[Samba] samba PDC/NIS client
Gaiseric Vandal
gaiseric.vandal at gmail.com
Sat Mar 10 17:24:59 MST 2012
Do you have password sync enabled? If password sync is enabled, samba
will try to use the passwd command to set the unix password. But with nis,
you probably might need something nis specific. On solaris it was "passwd -r
nis" - not sure about linux. Probably better to just disable password
sync.
From: Simon Matthews [mailto:simon.d.matthews at gmail.com]
Sent: Friday, March 09, 2012 4:04 PM
To: gaiseric.vandal at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba PDC/NIS client
On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
wrote:
I don't think is this a samba issue. Samba accounts need to have a
corresponding unix account. Shouldn't matter if they are in NIS or
/etc/passwd. If you have users in both it could get a problem.
Is "getent passwd" really showing the users from NIS?
Yes. In fact, for those users who are in both the /etc/passwd and nis
tables, it shows both entries (and the details match between both entries)
How about "getent shadow" (assuming a linux machine and not solaris,
No, this only shows the users with entries in /etc/shadow. However:
1. getent passwd includes the hashed passwords of users in the nis tables
2. It was not necessary to add the user to /etc/shadow in order to allow
samba domain logins. All I had to do was add the user to /etc/passwd.
and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf
entry for
shadow: files nis
Yes
Are you missing the : in the nsswitch.conf entries?
No.
Are your user names all in lower case? Are they all 8 characters or under.
Yes.
Simon
On 03/08/12 22:46, Simon Matthews wrote:
I have a server which is a samba PDC and has recently been converted to an
NIS client. For historic reasons, many users login information is in the
local machine's /etc/passwd and /etc/shadow files.
samba is set up to use a tdbsam database.
I got the first indication of problems when I tried to add a user using the
smbpasswd -a command. I found that smbpasswd would not recognize the user
unless either the username was in the /etc/passwd file, or I changed
/etc/nsswitch.conf from
passwd compat
TO:
passwd files nis
However, if I make the latter change, the user cannot log into any Windows
machines that are controlled by my PDC. To allow logins, all I have to do is
ypcat passwd | grep<username> >> /etc/passwd
After this, the user can log in.
Is there any configuration of samba that will allow it to properly
recognize user data from the NIS map and not require the user to be listed
in the /etc/passwd file?
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list