[Samba] samba and NIS?
Andre Moreira
andre.m.moreira at clix.pt
Thu Sep 5 14:38:12 GMT 2002
I also recommend using LDAP when setting
a LAN from scratch. When you already have a LAN
running 24 h all days of the year, things must be
planed with caution.
About NIS security
In NIS environment password are sent in plain text
only when the user changes the password (yppasswd).
For authentication only hash codes are sent, this is not very
safe either, thats why its not a good idea to have "root" on
NIS, in other words having NIS using /etc/passwd.
With SAMBA to NIS sync. unix users can now use
smbpasswd command.
----- Original Message -----
From: Markus Amersdorfer <markus.amersdorfer at aon.at>
To: Bradley W. Langhorst <brad at langhorst.com>
Cc: <samba at lists.samba.org>
Sent: Thursday, September 05, 2002 9:45 AM
Subject: Re: [Samba] samba and NIS?
> > If you're just starting out with this i would recommend using
> > ldap and
> > libnss_ldap and samba's ldapsam instead.
> >
> > you can do the secure passwords easily this way and you won't have to
> > deal with NIS...
>
> NIS is really quite easy to set up and is definitely supported by all
> Linuxes and AFIAK all Unix'es in general.
> Setting up Samba isn't hard either.
>
> Anyway, if it's possible for you I'd also recommend using LDAP for
> several reasons:
> NIS is kind of a security nightmare, sending passwords plain over the
> net. We have it working here in a definitely small network which I know
> can be trusted, but your setup sounds a bit greater.
> Further on, you can have _one_ user database for all users linux _and_
> windows.
> LDAP also offers you more flexibility in what you are going to add to
> your user-profiles.
> And more...
>
> Of course you should check that your vital services have LDAP support
> for seemless integration. (E.g. your mailserver, FTP-server, etc...)
> Most of them do nowadays.
>
> So long,
> Max
>
> PS:
> I'd like to set up an LDAP server but am pretty stuck with a Windows-PDC
> here unfortunately. Maybe someday though...
>
> --
> An expert is someone who can tell you exactly afterwards,
> why his prognosis was not correct. < Winston Churchill >
>
> http://homex.subnet.at/~max/
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list