[Samba] samba 2.2.2 and nis?

[Mac]

>To: samba at samba.org
>From: awesome-dave1 at juno.com
>Subject: [Samba] samba 2.2.2 and nis?
>Date: Sat, 16 Mar 2002 23:18:57 -0500
>
>Hello,
>	I'm trying to get samba to work with nis on several boxes, one a freebsd
>4.5 machine, the other a redhat 7.2 box. The problem is samba is not
>recognizing the nis database. Is it possible to use samba and nis
>together, preferably with encrypted passwords or will i have to use plain
>text passwords or another form of authentication? My ultimate goal is to
>have a system where a user can log on at any box beit windows, or unix
>and get to any other box.

Out-of-the box Samba will work with NIS.  This requires 'encrypted
passwords = no' to force Samba to get the passwords info from UNIX
(i.e. NIS).

I've always run Samba with NIS, and it needed no special set up at all.
I take it you've tested that NIS is working properly for normal UNIX
activities (telnet, ftp etc.)

Working with encrypted passwords is possible, but harder.  The 'password
sync' has to be done on the NIS master [1] and the simplest way to do
this is to force all users to use 'smbpasswd' for password changing.

All the Samba servers on the various boxes then need to 'share' the
smbpasswd file. It's too sensitive to ship across the wire, so you
should use 'security = server' or (much better) 'security = domain' and
point them at the NIS master.


Footnote [1]
Actually the passowrd sync from Samba to UNIX doesn't _have_ to take
place on the NIS master, so long as there's a way for the Samba server
to execute a password update on theNIS master as root.  'ssh' is just
about the only way to do this securely.  It's probably easier to stick a
Samba server on the NIS master machine and make it the password change
server.
                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann at nibsc.ac.uk
   Work: +44 1707 654753 x285      Everything else: +44 7956 237670 (anytime)