[Samba] NT Migration Auth Problem with NIS & Samba3

SoUnD WrEcK soundwreck at gmail.com
Wed Mar 14 00:33:10 GMT 2007


I have been working to migrate away from my failing NT PDC to Samba (3.0.23d)
on a Solaris 8 server running NIS.  Passwords, etc.. are kept in
/etc/yp/passwd, and the passwd command is used to change passwords (not

I have used the vampire command to migrate all user accounts from the NT
machine, while Samba acts as the BDC.  This appears to work correctly, and
output from pdbedit shows the correct UNIX UID's for each user.  I am using
a tdbsam backend.

The Samba 2 configuration was configured to look to the NT server for
user/pass authentication, but since I need to do away with the NT server
before it fails for good, obviously I need to have UNIX doing the auth.

However, this does not seem to be working correctly.  When I map to the
server via a Windows client, all shares come up as they should, and I can in
fact authenticate to them.  However, when I try to write, I get the error
"Access is denied".  Output from smbstatus shows the shares to be RDONLY.
Shares are set up in exactly the same way they were in the Samba 2
configuration, with the difference being where the authentication happens.

Due to this problem and some other weirdness (i.e., when I convert Samba 3
to act as a PDC and WINS server and shutting down the NT PDC, I can't
authenticate even to a read only status), I believe that this has to do with
the fact that the migration did not occur correctly.  I have done quite a
lot of research on this, but can't seem to find a solution to the problem.

Any advice would be greatly appreciated.  My smb.conf is included here.
Thanks, RF


   workgroup = DOMAIN
   server string = SERVER
   security = user
   hosts allow = <list of applicable subnets>
   invalid users = <list of applicable invalid users>
   nis homedir = yes
   log file = /usr/local/samba3/var/log.%m
   max log size = 1024
   passdb backend = tdbsam
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password:* %n\n\
                 *Re-enter*new*password:* %n\n\
                 *passwd:*password*successfully*changed*for* %u
   local master = yes
   os level = 33
   domain master = no
   preferred master = auto
   domain logons = yes
   wins support = no
   dns proxy = no
   time server = yes

#============================ Share Definitions ==

   comment = Home Directory
   browsable = no

   comment = Scratch Directory
   path = /scratch

  comment = Archive Directory
  path = /export/db/archive
  write list = @staff

More information about the samba mailing list