On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal <gaiseric.van...@gmail.com>wrote:
> Do you have password sync enabled? If password sync is enabled, samba > will try to use the passwd command to set the unix password. But with > nis, you probably might need something nis specific. On solaris it was > “passwd –r nis” - not sure about linux. Probably better to just disable > password sync. > No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client "getent passwd" retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd ALL I had to do to allow domain logins was: ypcat passwd | grep <username> >> /etc/passwd Note that after copying the user details to /etc/passwd, the password that was set with "smbpasswd" was the password that was used with the successful domain login. Simon > **** > > ** ** > > ** ** > > ** ** > > *From:* Simon Matthews [mailto:simon.d.matth...@gmail.com] > *Sent:* Friday, March 09, 2012 4:04 PM > *To:* gaiseric.van...@gmail.com > *Cc:* samba@lists.samba.org > *Subject:* Re: [Samba] samba PDC/NIS client**** > > ** ** > > ** ** > > On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal <gaiseric.van...@gmail.com> > wrote:**** > > I don't think is this a samba issue. Samba accounts need to have a > corresponding unix account. Shouldn't matter if they are in NIS or > /etc/passwd. If you have users in both it could get a problem. > > Is "getent passwd" really showing the users from NIS? **** > > ** ** > > Yes. In fact, for those users who are in both the /etc/passwd and nis > tables, it shows both entries (and the details match between both entries) > **** > > ** ** > > How about "getent shadow" (assuming a linux machine and not solaris,**** > > **** > > No, this only shows the users with entries in /etc/shadow. However:**** > > 1. getent passwd includes the hashed passwords of users in the nis tables* > *** > > 2. It was not necessary to add the user to /etc/shadow in order to allow > samba domain logins. All I had to do was add the user to /etc/passwd.**** > > **** > > and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf > entry for > > shadow: files nis**** > > Yes **** > > > > Are you missing the : in the nsswitch.conf entries?**** > > No. **** > > > Are your user names all in lower case? Are they all 8 characters or under. > **** > > ** ** > > Yes. **** > > ** ** > > Simon**** > > > > > > > > > On 03/08/12 22:46, Simon Matthews wrote:**** > > I have a server which is a samba PDC and has recently been converted to an > NIS client. For historic reasons, many users login information is in the > local machine's /etc/passwd and /etc/shadow files. > > samba is set up to use a tdbsam database. > > I got the first indication of problems when I tried to add a user using the > smbpasswd -a command. I found that smbpasswd would not recognize the user > unless either the username was in the /etc/passwd file, or I changed > /etc/nsswitch.conf from > passwd compat > TO: > passwd files nis > > However, if I make the latter change, the user cannot log into any Windows > machines that are controlled by my PDC. To allow logins, all I have to do > is > ypcat passwd | grep<username> >> /etc/passwd > After this, the user can log in. > > Is there any configuration of samba that will allow it to properly > recognize user data from the NIS map and not require the user to be listed > in the /etc/passwd file? > > Simon**** > > ** ** > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba**** > > ** ** > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba