NIS, Trust Relationships, Home Drives, and Password Changing

Gerald Carter gcarter at valinux.com
Thu Nov 30 15:11:08 GMT 2000 

jbrown at hlmc.com wrote:
> 
> I was wondering if NIS was the best solution for 
> system security structure (sharing out smbpasswd 
> and /etc/passwd, /etc/groups), 

Use NIS (or another directory service such as LDAP) to
distribute /etc/passwd.  Do not put smbpasswd in NIS.
Bad idea. :-)

Use rsync over ssh to distribute smbpasswd files.

> I am also having a problem with home drives.  The 
> home drive settings are in the smb.conf (all three of them), 
> but when I execute a net use * /HOME it says invalid 
> path specified.  When browsing, I do see the (username)
> share that is the home drive (a subdirectory of the 
> unix home drive).

Send me you [homes] section from smb.conf

> Also, I cannot change the password from a user level.  If 
> I execute smbpasswd (username) from root, I have no 
> problem.  But, when I execute smbpasswd from the user 
> level, it says that my previous password was invalid 
> (maybe there needs to be a certain file permission on 
> the smbpasswd file, or setuid on the smbpasswd 
> executable?).  When trying to change the password from 
> a windows client, I get the same results.

try upping the debug level (on the smbpasswd command line
and on the server to track this one down).

> And finally, with samba-tng, is it possible to setup 
> a domain trust relationship.  This relationship would 
> be established so that all users of the Terminal Server 
> would have group access on the Samba servers (ie - a
> user map to force the user to a generic account named 
> tsuser on the Unix Machine), or better yet, to control 
> access by Global Groups on the Terminal Server Domain.

SAMBA_TNG is now run by the TNG (i like the name TaNGo) 
project.  The software is in development stages.  I think
Luke had some initial musings of trust relationships, but I
have not idea how stable it was.

> PS - I would like to thank all the developers out 
> there that work hard on samba.  It's a great application, 
> and I'm sure most unix nutz appreciate having it.

You're quite welcome :-)




-- Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list