Pam_SMB allows Linux clients to validate their passwords against an NT PDC, so the only thing you have to do is set up the accounts on the Linux side with an '*' in the /etc/passwd entry. This can be done using a list of users: #!/bin/bash for i in `cat myuserlist`; do /usr/sbin/adduser -p '*' $i with various other command line options, such as "-s /bin/nologin" for e-mail only clients and such. You have to edit the appropriate /etc/pam.d entries - login, imap, and so on - follow the instructions. I don't know if any of this applies to FreeBSD - as in if FreeBSD uses Pam, or if there are similar tools for FreeBSD's authentication method. There are some tools for NIS/Yellow Pages... Bill> SAMBA Digest 1883 > > For information on unsubscribing see http://samba.anu.edu.au/listproc > Topics covered in this issue include: > > 1) Re: NT3.51 slow file access > by "k.konzept" <klaus@bfad.de> > 2) Get popups > by Segei Kulakovsky <sk@ars.ml.org> > 3) Re: Dial in accounts > by Ole Holm Nielsen <Ole.H.Nielsen@fysik.dtu.dk> > 4) Virus Scanning: Unix Products > by "Cary T. Conrad" <conrad@messagesecure.com> > 5) Re: Virus Scan > by Anthony David <adavid@ajd.gw.dynamite.com.au> > 6) Re: User verification problem using password = server [2.0.0beta1] > by Anthony David <adavid@ajd.gw.dynamite.com.au> > 7) Nt-Client am Linux-Server > by =?ISO-8859-1?Q?J=FCrgen?= =?ISO-8859-1?Q?L=F6b?= <cip-jl@physik.uni-pa> derborn.de> > 8) Browsing > by Robert <robert@mhi-tx.com> > 9) samba 2 swat user id and password > by Sol Gongola <sol@mail.adldata.com> > 10) Samba Information. > by "Noll, Michael" <mnoll@eds.com> > 11) Freebsd + NT > by "Chad Thunberg" <chadth@atvideo.com> > 12) Re: Virus Scanner > by Christian Perrier <perrier@onera.fr> > 13) Re: password change problem > by Todd Pfaff <todd@edge.cis.McMaster.CA> > 14) Compile error 2.0.0beta1 > by "Karl Bolingbroke" <karl.bolingbroke@flyingj.com> > 15) samba 2.0 beta and shadow passwords > by Michael <michael@bizsystems.com> > > ---------------------------------------------------------------------- > > Date: Fri, 20 Nov 1998 09:58:53 +0100 (CET) > From: "k.konzept" <klaus@bfad.de> > To: samba@samba.anu.edu.au > Subject: Re: NT3.51 slow file access > Message-ID: <Pine.LNX.3.96.981120095226.27582A-100000@linserv.intern.bfad. > de> > > Hi Marc > > We had a similar problem. > Try to use: socket options = TCP_NODELAY > > Greetings, Klaus > > Klaus Konzept > Germany > Reply to: K.Konzept@bfad.de > > > > ------------------------------ > > Date: Fri, 20 Nov 1998 10:06:19 +0000 > From: Segei Kulakovsky <sk@ars.ml.org> > To: samba@samba.anu.edu.au > Subject: Get popups > Message-ID: <36553F1B.793648F5@ars.ml.org> > > How can I receive popups to group if it possible at all ? > (for instance: I am in group MYGROUP. Someone sent popup message using > Winpopup to all group MYGROUP) > In our dorms based network that situation is appeared quite often :) > > -- > Sergei Kulakovsky. > e-mail: sk@ars.ml.org > > ------------------------------ > > Date: Fri, 20 Nov 1998 12:03:59 +0100 > From: Ole Holm Nielsen <Ole.H.Nielsen@fysik.dtu.dk> > To: samba@samba.anu.edu.au > Subject: Re: Dial in accounts > Message-ID: <36554C9E.1CFBAE39@fysik.dtu.dk> > > Regarding remote network browsing: > We have had mixed success browsing Network Neighborhood from > PPP-connected Win95 PCs. Our servers are all SAMBA, no NT here :-) > The Win95s have WINS-server defined correctly in the network > setup (checked by running winipcfg). We wait a couple of > minutes after establishing PPP-connection, then try to > browse. Now, some Win95s (my OSR2.1, for example :-) browse > without problems, but others with a supposedly similar > setup cannot browse. Is the problem with older Win95 > versions, or something entirely different ? Note that > we are all dialing in to the same IBM-8235 router, so > everything ought to be the same, yet the Win95s seem to > behave differently. > > Ole Holm Nielsen > Department of Physics, Building 307 > Technical University of Denmark, DK-2800 Lyngby, Denmark > > ------------------------------ > > Date: Fri, 20 Nov 1998 07:13:30 +0500 > From: "Cary T. Conrad" <conrad@messagesecure.com> > To: samba@samba.anu.edu.au > Subject: Virus Scanning: Unix Products > Message-ID: <4.1.19981120071152.03f4cd00@192.9.200.5> > > There have been a few posts about virus scanning for UNIX. > > May I suggest that for a product that is FOCUSED on the Unix market, > check > out www.cyber.com > > Many years in the business, good company, smart people, good products. > > CC > > ------------------------------ > > Date: Sat, 21 Nov 1998 00:11:50 +1100 > From: Anthony David <adavid@ajd.gw.dynamite.com.au> > To: samba@anu.edu.au > Subject: Re: Virus Scan > Message-ID: <199811201311.AAA20820@ajd.gw.dynamite.com.au> > > From: Sandro Dentella <Sandro.Dentella@mi.infn.it> > > > > Hello Listers, > > > > does anyone know about virus scanners working on Unix hosts but > > scanning for all those bad vermin from the M$ world. > > Best solution (for me) would be a tight coupling with samba, > > monitoring the I/O as some PC scanners do. > > > > Any suggestions? > > For Solaris my customer uses VirusWall from Trend Micro as part of their > Proxy > and Mail Scanning. It runs a regular scan of the scanning hosts disks as > well. > > http://www.antivirus.com/ > > Regards > > -- > Anthony David | Save Ferris > Anthony David & Associates | Free Truman > http://adavid.netinfo.net/ | Redeem Londo > > ------------------------------ > > Date: Sat, 21 Nov 1998 00:24:54 +1100 > From: Anthony David <adavid@ajd.gw.dynamite.com.au> > To: chenriq@homeshopping.com.br > Cc: samba@samba.anu.edu.au > Subject: Re: User verification problem using password = server [2.0.0beta1 > ] > Message-ID: <199811201324.AAA20825@ajd.gw.dynamite.com.au> > > Date: Thu, 19 Nov 1998 22:55:33 -0200 > From: Carlos Henrique <chenriq@homeshopping.com.br> > > >David.Anthony (David.Anthony@comcare.gov.au) wrote: > >> Greetings > > > >> Having fun with Samba 2.0beta1 and security = server > >> Is there something missing in my config? > > > >Hi, > > > >Was your samba server included in NT PDC DOM? > > That has never been a specific requirement in the past. > > > > >Cheers. > > I received a private mail from the Samba team suggesting I remove > the domain (DNS) name from the password server and keep the > NetBIOS name only. The problem went away. We will see what happens > in the next Samba release. > > Regards > > -- > Anthony David | Save Ferris > Anthony David & Associates | Free Truman > http://adavid.netinfo.net/ | Redeem Londo > > ------------------------------ > > Date: Fri, 20 Nov 1998 14:51:11 +0100 > From: =?ISO-8859-1?Q?J=FCrgen?= =?ISO-8859-1?Q?L=F6b?= <cip-jl@physik.uni- > paderborn.de> > To: samba@samba.anu.edu.au > Subject: Nt-Client am Linux-Server > Message-ID: <365573CF.28AF@physik.uni-paderborn.de> > > Hallo, > I suppose thai I am right here, well, does anyone know if it is > possible, to configure a linux server so, that the login data for Win NT > - clients is stored on it. So that it can used instead of an Windows > NT-Domain-Server. And how is this possibple? > > please mailto: cip-jl@physik.uni-paderborn.de , because I am not > subscribed into this mailing-list. > > THANKS!!!!! > > cu > > Jürgen Löb > > ------------------------------ > > Date: Fri, 20 Nov 1998 08:33:08 -0600 > From: Robert <robert@mhi-tx.com> > To: samba@samba.anu.edu.au > Subject: Browsing > Message-ID: <36557DA3.3E42@mhi-tx.com> > > hello, > I was wondering if anyone has had the same problem I have or if anyone > knows what is going wrong. > I have 1.9.18p10 and everything is working fine exept the browsing..hold > on dont stop reading just yet. I know there is tons of docs on browsing > and problems with it, but this seems to be different than anything in > the docs.. > The samba server doesn't show up in a regular browse list but if I use > "find computer" it shows up no problem. > > I have Advanced File and Print Server on an SCO box that is acting as > the PDC (I believe my problem lies here) and in the log.nmb I get a > message "process_lanman_packet: on subnet 192.168.1.8 ignoring browse > packet command code 4 from MHI#00600<20> IP 192.168.1.2 to AFPS<00>" > where .8 is the samba server and MHI is the SCO box and AFPS is the > domain name. > > If anyone has any suggestions or even tell me I am stupid and where to > look in the docs, It would be greatly appreciated. I am trying to show > everyone that this little pile of free software can outperform Novell > and then some. :) > > thanks > Robert > > ------------------------------ > > Date: Fri, 20 Nov 1998 09:59:41 -0500 > From: Sol Gongola <sol@mail.adldata.com> > To: samba@samba.anu.edu.au > Subject: samba 2 swat user id and password > Message-ID: <365583DD.623B@mail.adldata.com> > > Connecting from swat on a w95 pc web browser (netscape) > to samba 2beta1 on aix 4.3.1, I tried using root and > several other user id/passwords but the only that accepted > was the user id associated with my PC logon ID. > > How is the required user id and password decided for connecting > to the samba server > -- > Sol Gongola (sol@adldata.com) > ADL Data Systems Inc > 20 livingstone ave > Dobbs Ferry, NY 10522 > > ------------------------------ > > Date: Fri, 20 Nov 1998 10:41:38 -0500 > From: "Noll, Michael" <mnoll@eds.com> > To: "'samba@listproc.anu.edu.au'" <samba@anu.edu.au> > Subject: Samba Information. > Message-ID: <1BB1608E616BD111AC6100A02462121274FEFF@usahm015.exmi01.exch.e > ds.com> > > I am an analyst for a large corporation and am interested in using Samba > in > a project for mine. I need one piece of the puzzle answered for me > though. > Can anyone tell me what is the maximum size of a file system can Samba > see. > I'm talking in Terabytes. If anyone could answer this for me, I'd truly > appreciate it. Could you send any responses to mnoll@eds.com. > > Thanks, > > Michael A. Noll > EDS/DMS > 248-265-7671 > mnoll@eds.com > > ------------------------------ > > Date: Fri, 20 Nov 1998 09:20:22 -0800 > From: "Chad Thunberg" <chadth@atvideo.com> > To: <samba@samba.anu.edu.au> > Subject: Freebsd + NT > Message-ID: <000c01be14aa$0dc76600$ef2376cc@chadth.atvideo.com> > > I am currently integrating Freebsd in a predominately NT network. I am > interested in using NT as a domain controller then using samba on the > other > servers. I know that samba supports this and you can set security > server, > but what I am also interested in is using the password list for the > passwd > file as well. So in theory I would like to download the NT user and > pass > list much like NT's bdc (backup domain controller) does. This may not > be > the correct mailing list to seek help on this subject but I thought it > would > be a start. Any information would be helpful > > Thanks, > Chad Thunberg > > "For the first time in my life I was reading things which had not been > approved by the Prophet's censors, and the impact on my mind was > devastating. Sometimes I would glance over my shoulder to see who was > watching me, frightened in spite of myself. I began to sense faintly > that > secrecy is the keystone of all tyranny." > -Revolt in 2100 > > > > ------------------------------ > > Date: Fri, 20 Nov 1998 18:30:48 +0100 > From: Christian Perrier <perrier@onera.fr> > To: Multiple recipients of list <samba@samba.anu.edu.au> > Subject: Re: Virus Scanner > Message-ID: <19981120183048.A1794@mykerinos.kheops.frmug.org> > > Quoting Hammond, Justin (Justin_Hammond@NAI.com): > > Hi, > > Network associates sell Netshield for Linux, and other Un*x's that does > just > > what you are after. > > it can be setup to scan only public directories for both Word/Excel > virus's > > and the more common exe/com virus's > > > > The problem is that I am pretty sure its discontinued product, but you > might > > be able to find a copy around somewhere > > It's not really a discontinued product, afaik. It is still on NAI > Product > List and DAT files are monthly updated. > > The problem is : how can one achieve a behaviour similar to NAI Netshield > on > Windoze NT server where all accessed files are scanned as soon as they > are > accessed. > > Netshield for Linux does just virus scanning on demand. But maybe some > sophisticated setup would do the job... > > ------------------------------ > > Date: Fri, 20 Nov 1998 16:29:54 -0500 (EST) > From: Todd Pfaff <todd@edge.cis.McMaster.CA> > To: samba@samba.anu.edu.au, samba-technical@samba.anu.edu.au > Subject: Re: password change problem > Message-ID: <Pine.GSO.3.96.981120153431.14301X-100000@edge> > > I posted my original question below to the samba-ntdom list but it seems > to be the wrong place to be discussing this problem so I'm moving my > follow-up to these lists. > > Background...I used to be using smbpasswd and the "unix password sync", > "password chat", and "password program" settings to keep my smb passwords > and unix passwords in sync. This was working well in an earlier release > of 1.9.18 but one of the messages below indicates that this broke in > 1.9.18p10. I didn't notice it was broken until recently when I started > using 2.0.0beta1 and so I thought that it was broken only in the 2.0.0 > samba domain control code. > > I wrote: > > > I'm using samba-2.0.0beta1. > > > > When trying to change a password as a non-root user with smbpasswd I > get > > the following message from smbpasswd: > > > > machine 127.0.0.1 rejected the password change: Error was : The > specified > > password is invalid. > > > > and the following message in log.smb: > > > > [1998/11/20 14:36:49, 0] smbd/chgpasswd.c:check_oem_password(684) > > check_oem_password: incorrect password length (1780921600). > > > > Whoa! I didn't type that many characters in my password! :-) > > > > Is this a known problem? Is there a fix in a later alpha? > > > Replies and my responses below... > > On Fri, 20 Nov 1998, Douglas K. Fischer wrote: > > > I've run across the same problem in 1.9.18p10 (see postings to > > samba-technical and main samba lists). I'm still trying to figure out > > exactly what's happening here but it seems that either the client is > > passing a bad data string into SamOEMhash or something wierd is > happening > > inside of SamOEMhash. Of course, it could be something else entirely, I > am > > far from a Samba guru... > > > > Douglas > > > > ---------------------------------------------------------------------- > > Douglas K. Fischer DFischer@Bridgewater.EDU (540) 828 - 5343 > > Network Systems Engineer C. E. Shull Information Technology Center > > College Box 36 Bridgewater College Bridgewater, VA 22812 > > ---------------------------------------------------------------------- > > > On Fri, 20 Nov 1998, Carlos Henrique wrote: > > > > > Have you "unix password sync = yes" in smb.conf file? > > Yes. In fact, the unix password change is working fine but then the smb > password change fails, which means my unix and smb passwords are getting > out of sync, which is what "unix password sync" is supposed to avoid. > > > Have you any limit for unix passwords? > > Only the standard Solaris 2.5 password defaults which impose a minimum > password limit of 6 characters. But this isn't the problem since, as I > said, the unix password change (via the password chat) is working fine. > > > If the answer is yes for these questions, it's the problem. > > Else... I don't know...(I have similar problem). > > Thanks for the replies. > > -- > Todd Pfaff \ Email: pfaff@mcmaster.ca > Computing and Information Services \ Voice: (905) 525-9140 x22920 > ABB 132 \ FAX: (905) 528-3773 > McMaster University \ > Hamilton, Ontario, Canada L8S 4M1 \ > > > > > > > > > > ------------------------------ > > Date: Fri, 20 Nov 1998 17:27:40 -0700 > From: "Karl Bolingbroke" <karl.bolingbroke@flyingj.com> > To: samba@samba.anu.edu.au > Subject: Compile error 2.0.0beta1 > Message-ID: <3.0.6.32.19981120172740.009242d0@mail.flyingj.com> > > Hi, > I'm having trouble compiling version 2.0.0beta1. The compile aborts > with > the following error: > ------------------------------------ > Using LIBS = -lreadline -ldl -lcrypt -lpam > Compiling smbd/server.c > Compiling smbd/files.c > /tmp/cca14570.s: Assembler messages: > /tmp/cca14570.s:2505: Error: Can't emit reloc {- *UND*-seg symbol > "file_find_li_ > next"} @ file address 21056. > make: *** [smbd/files.o] Error 1 > ------------------------------------- > The machine is an HP Pentium 90. It is running RedHat 5.2. The Linux > kernel is version 2.0.36. The gcc package is 2.7.2.3-14. > > Can anyone help me with this? My background is primarily networking, so > the C error messages don't mean much to me. Thanks for anything you can > do. > > Karl > > > ------------------------ > Karl Bolingbroke > Flying J Inc. > 435-734-6404 > ------------------------ > > ------------------------------ > > Date: Fri, 20 Nov 1998 21:40:34 -0800 (PST) > From: Michael <michael@bizsystems.com> > To: samba@samba.anu.edu.au > Subject: samba 2.0 beta and shadow passwords > Message-ID: <Pine.LNX.3.91.981120213850.11647A-100000@pandora.is.bizsystem > s.com> > > So.... does configure figure out the necessary stuff for Linux shadow > passwords or does it have to be done by hand?? > > If so, for the 'C' challenged, what exactly does one have to do. > > > Thanks > Michael > > ------------------------------ > > End of SAMBA Digest 1883 > ************************