[Samba] Passwords & Multiple servers: Help please!

Mark A. Tagliaferro be_lak at yahoo.co.uk
Tue Apr 9 02:37:03 GMT 2002 

Thanks a million.

I've been an idiot.  It was there looking at me begging to be noticed and I was
blind.  Anyway, I've set up the PDC on the gateway, password syncing and
everything, set the other sambas to look up passwords on the PDC and it's
working fine now.

Halleluja!!!!!

Regards,
Mark

 --- Andrew Bartlett <abartlet at pcug.org.au> wrote: > "Mark A. Tagliaferro"
wrote:
> > 
> > OK below is a digram explaining my network.  This is a school network where
> > each server takes care of a specific computer room.
> > 
> > Internet     +---------+
> > -------------| Gateway |          Netmask throughout: 255.255.255.0
> >              +---------+          (i.e. a subnetted class B domain)
> >                 | 172.22.1.1
> >                 |
> >                 |
> >                 | 172.22.1.2 +--------+  172.22.2.1 etc
> >                 +------------| Serv_1 |------+------+------+------+------+
> >                 |            +--------+      |      |      |      |      |
> >                 |                            win98  win98  win98  win98 
> win98
> >                 |                           client client client client
> client
> >                 |
> >                 | 172.22.1.3 +--------+  172.22.3.1 etc
> >                 +------------| Serv_2 |------+------+------+------+------+
> >                 |            +--------+      |      |      |      |      |
> >                 |                            win98  win98  win98  win98 
> win98
> >                 |                           client client client client
> client
> >                 |
> >                 | 172.22.1.4 +--------+  172.22.4.1 etc
> >                 +------------| Serv_3 |------+------+------+------+------+
> >                              +--------+      |      |      |      |      |
> >                                              win98  win98  win98  win98 
> win98
> >                                             client client client client
> client
> > 
> > On the gateway I have NIS (yellow pages), NFS, NAT, Firewall etc. running
> and
> > functioning properly.  All the users are created on the gateway with the
> home
> > directory exported via nfs and passwords via NIS.
> > 
> > I found through documentation that I need a samba server to be running one
> > level up from each client.  i.e. on each of servers 1, 2 and 3. If it is
> > possible to have one samba server on the gateway it would solve all my
> > problems.  The biggest problem with that is that there is no way (at least
> from
> > my research) to export the smbpasswd file via NIS.  On each of servers 1, 2
> and
> > 3 smb.conf is ok, login script is ok and indipendantly everything wroks
> well.
> > 
> > My problem is as follows.  I need a person to be able to login from any
> > workstation in every room.  At the moment this involves changing the samba
> > password on each server and physically going to every room to do so.  
> 
> Firstly, get a copy of SSH, and use it.  No need to walk to servers...
> 
> > The rooms
> > are far apart and this is quite a physical activity, especially when you
> > consider setting some 100+ passwords for kids.  I tried using "smbpasswd -r
> > serv_2 -U username" for example from serv_1 but it returns an error
> "machine
> > serv_2 rejected the password change: Error was : The specified password is
> > invalid.".  I also tried with a -a option but i get the standard help
> message
> > for smbpasswd so I think the -a and -r options don't go together.
> 
> smbpasswd can't be used to set a remote password, only change it.
> 
> > I know it is possible to synchronise the smbpasswd file and the passwd file
> if
> > they are both on the same server.  Is it possible to synchronise the
> smbpasswd
> > on the local server and the passwd coming from the gateway via NIS? I tried
> but
> > I couldn't get it to work. If so, will it then synchronise with the other
> > servers?
> 
> No, they are inconpatible hashes.
> 
> > Could an alternative be to set one of the samba servers as a primary domain
> > controller and the others as secondary controllers?  Will they then share
> the
> > same smbpasswd?  If so I need help as to how to do this.  The documentation
> is
> > not very clear.
> 
> You should setup one machine as a primary domain controller, and join
> the other machines to this domain.  Then do unix passwd sync on the PDC
> to keep your NIS maps up-to-date.
> 
> If you want redundency, supplement the domain join with a rysnc-based
> cron-job on smbpasswd.  (When set for bdc mode (domain logons = yes,
> domain master = no) it should do this correctly).
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net 

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

More information about the samba mailing list