bottom post! (see below) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Zhi Cheng Wang > Sent: Friday, March 28, 2003 4:27 PM > To: [EMAIL PROTECTED] > Subject: RE: mount win shares to Linux automatically - possible? > > > Hi, Christopher > Thank you for your very helpful suggestions. For the time > being, I will write a script to prompt for password when > people try to access their windows shares. It is simply > impossible to ask hundreds of people for their password and > put them in a clear text file on hundreds of computers and > have to change them from time to time. May be it is a good > idea for some folks, but not me. > > Thank you again. > > Cheng > > > -----Original Message----- > From: Reuben D. Budiardja [mailto:[EMAIL PROTECTED] > Sent: 28 March 2003 15:08 > To: [EMAIL PROTECTED] > Subject: Re: mount win shares to Linux automatically - possible? > > > On Friday 28 March 2003 08:14 am, Zhi Cheng Wang wrote: > > Hi, Christopher > > > > Thanks. but the plain text passwd is really a concern and > also the user's > > passwd will change periodically on the win sys. it is a > quite large org, > > and the internal security is also an issue. > > > > cheng > > man smbmount and see the third options. > > You can use a credential file rather than a clear text > password in /etc/fstab. > The file can be made to readable to root only. I've never > done this before, > but it should not be difficult. > > RDB >
hi cheng, > Hi, Christopher > > we are using windows 2000 servers. we configured samba to use win server to authenticate users when they access Linux file from windows environment. ok, i am just a wee bit confused then; you have a windows 2000 advanced server running as a domain controller, additionally, you have linux box where samba has been configured to use the windows 2k as it's authentification server. further, you have shares on the linux box available to the network. does this sound about right? there is nothing particularily wrong with this arrangement, although I would have configured linux to be the domain controller and the 2k box as a domain member. this tends to be the preference if ever you decide to activate the terminal services (as microsoft reccommends that a terminal server not be a domain controller at the same time). needless to say, that you do not have to pay the client license when your domain controller is running under samba -- this can be a very persuaive argument to change the role -- i assume then you have pesuasive reason for the 2k server as well -- some sort of application that running there that cannot be migated to linux? (hint) typically, if not always, when a windows client becomes member of a windows domain, it create a hidden share for each drive/partition (i.e. c$, etc.). additionally, the windows client global group administrators is modified to include the domain administrator. once again, there is no need (or desire) to have all of the client passwords maintained somewhere for the administrator -- by having the domain admin declared as a local administrator on the client, the domain admin, from any machine on the network, can access any other domain member machine. to try, logon to w2k as admin, open up explorer, and type\\netbiosname\c$ and hit enter. if the client machine is a member, than no password is required to have full access to the client's disk should you wish to maintain a windows centric solution, than you could consider running winbind, which allows linux logins based on nt security. again, only under special instances would you want to do this ... but you may have a case that justifies it. check out winbind in the samba-howto collection. Cheers CC
<<attachment: winmail.dat>>
