Hi, I have a few questions. My goal is to run NIS and samba so I have a central point of passwd control and just one place to change passwords. I will eventually have 5 samba servers so this is quite important to me as I don't want to have to change passwords and setup passwords on 5 servers when changing or adding new users. Can this be done? So that if a user changes his password for samba it changes it in NIS as well? Do I have to run my samba server as a windoze PDC and have everyone belong to the windoze domain is the next question? As I can't figure out how you would change your password from a workstation on another server in a workgroup, I would guess it would have to be a domain with the samba server running as a PDC... I'm not keen on domains and would rather just use a workgroup as the domain I currently have under windoze has given me more problems than it was worth as I my users don't really hot-seat, so other than password syncing, it was a waste. I've done a pretty good search on NIS and samba over the last couple days and I haven't found any HOWTOs... if anyone has any pointers to docs, I'd very much appreciate it. Thanks Bill
Hi I have solved the SAMBA/NIS password syncronization for our case. We have a Samba PDC that is also the NIS server. You may find some explanations a the source code at http://linuxconsulting.planetaclix.pt/soft/smb2nis.html ------------------------------------------------------------------------------------ Andr? Moreira (http://www.dei.isep.ipp.pt/~andre) Linux Consulting (http://linuxconsulting.planetaclix.pt) ------------------------------------------------------------------------------------ ----- Original Message ----- From: Bill Dossett <bd@emtex.com> To: <samba@lists.samba.org> Sent: Tuesday, September 03, 2002 3:44 PM Subject: [Samba] samba and NIS?> Hi, > > I have a few questions. My goal is to run > NIS and samba so I have a central point of passwd control > and just one place to change passwords. I will eventually > have 5 samba servers so this is quite important to me as > I don't want to have to change passwords and setup passwords > on 5 servers when changing or adding new users. > > Can this be done? So that if a user changes his password > for samba it changes it in NIS as well? > > Do I have to run my samba server as a windoze PDC and > have everyone belong to the windoze domain is the next > question? As I can't figure out how you would change your > password from a workstation on another server in a workgroup, > I would guess it would have to be a domain with the samba server > running as a PDC... I'm not keen on domains and would rather > just use a workgroup as the domain I currently have under > windoze has given me more problems than it was worth as I > my users don't really hot-seat, so other than password > syncing, it was a waste. > > I've done a pretty good search on NIS and samba over the last > couple days and I haven't found any HOWTOs... if anyone > has any pointers to docs, I'd very much appreciate it. > > > > Thanks > > Bill > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Hi Bill,>From: Bill Dossett <bd@emtex.com> >To: samba@lists.samba.org >Subject: [Samba] samba and NIS? >Date: Tue, 03 Sep 2002 15:44:47 +0100 > >Hi, > >I have a few questions. My goal is to run >NIS and samba so I have a central point of passwd control >and just one place to change passwords.I've done this ever since day one of my Samba setup and there's one key question to ask yourself before you start. Are you using (or going to use) encrypted passwords? If not, then Samba set up is a no-brainer. So long as Samba is compiled with NIS support (and on many platforms that's the default now), then Samba will use the NIS accounts and passwords straight away, and all the centralisation you've already done to get NIS to work will be used automatically. This is how I currently run my several Samba servers. If you want/need to use encrypted passwords, it's not quite so easy. By far and away the easiest way to start is to have the NIS master and the smbpasswd hosted on the same box.>Can this be done? So that if a user changes his password >for samba it changes it in NIS as well?Yup, and account management is also automatable.> >Do I have to run my samba server as a windoze PDC and >have everyone belong to the windoze domain is the next >question?As far as I can tell, no you don't. What I've done is to make the primary way to change a password at my site be the Samba way. So all attempts by users to change their password will (end up) going to the smbpasswd command (which uses the 'smbpasswd -r' option to connect to the NIS/SMB password server.) Then on the password server, I run Samba with 'unix password sync' enabled and a custom script to change the NIS password (to get round the requirement that 'yppasswd' requires the old password, even when run as root). Further, the 'ypmake' script that is run after any changes to the NIS master files (to rebuild the maps and propogate them to slave servers) has been extended to do some simple operations on the SMB passwd file. It now spots account creations and deletions and executes 'smbpasswd' commands (as root) to directly modify the SMBpasswd file. It can also spot (but not deal with) account re-names. (There's no 'smbpasswd' option to handle this at present). I'm happy to make my scripts available if anyone thinks they might be useful to them. Mac Assistant Systems Adminstrator @nibsc.ac.uk dmccann@nibsc.ac.uk Work: +44 1707 654753 x285 Everything else: +44 7956 237670 (anytime)
If you're just starting out with this i would recommend using ldap and libnss_ldap and samba's ldapsam instead. you can do the secure passwords easily this way and you won't have to deal with NIS... brad On Tue, 2002-09-03 at 10:44, Bill Dossett wrote:> Hi, > > I have a few questions. My goal is to run > NIS and samba so I have a central point of passwd control > and just one place to change passwords. I will eventually > have 5 samba servers so this is quite important to me as > I don't want to have to change passwords and setup passwords > on 5 servers when changing or adding new users. > > Can this be done? So that if a user changes his password > for samba it changes it in NIS as well? > > Do I have to run my samba server as a windoze PDC and > have everyone belong to the windoze domain is the next > question? As I can't figure out how you would change your > password from a workstation on another server in a workgroup, > I would guess it would have to be a domain with the samba server > running as a PDC... I'm not keen on domains and would rather > just use a workgroup as the domain I currently have under > windoze has given me more problems than it was worth as I > my users don't really hot-seat, so other than password > syncing, it was a waste. > > I've done a pretty good search on NIS and samba over the last > couple days and I haven't found any HOWTOs... if anyone > has any pointers to docs, I'd very much appreciate it. > > > > Thanks > > Bill > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > >
>Date: Wed, 04 Sep 2002 14:14:59 +0200 >From: Uwe Lienig <Uwe.Lienig@fif.mw.htw-dresden.de> >Organization: Forschungsinstitut Fahrzeugtechnik -FiF- >To: Mac <dmccann@nibsc.ac.uk> >Subject: Re: [Samba] samba and NIS? > >> I'm happy to make my scripts available if anyone thinks they might be >> useful to them. > >This would be very kind to to have a look at the script if they may be adopted >for my setup. Would you be so kind as to share your work with others ?Right, for my sins I've just written a quick page about my NIS/SMB password file integration. It's here:- http://www.nibsc.ac.uk/~dmccann/smb/ypzapnpasswd Comments, bouquets, brickbats all gratefully received. Mac Assistant Systems Adminstrator @nibsc.ac.uk dmccann@nibsc.ac.uk Work: +44 1707 654753 x285 Everything else: +44 7956 237670 (anytime)
Hi All,
URL error in my previous message, it should read:-
http://www.nibsc.ac.uk/~dmccann/smb/
Mac
Assistant Systems Adminstrator @nibsc.ac.uk
dmccann@nibsc.ac.uk
Work: +44 1707 654753 x285 Everything else: +44 7956 237670 (anytime)
At 05:04 PM 9/4/02 +0100, Mac wrote:>Comments, bouquets, brickbats all gratefully received.Just a Bravo, I'm afraid, for a fabulously lateral solution. I have bookmarked this site in case I need to do this later, I've never needed to yet, but thanks all the same. - Martyn Ranyard Free Software Advocate jabber - joran@amessage.de icq - 122500800 irc - Joran on oftc msn - ranyardm@hotmail.com e - ranyardm@lineone.net