[Wylug-discuss] EeePC and Samba
John Leach
john at johnleach.co.uk
Fri Jan 11 16:59:34 GMT 2008
On Fri, 2008-01-11 at 15:57 +0000, John Hodrien wrote:
> On Fri, 11 Jan 2008, John Leach wrote:
>
> > I actually quite like Samba/SMB and use it to connect all my boxes on my
> > home LAN. I think it generally simplifies things compared to NFS and
> > provides proper authentication, rather than the usual NFS IP based auth.
> > This is of course dependent on your own needs.
>
> Although by proper, I guess you mean "nearly proper". Most people don't run
> either NFS or CIFS with kerberos auth (which is probably the closest to proper
> that currently exists). I'll agree what you end up with using CIFS is
> "better", but it's certainly not ideal.
Yes, I should have been clearer - definitely "nearly proper". I see
username/password as better than IP based - in my (limited) experience
of NFS, it's usually set up with IP based auth, whereas Samba always
uses username/password auth.
I also thought Samba supported ssl/tls encrypted/authenticated sessions
though some fairly comprehensive Googling has suggested this was just a
messy hack using stunnel/sslproxy.
> How does multi-user authentication with CIFS mounts currently work under
> linux?
Interesting question. If I mount a CIFS share as root, the file
listings show the uid/gids of the files from the servers user
database.
If my uid matches on my local machine, I can access them (this is why I
prefer SMB at home, because I prefer the files to look owned by the
connecting user).
I suppose root would arrange the authenticated mount, then access for
users on that client are controlled with normal filesystem permissions.
Very much like NFS I guess, but just with a username/password on mount.
I understand this stuff is done with some UNIX extensions to the
protocol that are negotiated on connection, so it doesn't affect Windows
clients.
http://samba.org/samba/CIFS_POSIX_extensions.html
http://wiki.samba.org/index.php/UNIX_Extensions
I am being rather vague about this - my experience with all this stuff
is admittedly a bit old :)
John.
--
http://johnleach.co.uk
More information about the Wylug-discuss
mailing list