synchronisation between SMB userhome’s GUID/UID with Mac OS X WGM/OD GUID/UID

[zebrac]

Ok guys…tougher one 😉

It has taken some time, but I’ve finally gotten to a point where I have SMB userhomes working correctly within Mac OS X Server. The clients authenticate against their username/password pair in OpenDirectory, on the Mac OS X server 10.4.9, then use their share located on a large Solaris Samba share.

Now, the big problem that exists? When the initial sharepoint was created for these users, we used the following string as the connection mechanism within the dscl tool in Mac OS X Server:

[code]append . VFSOpts “url=smb://;AUTH=NO%20USER%[email protected]/sharenamehere”[/code]

Now, can anyone see the problem with this? The user is “always” authenticating to OD first as the real “them”, then passing through to the large, raw solaris SMB shares as “nobody”. A directory listing on the OSX_Userhomes directory on the samba server shows:

[code]nobody:nobody joeblogshomedir[/code]

…as the effective permissions, with a UID of 60001 or something to this effect. How can I:

1. Make OD force the user to use THEIR credentials on the userhome account

2. Make the effective permissions on the shares not just “nobody:nobody”, so any old user can just browse through other users directly? In theory, the effective permissions on the solaris box should be something like:

[code]
drwxr-xr-x 23 joeblogs joeblogs 782 May 9 15:11 joeblogshomedir[/code]

I assume there is some synchronisation between /etc/password and /etc/group required on the Solaris box with Mac OS X’s – but how? LDAP? Kerberization? Little help?

Cheers.

z.

[Author]

Posts