Author: Gary Language: text
Description: NAS authentication Timestamp: 2014-08-21 02:47:53 +0000
View raw paste Child paste by: gary Reply
  1. I would be so appreciative if you could give some advise on setting up authentication on shares. From my understanding, NFS bases security on IP, so I donít think I want NFS. Iím not clear how CIFS handles authentication. I tried to mount using cifs with user names and had odd results. Then I had a big oh sh*t moment when I realized that my odd results were because it sent uid and gid and not the actual namesÖ. And there was no mapping of users from machine A to B.
  2.  
  3. I am a programmer not an IT guy, although I donít mind playing around to figure things out. The reality is that there is so little time in the day and I just want this to work correctly at this point so I can get back to coding some of my hobby projects. Later I can fiddle with it. I would be so very happy if you guys can help out a bit with sound advise for setting up for home use. I realize that a directory service is probably needed, if I can avoid it, great else I have a RaspberryPi I could put it on.
  4.  
  5. Configuration:
  6. The NAS is a home deployment:
  7.  
  8. 4 Linux clients
  9. 2 osx clients
  10. 1 future PCBSD client
  11.  
  12. Here are sample generic users:
  13. me
  14. wife
  15. kid1
  16. kid2
  17. groups:
  18. me, wife, kid1,2
  19. family: me,wife,kid1,2
  20. adults: me, wife
  21.  
  22. datasets:
  23. me me:rw, wife:r, kids:0 me wife 750
  24. wife wife:rw, me:rw, kids:0 me wife 770
  25. kid1,2 kid1,2:rw, adults:rw kid1,2 adult 770
  26. pictures me:rw, family:r me family 750
  27. music me:rw, everyone:r me family 755
  28.  
  29. I setup unix permission for owner:group and other to follow my the above setup.
  30.  
  31. mount.cifs //marvin.local/backsterCIFS ./mnt/ -o credentials=~/.ssh/mount.perm,,uid=1000,gid=1000,forceuid,forcegid,noperm,rw
  32.  
  33. I did the above mount and it worked (manually mapping), but itís a really crappy solution. And renumbering each machine is probably worse. Besides using a directory service, is there a way to make this work?
  34.  
  35. Questions:
  36. Can you also explain authentication for NFS and CIFS and why they recommend to use the nobody account when setting up unix perm on freenass and cifs?
  37.  
  38. If I have to use a directory service, can my home dir (profile) reside on the local machine so I have the same config when logged in locally? Can you do a tutorial and/or recommend which one to use?
View raw paste Child paste by: gary Reply