Re: [Samba] Configuring Samba with NIS

Fri, 08 Aug 2008 06:53:21 -0700 

Harvey, Edward wrote:

Hey all.

I have a bunch of linux servers, all using NIS to maintain 
username/password/UID/GID information.  I'm trying to make the filesystems 
browsable from Windows XP, while maintaining correct UID/GID info.  It seems this 
would be really simple, just let the user login to \\linuxmachine with his/her 
linux username & password, and everything they do happens as them.  As you know 
- no such thing.  :-(

I'm using RHEL 4u4 x86_64, samba 3.0.10-1.4E.9, swat 3.0.10-1.4E.9

In swat, it seems to indicate available "auth methods" are "guest sam winbind" 
and some deprecated stuff I shouldn't use.

I guess there is no auth method to use the local passwd/shadow files, or NIS 
database?
Also, I guess there is no idmap backend to simply map UID/GID based on username?

* I cannot use the essentially randomly generated UID/GID scheme.
* I will have a very difficult time to use winbind (I don't have windows domain 
admin access, and those who do are difficult to convince they should type the 
domain admin pass on some prompt when they don't understand the prompt.)
* I prefer not to use a cronjob on every machine to regenerate the smbpasswd 
all the time.  Also, by looking around, it doesn't appear this is possible 
anyway.

Is there any graceful solution here?

I don't see the need for *yet* another password database...

Thanks for any suggestions...  I have been googling and browsing fanatically....


This will work if samba is setup as PDC.
Add the NIS user to samba with smbpasswd -a <username>. Setup the passwd program. 

smb.conf:

   passwd program = /root/newpasswd %u

/root/newpasswd:

   #!/bin/sh
   passwd $@
   pushd /var/yp
   /usr/bin/make -f Makefile.passwd
   popd
/var/yp/Makefile.passwd is just /var/yp/Makefile edited to only update passwd.
A password change from Windows will now update both databases. But then there's the hassle of asking users for their existing NIS password so you can add it to smbpasswd. Instead, just set it to <some_win_passwd>, have the user login to Windows with <some_win_passwd>, password change from Windows will then sync both databases to the same new password. 



--
Toby Bluhm
Alltech Medical Systems America, Inc.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to