[Samba] PDC and yppasswd

Christian Barth barth at cck.uni-kl.de
Wed Feb 6 23:50:04 GMT 2002


When using encrypted passwords with samba, which you need wheen it is 
the PDC, the password chat can not contain the old password, because 
it is not knowen in clear text. So you have to possibilities to keep 
your NIS and samba passwords in sync:
- get or hack an yppasswd that does not need the old password when
  running as root on the ypclient. (I havn't found one and I don't
  know if it is even possible without NIS server changes)
- Let your PDC be your NIS server. The PDC has not to offer any shares
  exept the netlogon share: Profiles, data, ... can be on other
  servers. In this case you have to sync passwd and NIS, may be with
  cron or may be including an "cd /var/yp; make" in the password
  program string in smb.conf.
There may be othe possibities I'm not aware of.

Christian



> Greetings!
> 
> We are testing the implementation of Samba as a PDC as outlined
> in Linux Magazine's "Using Samba as a PDC" by Andrew Bartlett
> (Feb 2002, pg 16). This sounds great since we're actively trying
> to get rid of a certain NT which acts as our PDC, and work
> towards unifying our account namespace and storage environment.
> Fortunately, Samba is assisting with this quite nicely.
> 
> However, in the article, the set up refers to an expect-like
> configuration for passwords in the [global] section:
> 
> [global]
> unix password sync = true
> password program = /usr/bin/passwd %u
> passwd chat = \
>    *password* %n\n \
>    *password* %n\n \
>    *successful*
> 
> However, our UNIX users must use "yppasswd" to change their
> passwords on each local system (really, updating the yp password
> map). Our Samba server is not the same system as our NIS server,
> so passwords must also be changed with yppasswd on that system.
> The yppasswd routine requires *two* entries: the old (or current)
> password, and the new password.  
> 
> My question: is there a set up for this? It looks like the
> password chat deals with only one variable, i.e., the old
> password. I have been told that there exists the possibility that
> using plain "passwd" on a yp client will change the yppasswd
> regardless, but I have had time to confirm that. Have NIS issues
> like this one been addressed?
> 
> Thanks!!
> 
> ....k
> -- 
> *-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*
> Kevin Freels, Systems Administrator          415/553.8000 (v)
> Wild Brain, Inc.                             415/850.3273 (c)
> 2650 18th Street, San Francisco, CA 94110    415/553.8009 (f)
> *-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*
>         "Just repeat to yourself, 'It's just a show, 
>                I should really just relax!'"
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 


               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^




More information about the samba mailing list