NIS, Trust Relationships, Home Drives, and Password Changing

jbrown at jbrown at
Tue Nov 28 00:55:24 GMT 2000

I was wondering if NIS was the best solution for system security structure
(sharing out smbpasswd and /etc/passwd, /etc/groups), or if I should setup
an add user script and use 1 server as the authentication server.  My
network is setup as follows.  1 NT Terminal Server setup as PDC for domain
HLMC, two samba servers v2.0.7 (Home (Caldera v2.3) and Home2 (RedHat
v6.2)) working for domain WORKGROUP, 70 or so Windows 95/98 clients.  HOME
is the domain logon server for the W9x clients and HOME2 authenticated
against HOME.  I am going to have to use the setgid bit on the filesystem
to control access (due to 1 generic share per machine with all applications
located on them), and I do not see how an adduser script will assign the
proper group permissions.

I am also having a problem with home drives.  The home drive settings are
in the smb.conf (all three of them), but when I execute a net use * /HOME
it says invalid path specified.  When browsing, I do see the (username)
share that is the home drive (a subdirectory of the unix home drive).

Also, I cannot change the password from a user level.  If I execute
smbpasswd (username) from root, I have no problem.  But, when I execute
smbpasswd from the user level, it says that my previous password was
invalid (maybe there needs to be a certain file permission on the smbpasswd
file, or setuid on the smbpasswd executable?).  When trying to change the
password from a windows client, I get the same results.

And finally, with samba-tng, is it possible to setup a domain trust
relationship.  This relationship would be established so that all users of
the Terminal Server would have group access on the Samba servers (ie - a
user map to force the user to a generic account named tsuser on the Unix
Machine), or better yet, to control access by Global Groups on the Terminal
Server Domain.

Thanks for your help,
Justin L. Brown
MCSE (Don't laugh) - I need to cough up the $750.00 for RHCE. :P

PS - I would like to thank all the developers out there that work hard on
samba.  It's a great application, and I'm sure most unix nutz appreciate
having it.

More information about the samba-ntdom mailing list