>i wasn't thinking of crack solutions, i was thinking of a way of merging >unix and nt logins. but then realised that that is simply not possible. >except with PAMs. >lukesi wonder that nobody is talking about LDAP servers?! Unix vendors are close to have "ldap" in nsswitch.conf (with "files" "nis" ..) and there is "ypldapd" as another approach (almost ready ;)) should be relatively easy to do something like that on NT domain controlers. i'm not sure if there is something at the moment? there is another thing that can do the job: "KerbNet" from www.cygnus.com. this used to be a commercial product but it was converted into a freeware a few months ago. i personally believe that LDAP solution is the right approach since it addresses many other systems administration related issues. vterzic@systems.dhl.com
A non-text attachment was scrubbed... Name: not available Type: text Size: 1074 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/19971229/6753cf15/attachment.bat
> Also > the development of the free umich server code (which had its own > replication mode) seems to have stalled when the programmers were hired > away by Netscape.well, maybe for the best :) - netscape just released LDAP server 3.0 for all platforms. - this version supports "transaction logs" that provide safe updates... they claim that replication mechanism is quite stable now, we'll see .. - NT version of netscape LDAP comprises "synchronization service" that can be installed on a primary domain controller and provide synchronization between an NT SAM and an LDAP database. This is done through SSL! vterzic@systems.DHL.COM
Hi samba, This is more of an understanding question than a technical one. We have a mixed network of Unix servers (Mostly SCO UnixWare 7), Windows 95 and Windows NT machines. We mount UNIX partitions with samba to the windows clients. With security=user, when the Samba and Windows'passwords are the same, we can access the partitions without typing the password again. But when they are not the same, we need to enter the samba password when accessing the partition. The problem is that we need to synchronize both passwords so we enter it only once. The first solution I found was NISGINA which is a dll replacement, a registry setting for Windows NT and a daemon installation on UNIX side. It works well in a one way synchronization from Windows to UNIX's NIS server and Samba 2.0.4b. When you Ctrl+Alt+Delete on Win, you can change the passwords with an overloaded screen which is sending encrypted passwords through the network to the NIS and Samba servers. But the other problem occurs when a user changes his password on NIS or Samba, the Windows password is no longer synchronized... (This solution is valid for Win NT only and needs installation to all the clients) I have started back the researches on a solution where all flavors of Windows would log on against a Primary Domain Controller (PDC) and UNIX machines would log on against a NIS or Samba server. The only thing I need to find is a way to synchronize both PDC and NIS or Samba. With the new Samba's HEAD branch development, you can now set your Samba server as a PDC. I thought that this would be the best way if the Samba server would be the password server for Windows and UNIX machines. I know that these developments are not completely done yet, but I would like to know if this would solve our synchronization problems in both directions in a short term eventuality. It would be a better solution because we would only need to change things on the server, not on every clients. I would also like to know if I am wrong in my understanding and if anyone experienced an alternative solution. Sorry if this message is a bit long... Thanks, Guillaume Goulet Summer Student at Versaterm Guillaume.Goulet@Versaterm.com
I'm having a problem with encypted passwords. The only way I could finally get samba working was to enable plain text passwords in regedit, then in smb conifuration write the following: encrypt passwords = no update passwords = yes Once I was able to login to the Linux box from winblows network neighborhood I changed the smb.conf bacck to encrypt passwords = yes, etc... That works now. My question is is there an easier way to do this, so I dont have to go thru all of that when I add a new user? I also tried: [ cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd ] for adding new users and that would not work either. Is there anything else I can try?????? PLEASE HELP!
Hi, I'm trying to synchronize my smbpasswd with passwd but I cannot get it
to work. I am using samba 2.2.5.
My smb.conf
in my global i have these lines:
[global]
passwd program = /usr/bin/passwd %u
passwd chat = *Enter* %n\n *Retype* %n\n
unix password sync = Yes
I verified the path of the passwd program, typing the passwd program as root
gives out the message
e.g.
debian:~# passwd dodie
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
debian:~#
Tried also to put "passwd chat = *Enter* %n\n *Retype* %n\n *" but
that
didn't help as well. It does not sync with my passwd file everytime I change
the smbpasswd from swat (password option). Any help is highly appreciated.
Thank you in advance.
Sincerely,
Dominic
hi, i have three machines excellence, sapphire and integrity. excellence runs samba and acts as a pdc for domain ferrer-lan. sapphire also runs samba and is a member of domain ferrer-lan (security=domain). integrity runs windowsxp and is also a member of domain ferrer-lan. samba on both excellence and sapphire has unix password sync enabled and is syncing passwords just fine. so when i change password on integrity the local linux password on excellence gets synced too. however this leaves me with a different linux password on sapphire. since samba on sapphire is a member of domain ferrer-lan, is there a way to automagically sync to the local linux password? on samba startup? whenever connecting to samba on excellence? please help, thank you.
Jasper V. Ferrer wrote:> hi, i have three machines excellence, sapphire and integrity. excellence > runs samba and acts as a pdc for domain ferrer-lan. sapphire also runs > samba and is a member of domain ferrer-lan (security=domain). integrity > runs windowsxp and is also a member of domain ferrer-lan. > > samba on both excellence and sapphire has unix password sync enabled and > is syncing passwords just fine. so when i change password on integrity the > local linux password on excellence gets synced too. however this leaves me > with a different linux password on sapphire. > > since samba on sapphire is a member of domain ferrer-lan, is there a way > to automagically sync to the local linux password? on samba startup? > whenever connecting to samba on excellence? > > please help, thank you. >This is a normal password sync problem that has plagued the nixes for years. However, there is some excellent tools out now-a-days that make this problem trivial. I run two Linux servers and two linux desktops in an otherwise all Windows network. I separate my linux logins into two categories: User Accounts; and System Accounts. System accounts are accounts such as: root; ftp; service; apache; mysql; and other such accounts that are system/server specific. For this I use the standard Unix password system and PAM. User accounts though are a different situation completely. For these, I use an OpenLDAP server with the nss_ldap and pam_ldap tools from padl.com. When set up correctly, all the user accounts will be visible via PAM authentication, and your password sync will store the data in LDAP. Therefore, a change in password in either location, will actually reflect on all nix or Mac computers using the LDAP for authentication. HTH Kevin Fries