NT/UNIX/Samba passwords synchronization

[Tony Drolson]

I have a prerelease version of Samba 2.0.4 running successfully on MacOSX
Server with encrypted passwords and domain security. (Thanks to help from
Bill Chin and others on the list, and Jeremy Allison and rest of the samba
team) I have just started work on testing Samba as a NT domain member, and
want to know if I have the right ideas from my reading of the docs:

With security = domain, the Samba server redirects all authentication to the
domain members, right? Is there any way to go without the smbpasswd file (I
guess it's necessary to link the local UNIX password permissions with the
requesting NT user, right?) or to have this automatically synched? I
remember reading about a config that has new users created as they log in.
Is this only for unencrypted users logging in for the first time with
encryption off?  It seemed like there was also another option, but now that
I think about it, it doesn't make sense that there would be. Any ideas on
solutions that would allow for easy synchronizing or at least setup for (a)
moving NT accounts to my UNIX Samba host, (b) replicating my passwds into
smbpasswds, (c) and updating the smbpasswd file as users log in without
turning off encryption? 

I have some Solaris boxes, a new MacOSX Server, and a medium-sized NT
domain. I would like to simplify authentication as much as possible, Does it
make sense to look at NIS as a security model for my UNIX systems as a group
(right now they are all separately authenticating systems) and try to tie in
that system with NT's domain (I really have no experience with NIS), 

Thanks for any experiences you can share,



Tony Drolson
Information Systems Director
UCSF Positive Health Program at SFGH-MC
995 Potrero Ave, Ward 84	fax	(415) 476-6953	
San Francisco, CA 94110	phone	(415) 476-4082 ext. 123