[Samba] Passwords & Multiple servers: Help please!
Andrew Bartlett
abartlet at pcug.org.au
Mon Apr 8 13:52:03 GMT 2002
"Mark A. Tagliaferro" wrote:
>
> OK below is a digram explaining my network. This is a school network where
> each server takes care of a specific computer room.
>
> Internet +---------+
> -------------| Gateway | Netmask throughout: 255.255.255.0
> +---------+ (i.e. a subnetted class B domain)
> | 172.22.1.1
> |
> |
> | 172.22.1.2 +--------+ 172.22.2.1 etc
> +------------| Serv_1 |------+------+------+------+------+
> | +--------+ | | | | |
> | win98 win98 win98 win98 win98
> | client client client client client
> |
> | 172.22.1.3 +--------+ 172.22.3.1 etc
> +------------| Serv_2 |------+------+------+------+------+
> | +--------+ | | | | |
> | win98 win98 win98 win98 win98
> | client client client client client
> |
> | 172.22.1.4 +--------+ 172.22.4.1 etc
> +------------| Serv_3 |------+------+------+------+------+
> +--------+ | | | | |
> win98 win98 win98 win98 win98
> client client client client client
>
> On the gateway I have NIS (yellow pages), NFS, NAT, Firewall etc. running and
> functioning properly. All the users are created on the gateway with the home
> directory exported via nfs and passwords via NIS.
>
> I found through documentation that I need a samba server to be running one
> level up from each client. i.e. on each of servers 1, 2 and 3. If it is
> possible to have one samba server on the gateway it would solve all my
> problems. The biggest problem with that is that there is no way (at least from
> my research) to export the smbpasswd file via NIS. On each of servers 1, 2 and
> 3 smb.conf is ok, login script is ok and indipendantly everything wroks well.
>
> My problem is as follows. I need a person to be able to login from any
> workstation in every room. At the moment this involves changing the samba
> password on each server and physically going to every room to do so.
Firstly, get a copy of SSH, and use it. No need to walk to servers...
> The rooms
> are far apart and this is quite a physical activity, especially when you
> consider setting some 100+ passwords for kids. I tried using "smbpasswd -r
> serv_2 -U username" for example from serv_1 but it returns an error "machine
> serv_2 rejected the password change: Error was : The specified password is
> invalid.". I also tried with a -a option but i get the standard help message
> for smbpasswd so I think the -a and -r options don't go together.
smbpasswd can't be used to set a remote password, only change it.
> I know it is possible to synchronise the smbpasswd file and the passwd file if
> they are both on the same server. Is it possible to synchronise the smbpasswd
> on the local server and the passwd coming from the gateway via NIS? I tried but
> I couldn't get it to work. If so, will it then synchronise with the other
> servers?
No, they are inconpatible hashes.
> Could an alternative be to set one of the samba servers as a primary domain
> controller and the others as secondary controllers? Will they then share the
> same smbpasswd? If so I need help as to how to do this. The documentation is
> not very clear.
You should setup one machine as a primary domain controller, and join
the other machines to this domain. Then do unix passwd sync on the PDC
to keep your NIS maps up-to-date.
If you want redundency, supplement the domain join with a rysnc-based
cron-job on smbpasswd. (When set for bdc mode (domain logons = yes,
domain master = no) it should do this correctly).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list