[Samba] NT Migration Auth Problem with NIS & Samba3
SoUnD WrEcK
soundwreck at gmail.com
Wed Mar 14 00:33:10 GMT 2007
Hello,
I have been working to migrate away from my failing NT PDC to Samba (3.0.23d)
on a Solaris 8 server running NIS. Passwords, etc.. are kept in
/etc/yp/passwd, and the passwd command is used to change passwords (not
yppasswd).
I have used the vampire command to migrate all user accounts from the NT
machine, while Samba acts as the BDC. This appears to work correctly, and
output from pdbedit shows the correct UNIX UID's for each user. I am using
a tdbsam backend.
The Samba 2 configuration was configured to look to the NT server for
user/pass authentication, but since I need to do away with the NT server
before it fails for good, obviously I need to have UNIX doing the auth.
However, this does not seem to be working correctly. When I map to the
server via a Windows client, all shares come up as they should, and I can in
fact authenticate to them. However, when I try to write, I get the error
"Access is denied". Output from smbstatus shows the shares to be RDONLY.
Shares are set up in exactly the same way they were in the Samba 2
configuration, with the difference being where the authentication happens.
Due to this problem and some other weirdness (i.e., when I convert Samba 3
to act as a PDC and WINS server and shutting down the NT PDC, I can't
authenticate even to a read only status), I believe that this has to do with
the fact that the migration did not occur correctly. I have done quite a
lot of research on this, but can't seem to find a solution to the problem.
Any advice would be greatly appreciated. My smb.conf is included here.
Thanks, RF
--
[global]
workgroup = DOMAIN
server string = SERVER
security = user
hosts allow = <list of applicable subnets>
invalid users = <list of applicable invalid users>
nis homedir = yes
log file = /usr/local/samba3/var/log.%m
max log size = 1024
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password:* %n\n\
*Re-enter*new*password:* %n\n\
*passwd:*password*successfully*changed*for* %u
local master = yes
os level = 33
domain master = no
preferred master = auto
domain logons = yes
wins support = no
wins server = <IP OF WINS SERVER, WHICH IS CURRENT NT PDC>
dns proxy = no
time server = yes
#============================ Share Definitions ==
#SOME EXAMPLES OF MY SHARES...
[homes]
comment = Home Directory
browsable = no
[scratch]
comment = Scratch Directory
path = /scratch
[dbarchive]
comment = Archive Directory
path = /export/db/archive
write list = @staff
--
More information about the samba
mailing list