[Samba] sharing samba smbpasswd
Scott Grizzard
scott at scottgrizzard.com
Mon Dec 29 15:10:35 GMT 2008
There are four ways, off the top of my head, to get this done:
1) LDAP where one server runs ldap and all servers authenticate
against it. Advantages: easy to replicate and easily extendable for
other uses. Disadvantages: difficult to set up if you don't know what
you are doing.
2) rsync the smbpasswd file. Advantages: simple and easy.
Disadvantages: no one does this, so you will wind up with a very weird
setup which will be difficult to debug and which no one can help you
with.
3) Kerberos. Advantages: Very cool; single sign-on. Disadvantages:
pain in the ankle to set up.
4) Set up one samba server as a Domain Controller with a tdbsam
backend, and join the other samba servers to that domain. It is
relatively easy to do, gives you single sign-on and one password file,
and the computers don't need any special configuration to use the
shares. Disadvantages: the PDC becomes a single point of failure for
all four file servers.
I recommend using the last option and setting up the Domain
Controller. Follow along with chapter 4 from Samba by Example (http://us1.samba.org/samba/docs/man/Samba-Guide/Big500users.html
). Do backups of your password files, and live with the single point
of failure.
If the single point of failure is impossible to live with, you are
back into replicating ldap.
- Scott Grizzard
On Dec 29, 2008, at 9:54 AM, Adam Williams wrote:
> openldap. read chapter 5 of samba 3 by example.pdf.
>
> Dean Clapper wrote:
>> Is there a way to share smbpasswd (samba user name and password
>> file) between multiple servers. The servers are not on a domain
>> controller, NIS nor ldap.
>> We have 2 - 3 redhat samba servers just for network share drives.
>> Instead of managing passwords and user names on multiple systems,
>> I'm trying to leverage one machine and use its logins and passwords
>> for all samba machines.
>>
>> Is there a good way to implement this strategy configuring the
>> smb.conf file or is this going to require a different mechanism?
>>
>> Thanks
>> Dean
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list