Up until recently, I started having problems with winbind on a webserver I admin, connected to a NT4 domain hosted on a Samba 2 server. We were utilizing winbind to obtain valid user login accounts from the Samba server to server webpages for our users. The home directories were NFS mounted to the Samba server, Apache2 on SuSE 10 (X86-64) was the webserver. Due to lack of available storage resources, our system partition filled, and winbind was behaving erratically. Winbind would randomly have issues translating usernames to SIDs and wbinfo -u and wbinfo -g would completely fail. While winbind is technically "the right way", providing user accounts to the system and allowing Apache's mod_userdir to provide ~user URLs, it seemed like overkill. The box didn't need real users, since it never really needs to authenticate them. The fileserver is otherwise accessible for the users to make page or file updates. The webserver simply need to translate the ~user URL requests to the static path /home/user/public_html. I knew Apache has URL aliasing and with a cleverly simple regex, you can make this happen, minus the mod_userdir module.
Add the following line somewhere in your httpd.conf (or more relevant include conf file):
AliasMatch ^/~([^/]*)/?(.*) /home/$1/public_html/$2
My /home is NFS mounted to the Samba server's /home path. Obviously, you can tweak the "destination" of the alias match to your needs. Also, be sure to stop Apache from loading mod_userdir since you don't want it stepping over your alias, or vice-versa. The alias has been working for several hours now, with no interruption to service, and no support calls so far. I can't really find the downside to using it, only that you save a little bit of system resources by not loading the module (or needing to compile it in to Apache). It could perhaps even be slightly more secure, since the users don't actually exist on your webserver...
(Page 1 of 1, totaling 1 entries)
