Password synchronization
Guillaume Goulet
guillaume.goulet at versaterm.com
Tue Jun 1 13:33:57 GMT 1999
Hi samba,
This is more of an understanding question than a technical one. We have a
mixed network of Unix servers (Mostly SCO UnixWare 7), Windows 95 and
Windows NT machines. We mount UNIX partitions with samba to the windows
clients. With security=user, when the Samba and Windows'passwords are the
same, we can access the partitions without typing the password again. But
when they are not the same, we need to enter the samba password when
accessing the partition. The problem is that we need to synchronize both
passwords so we enter it only once.
The first solution I found was NISGINA which is a dll replacement, a
registry setting for Windows NT and a daemon installation on UNIX side. It
works well in a one way synchronization from Windows to UNIX's NIS server
and Samba 2.0.4b. When you Ctrl+Alt+Delete on Win, you can change the
passwords with an overloaded screen which is sending encrypted passwords
through the network to the NIS and Samba servers. But the other problem
occurs when a user changes his password on NIS or Samba, the Windows
password is no longer synchronized... (This solution is valid for Win NT
only and needs installation to all the clients)
I have started back the researches on a solution where all flavors of
Windows would log on against a Primary Domain Controller (PDC) and UNIX
machines would log on against a NIS or Samba server. The only thing I need
to find is a way to synchronize both PDC and NIS or Samba. With the new
Samba's HEAD branch development, you can now set your Samba server as a PDC.
I thought that this would be the best way if the Samba server would be the
password server for Windows and UNIX machines. I know that these
developments are not completely done yet, but I would like to know if this
would solve our synchronization problems in both directions in a short term
eventuality. It would be a better solution because we would only need to
change things on the server, not on every clients. I would also like to know
if I am wrong in my understanding and if anyone experienced an alternative
solution.
Sorry if this message is a bit long...
Thanks, Guillaume Goulet
Summer Student at Versaterm
Guillaume.Goulet at Versaterm.com
More information about the samba
mailing list