Nis+ and Samba PDC
David M. Davisson
davisson at qwikdox.com
Sun Jun 11 13:32:44 GMT 2000
Magnus Larsson wrote:
>
> Hi!
>
> I'm using Samba 2.0.7 as a PDC and my group accounts is in a NIS+ table.
> When I go into the "User Manager" and choose "select domain" and try to
> connect to my samba domain I get the message access denied. Does anyone
> know what I need to do to fix this? My user and groups lists on the samba
> server is in NIS+. Doesn't samba work whis this or is there something I
> might have done wrong? The same thing happens when I try to join the
> domain in "Server Manager".
>
> //Regards Magnus Larsson
Magnus,
I use Samba 2.0.5 on several Solaris 7 machines running NIS+. I do not
use Samba as a PDC. To get NIS+ group control to work you must pay
attention to two details, the /etc/nsswitch.conf file and properly
adding users to group membership. The standard line in nsswitch.conf
for NIS+ should read:
group files nisplus
This means that it will look up the _group_ first in /etc/group and then
the NIS+ group file. If you have the group name in _both_ /etc/group
and NIS+ group, it will check for user membership in /etc/group only.
If the user is not a member of /etc/group, access will be denied. It
might be that your user is in NIS+ group and not /etc/group.
A proper NIS+ setup should only have machine specific local groups for
administrative users in /etc/group, all other normal user groups should
only be listed in NIS+ group.
Lastly, if you are going to run Samba as a PDC on NIS+, you will need to
have a smbpasswd file somewhere. You have two options, use the
utilities from the Samba distribution to create a file based smbpasswd
file, or there is also included with the distribution a utility to setup
smbpasswd in an NIS+ table.
--
David M. Davisson
QwikdoX
davisson at qwikdox.com
More information about the samba-ntdom
mailing list