garumuga@sahasrasolutions.com
2006-Jan-26 16:47 UTC
[Samba] samba authectication mechanism
Hi all, We are trying to use samba (ver 3.0.20b) on Linux 2.6.12.6 kernel version. We want to support multiple authentication mechanisms support that we are developing based on Samba server. Some of these authentication mechanisms that we are targetting are: UNIX password, NIS, LDAP mechanisms. We are able to successfully use the UNIX password to authenticate a Samba user while he tries to login into the Samba server. However, when the user is coming in from a NIS server, we get an error stating that "NT_STATUS_LOGON_FAILURE". We referred to some documentation that said that even after importing the NIS users from NIS server, we need to change the password using the smbpasswd command for a NIS user before Samba recognises this user as a valid one. Is this conversion from the NIS server database to the Samba password database a mandatory one? If so, we felt that this would be an additional overhead that has to be handled for each and every user by changing his password for Samba access? Have anyone tried to setup a Samba server with NIS system database without requiring a manual update of the password in the Samba database. We would ideally like the Samba authentication to recognise the password in the NIS database for that user. Any help that you can offer to get this resolved for us would be very highly appreciated. Have a good day, Thanks Govind
garumuga@sahasrasolutions.com wrote:> > We referred to some documentation that said that even after importing the > NIS users from NIS server, we need to change the password using the > smbpasswd command for a NIS user before Samba recognises this user as a > valid one. Is this conversion from the NIS server database to the Samba > password database a mandatory one?Yes, but the same should have been true of your users with data in the password file. Samba can only authenticate against the unix password database if you set "encrypt passwords = no", and reconfigure all of your clients so that they send plain-text passwords across the network.