NIS and NT PDCs?

Iain Rae iainr at civ.hw.ac.uk
Thu Feb 17 16:01:03 GMT 2000 

On Fri, 18 Feb 2000, Seth Vidal wrote:

> > Forgot to include the link to the NISgina stuff if you want it.
> > Here's one for general information.
> > 	http://www.eng.auburn.edu/users/cartegw/win32/tools.html
> > 
> > However Gernot's site was offline last I checked so you can 
> > get anything of his from
> > 
> > 	ftp://ftp.eng.auburn.edu/pub/cartegw/nisgina/
> 
> I think the question that he has is similar to mine:
> 
>  I have about 50-60 linux/unix users and about 20-40 winnt users on my
> network - currently the NT folks are using nisgina and the plaintext reg
> patch to access a samba 2.0.6 system. - this works ok but its not very
> graceful and doesn't give me much in the way of profiles etc etc.
> 
> I'd like to make all the NT users authenticate against a samba PDC (TNG)
> and use/set the same password as the nis passwd file has.
> 
> I know it will take two password files (b/c it has two different 1-way
> hashes) but has anyone setup and had good tests on a system like this?
> 
> I'm worried about the password updating (both from unix passwd change-> to
> NT and vice-versa)



We do this, I'm not sure if it's much help :)

NIS master is on Solaris x86 {lion}
Samba PDC (HEAD branch cvs from about this time last year) on Solaris x86
{barham}

PC's have Humminbird's NFS Maestro installed and are registered to the
samba PDC controller.

lion has a perl script which does the following (for admins only)

get password & verify it will work with passwd and smbpasswd
update NIS via passwd
fire up ssh session to barham
set smbpasswd via smbpasswd (creating account if it doesn't exist)

This is used to set up acounts and to fix "I've forgotten my password "
type problems.

NT boxes will update both NT (Samba) and NIS passwords (Maestro) off the
Ctrl-Alt-Del box.

There is^h will be a perl script (civpasswd) on the suns which wraps
passwd and smbpasswd and a couple of other things[1] in a similar fashion
to the one on lion but I really need to get ssh working for everyone on
everything, including NT, first of all.

I say will be because the unix folks use unix and most of the students 
just do the Ctrl-Alt-Del thing.

What you want, to keep the passwords synched is the ypbind part of NISgina
and a copy of yppasswd that will work with NT (which ought to be possible)
and a program or wrapper script which would allow your users to do

foopasswd

on unix or NT and change both passwords.

Or there's always kerberos :)




[1] like LDAP, kerberos, ssh whatever, all coming RSN. :)


-------------------------------------------------------------------------------
| Iain Rae               | Tel: 0131 449 5111 Ext 4406 (Day)(but I'm never in)|
| Computing Officer.     | Any Opinions I am able to form are my own and in no|
| Civil & Offshore Eng.  | way reflect those of my employers.                 |
| Heriot-Watt University.| Well that's my opinion anyway.                     |
-------------------------------------------------------------------------------

More information about the samba-ntdom mailing list