, Mounted remote file system shows
/home/afore ownership lilo UID 1000 /home/lilo ownership 1002
How can I get the ownership of the shared directories to be corret, that is, the same on both client machines and the server?
Art
You need to use a NIS server/client setup or copy over the groups,password,shadow files to the clients. I would use the NIS setup as we do.
NIS is outdated. LDAP is the right way nowadays and in the future. Set up a SLES9 server with LDAP authentication (easiest way to have it is right at installation). Then, the client machines (NLD9), select LDAP authentication and input your server. Then you would use YaST to manage users on the server. Also add in /etc/sysconfig/ldap OPENLDAP_RUN_DB_RECOVER=yes
On 8/9/05, Silviu Marin-Caea <silviu_marin-caea@genesys.ro> wrote:
On Tuesday 09 August 2005 02:13, Brad Dameron wrote:
On Mon, 2005-08-08 at 15:55 -0700, Art Fore wrote:
Starting a new thread as the other thread got into other problems that got solved.
Running NFS Server on a server with the /home directory shared.
/home/afore ownership afore UID 1000 /home/lilo ownership lilo UID 1002
Client machine (afore) running NFS Client. Mounted remote file system shows
/home/afore ownership afore UID 1000 /home/lilo ownership 1002
Other client machine (lilo) running NFS Client, Mounted remote file system shows
/home/afore ownership lilo UID 1000 /home/lilo ownership 1002
How can I get the ownership of the shared directories to be corret, that is, the same on both client machines and the server?
Art
You need to use a NIS server/client setup or copy over the groups,password,shadow files to the clients. I would use the NIS setup as we do.
NIS is outdated. LDAP is the right way nowadays and in the future.
Set up a SLES9 server with LDAP authentication (easiest way to have it is right at installation).
Then, the client machines (NLD9), select LDAP authentication and input your server.
Then you would use YaST to manage users on the server.
Also add in /etc/sysconfig/ldap OPENLDAP_RUN_DB_RECOVER=yes
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Hello Art, NFS is working on a trust basis. The NFS-Server trusts the allowed machines that they have the same auth base like itself. A user is defined by its numerical user-ID and this UID-number has an "alias", its username, like "lilo". If you add a user on the first machine, it gets the first free UID-Number (it may start from different values! Normally, it is said that you shouldn't use UID-nums below 100 for normal user accounts and the SuSE distros had started from UID-num 500 (as the number for required system accounts are growing), but then (I think it was from 9.2 on), they started from 1000, you can check this in /etc/login.defs -> see UID_MIN..). You see, if you'd add two namely identical users in a different order, or on two different SuSE releases, their userid numbers would most likely differ .. Have a look into your /etc/passwd and check the userid-number of your "identical" users, I bet they are not the same.. That's why most people are going to use central auth mechanisms, like NIS, LDAP, ... which also means, that you have to take care about those services, which have caveats as well.. (got LDAP running, well, do have it encrypted? use LDAPS, then you need SSL / x509 certs.. a.s.o.) You could simply try to copy your /etc/passwd, /etc/group, /etc/shadow file entries over.. (be careful, better copy only the lines with the required users, not the whole files) Give it a try, then you might try LDAP Markus
Markus Natter wrote: <snip>
Hello Art,
NFS is working on a trust basis. The NFS-Server trusts the allowed machines that they have the same auth base like itself. A user is defined by its numerical user-ID and this UID-number has an "alias", its username, like "lilo".
If you add a user on the first machine, it gets the first free UID-Number (it may start from different values! Normally, it is said that you shouldn't use UID-nums below 100 for normal user accounts and the SuSE distros had started from UID-num 500 (as the number for required system accounts are growing), but then (I think it was from 9.2 on), they started from 1000, you can check this in /etc/login.defs -> see UID_MIN..).
You see, if you'd add two namely identical users in a different order, or on two different SuSE releases, their userid numbers would most likely differ ..
Have a look into your /etc/passwd and check the userid-number of your "identical" users, I bet they are not the same..
That's why most people are going to use central auth mechanisms, like NIS, LDAP, ... which also means, that you have to take care about those services, which have caveats as well.. (got LDAP running, well, do have it encrypted? use LDAPS, then you need SSL / x509 certs.. a.s.o.)
You could simply try to copy your /etc/passwd, /etc/group, /etc/shadow file entries over.. (be careful, better copy only the lines with the required users, not the whole files)
Give it a try,
then you might try LDAP
Markus
OK, that info brings another question or two. I do have one laptop with WinXP on it for work. Would I better off just using Samba instead of NFS or should I run them in parallel and can they both use the same ldaps server? All of the other machines are Suse 9.3. Art
On Tuesday 09 Aug 2005 11:54, Silviu Marin-Caea wrote: <SNIP>
NIS is outdated.
That may or may not be so.
LDAP is the right way nowadays and in the future.
But there is NO /right/ way to do it. Since the OP seems to have a server and two machines, with two users, LDAP seems like using an A-Bomb to kill a weed. Dylan -- "The man who strikes first admits that his ideas have given out." (Chinese Proverb)
Art, again, I would not recommend you to start with setting up a LDAP server in this case.. except you want to play around with it, hours and hours, read many fn.. manuals.. If you are bored, or you got your primary problems solved, you could start to take a look at LDAP, which is an interesting field.. but not now, as you might get frustrated if nothing works. Start walking first, then try to build a ferrari.. ;) 1. NFS You could use NFS on windows too, if you'd install the windoze services for unix (SFU), you'd have to import your passwd / group file in the sfu snapin and generate user mappings. (which windoze user should act as which unix user..) NFS is simple to setup on Linux, on Windoze you might spend some minutes to work.. If your primary target is just filesharing, I'd go this way. 2. Samba Is another possibility. You could also run it parallel to NFS, of course. It's a bit more complicated here, and there are as well some caveats.. but you could give it a try, and there is a lot of help in the internet, and the shipped sample configs are quiet good to start with. The advantage of samba is to share your printers configured in cups with your windoze, printing to PDFs, specifying detailed ACLs ( but do you need them?) ... If you'd use LDAP, you could use e.g. the LDAP Account Manager (LAM) to manage samba and unix account settings in one web based tool (I'm not sure, if YaST could deal with both user account types..). To let Windoze authenticate against LDAP, I think it's possible, yet not easy (Kerberos Ticket handling..), and you should really not try by now. hope this helps, Markus
Finally got NIS client working. It was the firewall on the Server. I will try LDAP at a later date. Art Markus Natter wrote:
Art, again, I would not recommend you to start with setting up a LDAP server in this case.. except you want to play around with it, hours and hours, read many fn.. manuals.. If you are bored, or you got your primary problems solved, you could start to take a look at LDAP, which is an interesting field.. but not now, as you might get frustrated if nothing works. Start walking first, then try to build a ferrari.. ;)
1. NFS You could use NFS on windows too, if you'd install the windoze services for unix (SFU), you'd have to import your passwd / group file in the sfu snapin and generate user mappings. (which windoze user should act as which unix user..) NFS is simple to setup on Linux, on Windoze you might spend some minutes to work.. If your primary target is just filesharing, I'd go this way.
2. Samba Is another possibility. You could also run it parallel to NFS, of course. It's a bit more complicated here, and there are as well some caveats.. but you could give it a try, and there is a lot of help in the internet, and the shipped sample configs are quiet good to start with. The advantage of samba is to share your printers configured in cups with your windoze, printing to PDFs, specifying detailed ACLs ( but do you need them?) ...
If you'd use LDAP, you could use e.g. the LDAP Account Manager (LAM) to manage samba and unix account settings in one web based tool (I'm not sure, if YaST could deal with both user account types..).
To let Windoze authenticate against LDAP, I think it's possible, yet not easy (Kerberos Ticket handling..), and you should really not try by now.
hope this helps,
Markus
participants (5)
-
Art Fore -
Brad Dameron -
Dylan -
Markus Natter -
Silviu Marin-Caea