samba PDC with NIS, or other solution?

Christian Barth barth at cck.uni-kl.de
Thu Nov 8 23:00:22 GMT 2001 

alex,

please mail to the list as well: There are a couple of helpfull 
people out there. (OK, forgot it may self with my first repley)

 
> is it possible to have the samba PDC be a NIS slave that syncs with an
> remote NIS master?
The samba pdc can be on the nis slave, but you may get problems with 
the password sync. The reason for this is: If root changes a user 
passwort on the nis slave with yppasswd the old password is needed in 
clear text. But, when running with encrypted passwords, you don't get 
the old password in clear text. If you run samba on a nis slave and 
you want to keep the passwords in sync you need a lot of tricks, may 
be rsync of files or so.

> i ask because we have nis master on an AIX machine that
> runs ethershare (for our macs) and to transfer the ethershare license to
> the linux samba PDC would cost a bundle of money. we'd like the samba PDC
> and NIS master to be different machines. is this scenareo possible as
> well?
Wy not run the samba pdc on the aix machine? The pdc has to do only 
authentisation, no file shareing ecxept of [netlogon]. All file / 
print sharing (including profiles) can be done on the linux box that 
uses securtiy = server or security = domain in smb.conf. The 
additional load on the aix machine should be very small.


> writing the scripts to sync the /etc/passwd and private/smbpasswd files is
> a little tricky for me. could you possibly send me some code or point me
> in a direction?
password sync is done within samba, see "passwd chat", "passwd 
program" and "unix passwd sync" in my smb.conf. To add the useres to 
/etc/passwd and private/smbpasswd i have just put useradd and 
smbpasswd -a into a small skript. I delete them by hand because we 
only have about 30 useres.

Christian


> 
> any help is greatly appreciated,
> 
> alex
> ---                                                        ---
>    Alex Lazarevich | Systems | Imaging Technology Group
>    alazarev at itg.uiuc.edu | (217)244-1565 | www.itg.uiuc.edu
> ---                                                        ---
> 
> 
> On Thu, 8 Nov 2001, Christian Barth wrote:
> 
> > Alex,
> > 
> > > thanks for the response christian. this sounds promising. is 
> > > there any chance i could see your smb.conf file, or at least 
> > > the parts that deal with samba pointing to the NIS? 
> > samba is not pointing to NIS. You install it on the NIS-master like 
> > on every other system. Your are just able to keep the passworts in 
> > sync on the NIS-master, because samba is able to change the unix 
> > password when ever the samba password is changed. And the change of 
> > the unix passwort is put into nis. (You don't have the old clear text 
> > password mostley needed to change the nis password directly from 
> > samba).
> > 
> > > ive had a hell of a time finding any
> > > documentation on it. does /etc/shadow help to get around the plaintext
> > > password (NIS) vs. encrypted password (samba) problem?
> > No. You will have to use both at the same time. On systems with 
> > shadow passworts the passworts are not stored in the world readable 
> > /etc/passwd but in the root only /etc/shadow, nothing related to 
> > samba.
> > 
> > Attached you find my smb.conf.
> > 
> 
> 


               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

More information about the samba mailing list