[Samba] RE: RE: Samba with NIS

Christian Barth barth at cck.uni-kl.de
Fri Mar 8 09:35:07 GMT 2002 

> Just to clarify:
> The users all have shell accounts on a FreeBSD unix server, these accounts
> get authenticated via NIS( this unix server is an NIS client, as well as an
> NIS slave(this is probably not relevant though)) The users can also access
> the same unix server through Samba (from their windows workstations)
> I would like every user with an NIS account to be able to access the unix
> machine through Samba (from their windows workstations).  Without having
> them manually login to their shell account and use the smbpasswd tool to
> sync their account password.  
> From what I am hearing, if I turn password encryption "off" this won't be a
> problem.(since Samba will then look at the standard passwd file)  But I am
> looking for alternatives since having unencrypted passwords flying around
> the network causes too big of a security hole.  Is there a way I can make an
> automated script that will sync the NIS passwd database with the smbpasswd
> database for all users?  

look at "unix password sync" and the "passwd chat" option. For this 
to work samba must 
- run on the NIS master: /etc/passwd is updated by samba, the NIS map
  is then updated by cron or within the password chat.
OR
- you have to patch yppasswd not to need the old password or the root
  password (if you do not want to store the root password same where
  on samba server.

This way smbpasswd or a passwd change on the PC changes both, NIS and 
samba passwords. If you do now same tricky renaming, linking, $PATH-
setting, the users may call smbpasswd if they enter passwd.

Christian


> 50% of the users won't use their shell account on this machine, but will
> still utilize the file server in place of a windows file server (through
> Samba).
> 
> I cannot have the users authenticate off of the Windows PDC (different
> machine) because unfortunately their windows accounts and NIS accounts have
> completely different naming conventions.  example: for user John J. Doe - in
> windows convention the files would be owned by DoeJ , in Unix (NIS)
> convention they would be owned by JJDOE.
> 

               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

More information about the samba mailing list