samba - Apr 2002 - Passwords & Multiple servers: Help please!

OK below is a digram explaining my network.  This is a school network where
each server takes care of a specific computer room.

Internet     +---------+
-------------| Gateway |          Netmask throughout: 255.255.255.0
             +---------+          (i.e. a subnetted class B domain)
                | 172.22.1.1
                |
                |
                | 172.22.1.2 +--------+  172.22.2.1 etc
                +------------| Serv_1 |------+------+------+------+------+
                |            +--------+      |      |      |      |      |
                |                            win98  win98  win98  win98  win98
                |                           client client client client client
                |
                | 172.22.1.3 +--------+  172.22.3.1 etc
                +------------| Serv_2 |------+------+------+------+------+
                |            +--------+      |      |      |      |      |
                |                            win98  win98  win98  win98  win98
                |                           client client client client client
                |
                | 172.22.1.4 +--------+  172.22.4.1 etc
                +------------| Serv_3 |------+------+------+------+------+
                             +--------+      |      |      |      |      |
                                             win98  win98  win98  win98  win98
                                            client client client client client

On the gateway I have NIS (yellow pages), NFS, NAT, Firewall etc. running and
functioning properly.  All the users are created on the gateway with the home
directory exported via nfs and passwords via NIS.

I found through documentation that I need a samba server to be running one
level up from each client.  i.e. on each of servers 1, 2 and 3. If it is
possible to have one samba server on the gateway it would solve all my
problems.  The biggest problem with that is that there is no way (at least from
my research) to export the smbpasswd file via NIS.  On each of servers 1, 2 and
3 smb.conf is ok, login script is ok and indipendantly everything wroks well.

My problem is as follows.  I need a person to be able to login from any
workstation in every room.  At the moment this involves changing the samba
password on each server and physically going to every room to do so.  The rooms
are far apart and this is quite a physical activity, especially when you
consider setting some 100+ passwords for kids.  I tried using "smbpasswd -r
serv_2 -U username" for example from serv_1 but it returns an error
"machine
serv_2 rejected the password change: Error was : The specified password is
invalid.".  I also tried with a -a option but i get the standard help
message
for smbpasswd so I think the -a and -r options don't go together.

I know it is possible to synchronise the smbpasswd file and the passwd file if
they are both on the same server.  Is it possible to synchronise the smbpasswd
on the local server and the passwd coming from the gateway via NIS? I tried but
I couldn't get it to work. If so, will it then synchronise with the other
servers?

Could an alternative be to set one of the samba servers as a primary domain
controller and the others as secondary controllers?  Will they then share the
same smbpasswd?  If so I need help as to how to do this.  The documentation is
not very clear.

Thanks 
Mark



__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

"Mark A. Tagliaferro" wrote:
> 
> OK below is a digram explaining my network.  This is a school network where
> each server takes care of a specific computer room.
> 
> Internet     +---------+
> -------------| Gateway |          Netmask throughout: 255.255.255.0
>              +---------+          (i.e. a subnetted class B domain)
>                 | 172.22.1.1
>                 |
>                 |
>                 | 172.22.1.2 +--------+  172.22.2.1 etc
>                 +------------| Serv_1 |------+------+------+------+------+
>                 |            +--------+      |      |      |      |      |
>                 |                            win98  win98  win98  win98 
win98
>                 |                           client client client client
client
>                 |
>                 | 172.22.1.3 +--------+  172.22.3.1 etc
>                 +------------| Serv_2 |------+------+------+------+------+
>                 |            +--------+      |      |      |      |      |
>                 |                            win98  win98  win98  win98 
win98
>                 |                           client client client client
client
>                 |
>                 | 172.22.1.4 +--------+  172.22.4.1 etc
>                 +------------| Serv_3 |------+------+------+------+------+
>                              +--------+      |      |      |      |      |
>                                              win98  win98  win98  win98 
win98
>                                             client client client client
client
> 
> On the gateway I have NIS (yellow pages), NFS, NAT, Firewall etc. running
and
> functioning properly.  All the users are created on the gateway with the
home
> directory exported via nfs and passwords via NIS.
> 
> I found through documentation that I need a samba server to be running one
> level up from each client.  i.e. on each of servers 1, 2 and 3. If it is
> possible to have one samba server on the gateway it would solve all my
> problems.  The biggest problem with that is that there is no way (at least
from
> my research) to export the smbpasswd file via NIS.  On each of servers 1, 2
and
> 3 smb.conf is ok, login script is ok and indipendantly everything wroks
well.
> 
> My problem is as follows.  I need a person to be able to login from any
> workstation in every room.  At the moment this involves changing the samba
> password on each server and physically going to every room to do so.  
Firstly, get a copy of SSH, and use it.  No need to walk to servers...
> The rooms
> are far apart and this is quite a physical activity, especially when you
> consider setting some 100+ passwords for kids.  I tried using
"smbpasswd -r
> serv_2 -U username" for example from serv_1 but it returns an error
"machine
> serv_2 rejected the password change: Error was : The specified password is
> invalid.".  I also tried with a -a option but i get the standard help
message
> for smbpasswd so I think the -a and -r options don't go together.
smbpasswd can't be used to set a remote password, only change it.
> I know it is possible to synchronise the smbpasswd file and the passwd file
if
> they are both on the same server.  Is it possible to synchronise the
smbpasswd
> on the local server and the passwd coming from the gateway via NIS? I tried
but
> I couldn't get it to work. If so, will it then synchronise with the
other
> servers?
No, they are inconpatible hashes.
> Could an alternative be to set one of the samba servers as a primary domain
> controller and the others as secondary controllers?  Will they then share
the
> same smbpasswd?  If so I need help as to how to do this.  The documentation
is
> not very clear.
You should setup one machine as a primary domain controller, and join
the other machines to this domain.  Then do unix passwd sync on the PDC
to keep your NIS maps up-to-date.

If you want redundency, supplement the domain join with a rysnc-based
cron-job on smbpasswd.  (When set for bdc mode (domain logons = yes,
domain master = no) it should do this correctly).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net