Hi there,
You are not alone, I have been all though this and hit my
head against the wall. I did get it to work eventually.
The documentation does seem to be wrong (what there
is off it) and the mknissmbpasswd.sh does not
seem to work correctly. In the end I looked at the
source code and did it all by hand.
Diane Oman wrote:
> I'm a little less new to samba now - but having a heck of a time
> getting authentication to work. I'm running NIS+, configured samba
> with --with-nisplus --with-nisplus-home and --with-automount.
> Does anyone have some good nis/samba references? I'm striking
> out.
Ok the first question is do you really want to do this. If all
you wish to do is use the NIS+ tables to get the automount
home tables etc, then don't do it this way. Just switch on
'--with-automount' and '--with-nisplus-home' and use
a local file smbpasswd file. This is the simplest solution.
You only need to the '--with-nisplus' option if you really
want a NIS+'d smbpasswd file, unless you wish to use
this file across multiple machines then it is not really
necessary. I only stuck at it because I have a NIS+
master that is a different machine from our file
servers and I wished to have NIS+ managing the table
for all our file servers. If you only have one machine
what does it matter if the smbpasswd file is a NIS+
table or a file in etc.
> The smbpasswd file *does* have to become smbpasswd.org_dir for
> samba to work. I first created the smbpasswd file using
> niscat passwd.org_dir | mksmbpasswd.sh which created smbpasswd.
The problem with this is that it does not fill all the fields
correctly. Either write a script or do it manually with
smbpasswd -a username. I played with this script
attempting to do the correct nisaddtblent and never
got it to do the right thing.
You will also need a the following line in you smb.conf
file (change monosys.com. for your domain).
---8<----
smb passwd file = smbpasswd.org_dir.monosys.com.
----8<----
NOTE - always kill all smbd & nmbd processes if you
make a change to this stuff. I found that it does not
reconfigure correctly but that might have been a perception
problem.
> [stillwater:root] % niscat smbpasswd.org_dir | grep oman
>
oman:1010::::[U,:NO,PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX::::::::::::::
----8<----
jonathan:637:0x0:0:0x0:[U
]:*NP*:*NP*:LNT-FFFFFFFF:LOT-FFFFFFFF:KOT-FFFFFFFF:LCT-3917FCF:CCT-FFFFFFFF:MCT-FFFFFFFF::::::::
----8<-----
You are getting error because you don't have the closing ']' in the
6 field.
I spent hours attempting to fix this and gave up, just use the
smbpasswd command it does it right everytime.
Anyway my NIS+ table has these params, I hand made
this table using the standard NIS+ table create stuff
using the source code to figure it out.
-------8<-------
darling$ niscat -o smbpasswd.org_dir
Object Name : "smbpasswd"
Directory : "org_dir.monosys.com."
Owner : "chief.monosys.com."
Group : "smb.monosys.com."
Access Rights : ----rmcdrmcd----
Time to Live : 12:0:0
Creation Time : Thu Apr 27 12:57:02 2000
Mod. Time : Thu Apr 27 12:57:02 2000
Object Type : TABLE
Table Type : smbpasswd_tbl
Number of Columns : 22
Character Separator : :
Search Path :
Columns :
[0] Name : name
Attributes : (SEARCHABLE, TEXTUAL DATA, CASE SENSITIVE)
Access Rights : r---r---r---r---
[1] Name : uid
Attributes : (SEARCHABLE, TEXTUAL DATA, CASE SENSITIVE)
Access Rights : r---r---r---r---
[2] Name : user_rid
Attributes : (SEARCHABLE, TEXTUAL DATA, CASE SENSITIVE)
Access Rights : r---r---r---r---
[3] Name : smb_grpid
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[4] Name : group_rid
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[5] Name : acb
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[6] Name : lmpwd
Attributes : (TEXTUAL DATA)
Access Rights : ----rm--r-------
[7] Name : ntpwd
Attributes : (TEXTUAL DATA)
Access Rights : ----rm--r-------
[8] Name : logon_t
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[9] Name : logoff_t
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[10] Name : kick_t
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[11] Name : pwdlset_t
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[12] Name : pwdlchg_t
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[13] Name : pwdmchg_t
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[14] Name : full_name
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[15] Name : home_dir
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[16] Name : dir_drive
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[17] Name : logon_script
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[18] Name : profile_path
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[19] Name : acct_desc
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[20] Name : workstations
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
[21] Name : hours
Attributes : (TEXTUAL DATA)
Access Rights : r---rmcdrmcdr---
-------8<-------
Good luck and I hope this helped.
--
/ The whole history of this invention has been a struggle
/\|/\ against time - Charles Babbage 1837 on the Analytical Engine
| K | All Hail Discordia - Burn all Orange Books!
\___/ david.allan@finch.org - http://www.ironfort.com