[Samba] samba PDC/NIS client

Gaiseric Vandal gaiseric.vandal at gmail.com
Sat Mar 10 17:24:59 MST 2012 

Do you have password sync enabled?    If password sync is enabled, samba
will try to use the passwd command to set the unix password.  But with  nis,
you probably might need something nis specific. On solaris it was "passwd -r
nis" -  not sure about linux.    Probably better to just disable password
sync.

 

 

 

From: Simon Matthews [mailto:simon.d.matthews at gmail.com] 
Sent: Friday, March 09, 2012 4:04 PM
To: gaiseric.vandal at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba PDC/NIS client

 

 

On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
wrote:

I don't think is this a samba issue.   Samba accounts need to have a
corresponding unix account.   Shouldn't matter if they are in NIS or
/etc/passwd.   If you have users in both it could get a problem.

Is "getent passwd" really showing the users from NIS?    

 

Yes.  In fact, for those users who are in both the /etc/passwd and nis
tables, it shows both entries (and the details match between both entries)

 

 How about "getent shadow" (assuming a linux machine and not solaris,

 

No, this only shows the users with entries in /etc/shadow. However:

1. getent passwd includes the hashed passwords of users in the nis tables

2. It was not necessary to add the user to /etc/shadow in order to allow
samba domain logins. All I had to do was add the user to /etc/passwd.

 

and probably doesn't matter anyway.)   Do you have an /etc/nsswitch.conf
entry for

   shadow:  files nis

Yes 



Are you missing the : in the nsswitch.conf entries?

No. 


Are your user names all in lower case?  Are they all 8 characters or under.

 

 Yes. 

 

Simon








On 03/08/12 22:46, Simon Matthews wrote:

I have a server which is a samba PDC and has recently been converted to an
NIS client. For historic reasons, many users login information is in the
local machine's /etc/passwd and /etc/shadow files.

samba is set up to use a tdbsam database.

I got the first indication of problems when I tried to add a user using the
smbpasswd -a command. I found that smbpasswd would not recognize the user
unless either the username was in the /etc/passwd file, or I changed
/etc/nsswitch.conf from
passwd compat
TO:
passwd files nis

However, if I make the latter change, the user cannot log into any Windows
machines that are controlled by my PDC. To allow logins, all I have to do is
ypcat passwd | grep<username>  >>  /etc/passwd
After this, the user can log in.

Is there any configuration of samba that will allow it to properly
recognize user data from the NIS map and not require the user to be listed
in the /etc/passwd file?

Simon

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list