Hey all. I have a bunch of linux servers, all using NIS to maintain username/password/UID/GID information. I'm trying to make the filesystems browsable from Windows XP, while maintaining correct UID/GID info. It seems this would be really simple, just let the user login to \\linuxmachine with his/her linux username & password, and everything they do happens as them. As you know - no such thing. :-( I'm using RHEL 4u4 x86_64, samba 3.0.10-1.4E.9, swat 3.0.10-1.4E.9 In swat, it seems to indicate available "auth methods" are "guest sam winbind" and some deprecated stuff I shouldn't use. I guess there is no auth method to use the local passwd/shadow files, or NIS database? Also, I guess there is no idmap backend to simply map UID/GID based on username? * I cannot use the essentially randomly generated UID/GID scheme. * I will have a very difficult time to use winbind (I don't have windows domain admin access, and those who do are difficult to convince they should type the domain admin pass on some prompt when they don't understand the prompt.) * I prefer not to use a cronjob on every machine to regenerate the smbpasswd all the time. Also, by looking around, it doesn't appear this is possible anyway. Is there any graceful solution here? I don't see the need for *yet* another password database... Thanks for any suggestions... I have been googling and browsing fanatically.... This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin@patni.com and delete this mail.
Harvey, Edward wrote:> Hey all. > > I have a bunch of linux servers, all using NIS to maintain username/password/UID/GID information. I'm trying to make the filesystems browsable from Windows XP, while maintaining correct UID/GID info. It seems this would be really simple, just let the user login to \\linuxmachine with his/her linux username & password, and everything they do happens as them. As you know - no such thing. :-( > > I'm using RHEL 4u4 x86_64, samba 3.0.10-1.4E.9, swat 3.0.10-1.4E.9 > > In swat, it seems to indicate available "auth methods" are "guest sam winbind" and some deprecated stuff I shouldn't use. > > I guess there is no auth method to use the local passwd/shadow files, or NIS database? > Also, I guess there is no idmap backend to simply map UID/GID based on username? > > * I cannot use the essentially randomly generated UID/GID scheme. > * I will have a very difficult time to use winbind (I don't have windows domain admin access, and those who do are difficult to convince they should type the domain admin pass on some prompt when they don't understand the prompt.) > * I prefer not to use a cronjob on every machine to regenerate the smbpasswd all the time. Also, by looking around, it doesn't appear this is possible anyway. > > Is there any graceful solution here? > > I don't see the need for *yet* another password database... > > Thanks for any suggestions... I have been googling and browsing fanatically.... >Probably not the answer you want - but have you considered migrating your NIS solution to LDAP? I say this because after being frustrated with my own (small) NIS implementation, moving to LDAP solved a number of problems for me. Whether it solved more than it created.... -- Daniel
Harvey, Edward wrote:> Hey all. > > I have a bunch of linux servers, all using NIS to maintain username/password/UID/GID information. I'm trying to make the filesystems browsable from Windows XP, while maintaining correct UID/GID info. It seems this would be really simple, just let the user login to \\linuxmachine with his/her linux username & password, and everything they do happens as them. As you know - no such thing. :-( > > I'm using RHEL 4u4 x86_64, samba 3.0.10-1.4E.9, swat 3.0.10-1.4E.9 > > In swat, it seems to indicate available "auth methods" are "guest sam winbind" and some deprecated stuff I shouldn't use. > > I guess there is no auth method to use the local passwd/shadow files, or NIS database? > Also, I guess there is no idmap backend to simply map UID/GID based on username? > > * I cannot use the essentially randomly generated UID/GID scheme. > * I will have a very difficult time to use winbind (I don't have windows domain admin access, and those who do are difficult to convince they should type the domain admin pass on some prompt when they don't understand the prompt.) > * I prefer not to use a cronjob on every machine to regenerate the smbpasswd all the time. Also, by looking around, it doesn't appear this is possible anyway. > > Is there any graceful solution here? > > I don't see the need for *yet* another password database... > > Thanks for any suggestions... I have been googling and browsing fanatically....This will work if samba is setup as PDC. Add the NIS user to samba with smbpasswd -a <username>. Setup the passwd program. smb.conf: passwd program = /root/newpasswd %u /root/newpasswd: #!/bin/sh passwd $@ pushd /var/yp /usr/bin/make -f Makefile.passwd popd /var/yp/Makefile.passwd is just /var/yp/Makefile edited to only update passwd. A password change from Windows will now update both databases. But then there's the hassle of asking users for their existing NIS password so you can add it to smbpasswd. Instead, just set it to <some_win_passwd>, have the user login to Windows with <some_win_passwd>, password change from Windows will then sync both databases to the same new password. -- Toby Bluhm Alltech Medical Systems America, Inc.