Hi Rowland,
You are right. We are running some old software here, such as NIS. All these
started in 20 years ago when I joined the group and we had about 20-30
workstations running Linux. NIS was chosen at that time to manage user accounts.
Some users were not familiar with Linux, so we provided Samba to them so that
they could map Linux file systems to their computers. I know NIS is old
technology and can be replaced with others, such as LDAP. But this is clinical
research environment and is very difficult to change system. We have to live
with this system.
Fortunately, NIS is only used to manage account. And user authentication occurs
in AD. So there is not too much security concern here. I'll say it's not
easy to manage such a complicated and a little outdated system in a production
environment, because we cannot shut down the system for upgrade or maintenance.
For the Samba server, I just leave the production server running, and use
another server to test new version of Samba. If it works, we may switch the new
server as production system. Otherwise, we have to keep the current Samba server
running.
For the test Samba server, I followed the instructions to setup Samba, but
without winbind. In my test, everything works except that it cannot recognize
the short domain name YALE. If I use the full domain name yu.yale.edu,
everything works well. But it's difficult to ask all users to use the long
format. As I think, this seems a DNS issue. But I don't know how to tell
Samba server to resolve the short name YALE as long name yu.yale.edu. I wonder
if you or any experts here can provide any advice on this.
Thanks.
Zhongdong
-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny
via samba
Sent: Tuesday, May 7, 2024 2:20 PM
To: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Samba domain name in short format
On Tue, 7 May 2024 16:37:29 +0000
"Sun, Zhongdong" <zhongdong.sun at yale.edu> wrote:
> Hi Rowland,
>
> I don't mind in using any technology as long as it works. In Redhat 7
> and Samba 4.6, everything is simple and work well. But Redhat 7 is
> near end-of-life, and we have to move on. The next choice is Redhat 8,
> but we met with this strange problem. We also tried Ubuntu 22.04 with
> Samba 4.16 which didn't work neither. If you think Rocky 9 and its
> Samba/winbind will work, I'd like to try it.
>
> Let me provide some descriptions on the configuration here. This
> machine is a dedicated Samba server, which serves about 200-300 users.
> However, neither the file systems nor the user accounts are in this
> Samba server. The file systems are in several other NFS servers, and
> user accounts are in another NIS server. However, user accounts are
> their netids (like zs24) which are authenticated again Yale central
> AD. This is the only reason why the Samba server must join AD, i.e. to
> authenticate user.
It sounds like you are sharing NFS shares via Samba, for various reasons this is
not a good idea.
Your other problem is that NIS, for all intents and purposes, is dead.
>
> We managed to use sss to integrate user accounts with NIS and AD.
> With winbind, this doesn't work. Either it cannot find the user
> account, or the authentication always fail. If you think Rocky 9 with
> Samba/winbind can satisfy the requirements, I'll be happy to install
> Rocky 9 and all associated software in this server for test purposes.
> Let me know if you have any questions before I reimage the server.
I thought that you had been using redhat for some time, seemingly this isn't
the case.
Just what are you using NIS for ? It is a directory service in the same vein as
Active Directory, so you really do not need both.
>From my viewpoint, I have to ask, what is it with universities ? do they run
uptodate IT departments, or they really history departments ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba