# appletalk proxy to NAS box



## theed (Jun 20, 2002)

I have a SERIOUS project.  My university is moving its network file space from NT (with crappy appletalk support) to a NAS (Network Attached Storage) box that only shares via CIFS (windows) and NFS.

The current solution we're working on is netatalk and NFS so that a UNIX box can proxy appletalk connections for the NAS box, but it requires that we have users on the local system so that appletalk processes can be spawned off as the appropriate user, AND we can only get it to use plaintext appletalk passwords.  This sucks even worse than the old NT solution:

Can I get Mac OS X (or darwin) to allow logon according to kerberos or LDAP (whatever win2K uses) so that we don't have to duplicate every account on the proxy box?  Could I get it to transport the passwords encrypted?

I'm gonna try some stuff, so if no one else has any input, this will be my own personal saga thread.


----------



## theed (Jul 11, 2002)

I can get Mac OS X to authenticate against Active Directory in Win2K thanks to a handy pdf from Apple titled MacOSXwithActiveDirectory.pdf - and the only downside for the Windows admins is that it wants a nonstandard field in the (schema) Active Directory setup.  A UID.  You'd think that a numerical UID would be a decent thing to have, but M$ apparently doesn't live like that.

So I have a mac that allows login if authenticated either by local stuff or by Win2K Active Directory, great.  Downside is that remote file access (AFP) to this box demands old school plaintext password transfers.  Assuming I can live with that, now all I need to do is share and NFS mounted drive...

I can access an NFS mounted drive with appropriate permissions.  I mounted it with the mount command as root. but when I go to the sharing setup stuff in the Server Administration stuff, it doesnt' show the NFS mounts.  I can't share them.

Can I get NFS mounts to be treated as local so that I can share them via AFP?  I estimate about $10,000 in lost time this coming year if we can't.  So it's definitely worth some effort to make this go.  Otherwise, netatalk on Solaris, and tweaking userlists with scripts.


----------

