Nis+ and Samba PDC

David M. Davisson davisson at
Sun Jun 11 13:32:44 GMT 2000

Magnus Larsson wrote:
> Hi!
> I'm using Samba 2.0.7 as a PDC and my group accounts is in a NIS+ table.
> When I go into the "User Manager" and choose "select domain" and try to
> connect to my samba domain I get the message access denied. Does anyone
> know what I need to do to fix this? My user and groups lists on the samba
> server is in NIS+. Doesn't samba work whis this or is there something I
> might have done wrong? The same thing happens when I try to join the
> domain in "Server Manager".
> //Regards Magnus Larsson


I use Samba 2.0.5 on several Solaris 7 machines running NIS+.  I do not
use Samba as a PDC.  To get NIS+ group control to work you must pay
attention to two details, the /etc/nsswitch.conf file and properly
adding users to group membership.  The standard line in nsswitch.conf
for NIS+ should read:

group   files nisplus

This means that it will look up the _group_ first in /etc/group and then
the NIS+ group file.  If you have the group name in _both_ /etc/group
and NIS+ group, it will check for user membership in /etc/group only. 
If the user is not a member of /etc/group, access will be denied.  It
might be that your user is in NIS+ group and not /etc/group.

A proper NIS+ setup should only have machine specific local groups for
administrative users in /etc/group, all other normal user groups should
only be listed in NIS+ group.

Lastly, if you are going to run Samba as a PDC on NIS+, you will need to
have a smbpasswd file somewhere.  You have two options, use the
utilities from the Samba distribution to create a file based smbpasswd
file, or there is also included with the distribution a utility to setup
smbpasswd in an NIS+ table. 

David M. Davisson
davisson at

More information about the samba-ntdom mailing list