[Samba] Configuring Samba with NIS

Toby Bluhm tkb at midwestinstruments.com
Fri Aug 8 13:12:18 GMT 2008

Harvey, Edward wrote:
> Hey all.
> I have a bunch of linux servers, all using NIS to maintain username/password/UID/GID information.  I'm trying to make the filesystems browsable from Windows XP, while maintaining correct UID/GID info.  It seems this would be really simple, just let the user login to \\linuxmachine with his/her linux username & password, and everything they do happens as them.  As you know - no such thing.  :-(
> I'm using RHEL 4u4 x86_64, samba 3.0.10-1.4E.9, swat 3.0.10-1.4E.9
> In swat, it seems to indicate available "auth methods" are "guest sam winbind" and some deprecated stuff I shouldn't use.
> I guess there is no auth method to use the local passwd/shadow files, or NIS database?
> Also, I guess there is no idmap backend to simply map UID/GID based on username?
> * I cannot use the essentially randomly generated UID/GID scheme.
> * I will have a very difficult time to use winbind (I don't have windows domain admin access, and those who do are difficult to convince they should type the domain admin pass on some prompt when they don't understand the prompt.)
> * I prefer not to use a cronjob on every machine to regenerate the smbpasswd all the time.  Also, by looking around, it doesn't appear this is possible anyway.
> Is there any graceful solution here?
> I don't see the need for *yet* another password database...
> Thanks for any suggestions...  I have been googling and browsing fanatically....

This will work if samba is setup as PDC.

Add the NIS user to samba with smbpasswd -a <username>. Setup the passwd 


    passwd program = /root/newpasswd %u


    passwd $@
    pushd /var/yp
    /usr/bin/make -f Makefile.passwd

/var/yp/Makefile.passwd is just /var/yp/Makefile edited to only update 

A password change from Windows will now update both databases. But then 
there's the hassle of asking users for their existing NIS password so 
you can add it to smbpasswd. Instead, just set it to <some_win_passwd>, 
have the user login to Windows with <some_win_passwd>, password change 
from Windows will then sync both databases to the same new password.

Toby Bluhm
Alltech Medical Systems America, Inc.

More information about the samba mailing list