[Samba] Samba domain name in short format

[Sun, Zhongdong]

Hi Rowland,

You are right. We are running some old software here, such as NIS. All these started in 20 years ago when I joined the group and we had about 20-30 workstations running Linux. NIS was chosen at that time to manage user accounts. Some users were not familiar with Linux, so we provided Samba to them so that they could map Linux file systems to their computers. I know NIS is old technology and can be replaced with others, such as LDAP. But this is clinical research environment and is very difficult to change system. We have to live with this system.

Fortunately, NIS is only used to manage account. And user authentication occurs in AD. So there is not too much security concern here. I'll say it's not easy to manage such a complicated and a little outdated system in a production environment, because we cannot shut down the system for upgrade or maintenance. For the Samba server, I just leave the production server running, and use another server to test new version of Samba. If it works, we may switch the new server as production system. Otherwise, we have to keep the current Samba server running.

For the test Samba server, I followed the instructions to setup Samba, but without winbind. In my test, everything works except that it cannot recognize the short domain name YALE. If I use the full domain name yu.yale.edu, everything works well. But it's difficult to ask all users to use the long format. As I think, this seems a DNS issue. But I don't know how to tell Samba server to resolve the short name YALE as long name yu.yale.edu. I wonder if you or any experts here can provide any advice on this.

Thanks.
Zhongdong


-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Tuesday, May 7, 2024 2:20 PM
To: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Samba domain name in short format

On Tue, 7 May 2024 16:37:29 +0000
"Sun, Zhongdong" <zhongdong.sun at yale.edu> wrote:

> Hi Rowland,
>
> I don't mind in using any technology as long as it works. In Redhat 7
> and Samba 4.6, everything is simple and work well. But Redhat 7 is
> near end-of-life, and we have to move on. The next choice is Redhat 8,
> but we met with this strange problem. We also tried Ubuntu 22.04 with
> Samba 4.16 which didn't work neither. If you think Rocky 9 and its
> Samba/winbind will work, I'd like to try it.
>
> Let me provide some descriptions on the configuration here. This
> machine is a dedicated Samba server, which serves about 200-300 users.
> However, neither the file systems nor the user accounts are in this
> Samba server. The file systems are in several other NFS servers, and
> user accounts are in another NIS server. However, user accounts are
> their netids (like zs24) which are authenticated again Yale central
> AD. This is the only reason why the Samba server must join AD, i.e. to
> authenticate user.

It sounds like you are sharing NFS shares via Samba, for various reasons this is not a good idea.
Your other problem is that NIS, for all intents and purposes, is dead.

>
> We managed to use sss to integrate user accounts with NIS and AD.
> With winbind, this doesn't work. Either it cannot find the user
> account, or the authentication always fail. If you think Rocky 9 with
> Samba/winbind can satisfy the requirements, I'll be happy to install
> Rocky 9 and all associated software in this server for test purposes.
> Let me know if you have any questions before I reimage the server.

I thought that you had been using redhat for some time, seemingly this isn't the case.
Just what are you using NIS for ? It is a directory service in the same vein as Active Directory, so you really do not need both.

>From my viewpoint, I have to ask, what is it with universities ? do they run uptodate IT departments, or they really history departments ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba