[Samba] Passwords & Multiple servers: Help please!

Andrew Bartlett abartlet at pcug.org.au
Mon Apr 8 13:52:03 GMT 2002

"Mark A. Tagliaferro" wrote:
> OK below is a digram explaining my network.  This is a school network where
> each server takes care of a specific computer room.
> Internet     +---------+
> -------------| Gateway |          Netmask throughout:
>              +---------+          (i.e. a subnetted class B domain)
>                 |
>                 |
>                 |
>                 | +--------+ etc
>                 +------------| Serv_1 |------+------+------+------+------+
>                 |            +--------+      |      |      |      |      |
>                 |                            win98  win98  win98  win98  win98
>                 |                           client client client client client
>                 |
>                 | +--------+ etc
>                 +------------| Serv_2 |------+------+------+------+------+
>                 |            +--------+      |      |      |      |      |
>                 |                            win98  win98  win98  win98  win98
>                 |                           client client client client client
>                 |
>                 | +--------+ etc
>                 +------------| Serv_3 |------+------+------+------+------+
>                              +--------+      |      |      |      |      |
>                                              win98  win98  win98  win98  win98
>                                             client client client client client
> On the gateway I have NIS (yellow pages), NFS, NAT, Firewall etc. running and
> functioning properly.  All the users are created on the gateway with the home
> directory exported via nfs and passwords via NIS.
> I found through documentation that I need a samba server to be running one
> level up from each client.  i.e. on each of servers 1, 2 and 3. If it is
> possible to have one samba server on the gateway it would solve all my
> problems.  The biggest problem with that is that there is no way (at least from
> my research) to export the smbpasswd file via NIS.  On each of servers 1, 2 and
> 3 smb.conf is ok, login script is ok and indipendantly everything wroks well.
> My problem is as follows.  I need a person to be able to login from any
> workstation in every room.  At the moment this involves changing the samba
> password on each server and physically going to every room to do so.  

Firstly, get a copy of SSH, and use it.  No need to walk to servers...

> The rooms
> are far apart and this is quite a physical activity, especially when you
> consider setting some 100+ passwords for kids.  I tried using "smbpasswd -r
> serv_2 -U username" for example from serv_1 but it returns an error "machine
> serv_2 rejected the password change: Error was : The specified password is
> invalid.".  I also tried with a -a option but i get the standard help message
> for smbpasswd so I think the -a and -r options don't go together.

smbpasswd can't be used to set a remote password, only change it.

> I know it is possible to synchronise the smbpasswd file and the passwd file if
> they are both on the same server.  Is it possible to synchronise the smbpasswd
> on the local server and the passwd coming from the gateway via NIS? I tried but
> I couldn't get it to work. If so, will it then synchronise with the other
> servers?

No, they are inconpatible hashes.

> Could an alternative be to set one of the samba servers as a primary domain
> controller and the others as secondary controllers?  Will they then share the
> same smbpasswd?  If so I need help as to how to do this.  The documentation is
> not very clear.

You should setup one machine as a primary domain controller, and join
the other machines to this domain.  Then do unix passwd sync on the PDC
to keep your NIS maps up-to-date.

If you want redundency, supplement the domain join with a rysnc-based
cron-job on smbpasswd.  (When set for bdc mode (domain logons = yes,
domain master = no) it should do this correctly).

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list