[Samba] samba and NIS?

Mac dmccann at nibsc.ac.uk
Wed Sep 4 09:14:00 GMT 2002 

Hi Bill,


>From: Bill Dossett <bd at emtex.com>
>To: samba at lists.samba.org
>Subject: [Samba] samba and NIS?
>Date: Tue, 03 Sep 2002 15:44:47 +0100
>
>Hi,
>
>I have a few questions.   My goal is to run
>NIS and samba so I have a central point of passwd control
>and just one place to change passwords.

I've done this ever since day one of my Samba setup and there's one key
question to ask yourself before you start.

Are you using (or going to use) encrypted passwords?  If not, then Samba
set up is a no-brainer.  So long as Samba is compiled with NIS support
(and on many platforms that's the default now), then Samba will use the
NIS accounts and passwords straight away, and all the centralisation
you've already done to get NIS to work will be used automatically.

This is how I currently run my several Samba servers.


If you want/need to use encrypted passwords, it's not quite so easy.  By
far and away the easiest way to start is to have the NIS master and the
smbpasswd hosted on the same box.

>Can this be done?  So that if a user changes his password
>for samba it changes it in NIS as well?

Yup, and account management is also automatable.


>
>Do I have to run my samba server as a windoze PDC and
>have everyone belong to the windoze domain is the next
>question?

As far as I can tell, no you don't.


What I've done is to make the primary way to change a password at my
site be the Samba way.  So all attempts by users to change their
password will (end up) going to the smbpasswd command (which uses
the 'smbpasswd -r' option to connect to the NIS/SMB password server.)

Then on the password server, I run Samba with 'unix password sync'
enabled and a custom script to change the NIS password (to get round the
requirement that 'yppasswd' requires the old password, even when run as
root).

Further, the 'ypmake' script that is run after any changes to the NIS
master files (to rebuild the maps and propogate them to slave servers)
has been extended to do some simple operations on the SMB passwd file.

It now spots account creations and deletions and executes 'smbpasswd'
commands (as root) to directly modify the SMBpasswd file.  It can also
spot (but not deal with) account re-names. (There's no 'smbpasswd'
option to handle this at present).

I'm happy to make my scripts available if anyone thinks they might be
useful to them.

                               Mac
          Assistant Systems Adminstrator @nibsc.ac.uk
                        dmccann at nibsc.ac.uk
   Work: +44 1707 654753 x285      Everything else: +44 7956 237670 (anytime)

More information about the samba mailing list