[Samba] samba PDC/NIS client

Simon Matthews simon.d.matthews at gmail.com
Sat Mar 10 22:31:35 MST 2012


On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal
<gaiseric.vandal at gmail.com>wrote:

> Do you have password sync enabled?    If password sync is enabled, samba
> will try to use the passwd command to set the unix password.  But with
> nis, you probably might need something nis specific. On solaris it was
> “passwd –r nis” -  not sure about linux.    Probably better to just disable
> password sync.
>

No, I don't have this option enabled. I am not sure how it is relevant.
Problem summary:
The samba PDC is an NIS client
"getent passwd" retruns the passwd data.
The user's SAMBA password was set  using smbpasswd
The user's NIS passwd was set using yppasswd
ALL I had to do to allow domain logins was:
ypcat passwd | grep <username> >> /etc/passwd
Note that after copying the user details to /etc/passwd, the password that
was set with "smbpasswd" was the password that was used with the successful
domain login.

Simon



> ****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Simon Matthews [mailto:simon.d.matthews at gmail.com]
> *Sent:* Friday, March 09, 2012 4:04 PM
> *To:* gaiseric.vandal at gmail.com
> *Cc:* samba at lists.samba.org
> *Subject:* Re: [Samba] samba PDC/NIS client****
>
> ** **
>
> ** **
>
> On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
> wrote:****
>
> I don't think is this a samba issue.   Samba accounts need to have a
> corresponding unix account.   Shouldn't matter if they are in NIS or
> /etc/passwd.   If you have users in both it could get a problem.
>
> Is "getent passwd" really showing the users from NIS?    ****
>
> ** **
>
> Yes.  In fact, for those users who are in both the /etc/passwd and nis
> tables, it shows both entries (and the details match between both entries)
> ****
>
> ** **
>
>  How about "getent shadow" (assuming a linux machine and not solaris,****
>
>  ****
>
> No, this only shows the users with entries in /etc/shadow. However:****
>
> 1. getent passwd includes the hashed passwords of users in the nis tables*
> ***
>
> 2. It was not necessary to add the user to /etc/shadow in order to allow
> samba domain logins. All I had to do was add the user to /etc/passwd.****
>
>  ****
>
> and probably doesn't matter anyway.)   Do you have an /etc/nsswitch.conf
> entry for
>
>    shadow:  files nis****
>
> Yes ****
>
>
>
> Are you missing the : in the nsswitch.conf entries?****
>
> No. ****
>
>
> Are your user names all in lower case?  Are they all 8 characters or under.
> ****
>
> ** **
>
>  Yes. ****
>
> ** **
>
> Simon****
>
>
>
>
>
>
>
>
> On 03/08/12 22:46, Simon Matthews wrote:****
>
> I have a server which is a samba PDC and has recently been converted to an
> NIS client. For historic reasons, many users login information is in the
> local machine's /etc/passwd and /etc/shadow files.
>
> samba is set up to use a tdbsam database.
>
> I got the first indication of problems when I tried to add a user using the
> smbpasswd -a command. I found that smbpasswd would not recognize the user
> unless either the username was in the /etc/passwd file, or I changed
> /etc/nsswitch.conf from
> passwd compat
> TO:
> passwd files nis
>
> However, if I make the latter change, the user cannot log into any Windows
> machines that are controlled by my PDC. To allow logins, all I have to do
> is
> ypcat passwd | grep<username>  >>  /etc/passwd
> After this, the user can log in.
>
> Is there any configuration of samba that will allow it to properly
> recognize user data from the NIS map and not require the user to be listed
> in the /etc/passwd file?
>
> Simon****
>
> ** **
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba****
>
> ** **
>


More information about the samba mailing list