Subject: Re: Authorization en masse
To: Louis Guillaume <firstname.lastname@example.org>
From: Luke Mewburn <lukem@NetBSD.org>
Date: 11/08/2004 19:08:56
Content-Type: text/plain; charset=us-ascii
On Sat, Nov 06, 2004 at 03:18:01PM -0500, Louis Guillaume wrote:
| I have a situation where there is a NetBSD file server running AFP=20
| services via Netatalk, but all the users for whom this service must be=
| available are stored in an Open Directory (OD) database.
| The questions are: On NetBSD...
Without knowing much of the specifics of OD, I'll try answering based
on my experience of integrating a NetBSD based file server running
Samba 3 into an Active Directory (ADS) environment. ADS runs
over LDAP and Kerberos5.
OD appears to use LDAPv3, based on a quick perusal of:
| 1. Must I create a local user account for each user (for authorization=
| purposes) if the authentication is to be done via Kerberos? (OD can be =
Generally, yes at this time.
If there's a way to get access to OD via a NIS(YP) emulation, then=20
you could use "nis" in nsswitch.conf(4).
Samba3+ADS uses either winbindd(8) via a dynamic nsswitch nss_winbind.so
module (which I've ported to NetBSD and will contribute back to Samba.)
I suppose it could use an nss_ldap.so, but PADL's hasn't been ported to
| 2. If the answer to "1" is "yes": is there software out there that will=
| automatically import the user accounts to the local user database? Or=
| will we have to do a script with "useradd"?
My gut feel is that for now you'll need to write a script.
Then you'll have to manage updates when users are added or removed
| 3. Has anyone had any success with such a scheme (involving a NetBSD=20
| fileserver) that would be willing to help out?
| ... The idea is that the Netatalk/NetBSD server will share up the Mac O=
| X users' home directories. As they log in at the login window they=20
| retrieve a tgt and a service ticket for the afp service on NetBSD,=20
| allowing them to mount their home directory.
No idea about the MacOS X client side requirements; I'm skivvy-challenged.
Various collegues (who are fellow NetBSD developers) do use MacOS X
and may have more insight.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)
-----END PGP SIGNATURE-----