subject:"\[Samba\] samba PDC\/NIS client"

Re: [Samba] samba PDC/NIS client

2012-03-12 Thread Tony Molloy

On Monday 12 March 2012 17:33:28 Simon Matthews wrote:
> On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloy  
wrote:
> > On Sunday 11 March 2012 05:31:35 Simon Matthews wrote:
> > > On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal
> > > 
> > > wrote:
> > > > Do you have password sync enabled?If password sync is
> > > > enabled, samba will try to use the passwd command to set the
> > > > unix password.  But with nis, you probably might need
> > > > something nis specific. On solaris it was “passwd –r nis” - 
> > > > not sure about linux.Probably better to just disable
> > > > password sync.
> > 
> > I've got a very similar setup to you. Except I use a smbpasswd
> > file.
> > 
> > > No, I don't have this option enabled. I am not sure how it is
> > > relevant. Problem summary:
> > > The samba PDC is an NIS client
> > > "getent passwd" retruns the passwd data.
> > > The user's SAMBA password was set  using smbpasswd
> > > The user's NIS passwd was set using yppasswd
> > 
> > So far all the same.
> > 
> > > ALL I had to do to allow domain logins was:
> > > ypcat passwd | grep  >> /etc/passwd
> > 
> > Why duplicate the password entries. I just have them in NIS and
> > /etc/passwd just has the system passwords.
> > 
> > > Note that after copying the user details to /etc/passwd, the
> > > password that was set with "smbpasswd" was the password that
> > > was used with the successful domain login.
> > 
> > Don't really uinderstand what you mean by "domain logins"
> > 
> > 1.  Create the user under linux first
> > 2.  Use smbpasswd to add the user to samba
> > 
> > You now have a user in both linux and samba but remember the
> > passwords are stored separately, changing one does not change
> > the other.
> > 
> > 3.   Edit /etc/nsswitch.conf. Set
> > 
> > passwd:files nis
> > shdow:  files
> 
> Removing the "nis" entry from "shadow:" in /etc/nsswitch.conf
> solved the issue. I don't understand why, but it did .
> 
> Simon


The shadow file /etc/shadow stores the passwords associated with the 
entries in the password file /etc/passwd.

It has nothing to do with the NIS password database which stores the 
passwords in the actual database entries.

Tony
> 
> > That works for me. YMMV
> > 
> > Tony
> > 
> > > Simon
> > 
> > --
> > To unsubscribe from this list go to the following URL and read
> > the instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

2012-03-12 Thread Gaiseric Vandal

If your NIS passwd file did NOT have a valid password, maybe samba or 
unix was rejecting logins as a security measure.




On 03/12/12 13:33, Simon Matthews wrote:

On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloy  wrote:


On Sunday 11 March 2012 05:31:35 Simon Matthews wrote:

On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal

wrote:

Do you have password sync enabled?If password sync is
enabled, samba will try to use the passwd command to set the
unix password.  But with nis, you probably might need something
nis specific. On solaris it was “passwd –r nis” -  not sure
about linux.Probably better to just disable password sync.

I've got a very similar setup to you. Except I use a smbpasswd file.


No, I don't have this option enabled. I am not sure how it is
relevant. Problem summary:
The samba PDC is an NIS client
"getent passwd" retruns the passwd data.
The user's SAMBA password was set  using smbpasswd
The user's NIS passwd was set using yppasswd

So far all the same.


ALL I had to do to allow domain logins was:
ypcat passwd | grep  >>  /etc/passwd

Why duplicate the password entries. I just have them in NIS and
/etc/passwd just has the system passwords.


Note that after copying the user details to /etc/passwd, the
password that was set with "smbpasswd" was the password that was
used with the successful domain login.

Don't really uinderstand what you mean by "domain logins"

1.  Create the user under linux first
2.  Use smbpasswd to add the user to samba

You now have a user in both linux and samba but remember the passwords
are stored separately, changing one does not change the other.

3.   Edit /etc/nsswitch.conf. Set

passwd:files nis
shdow:  files



Removing the "nis" entry from "shadow:" in /etc/nsswitch.conf solved the
issue. I don't understand why, but it did .

Simon


That works for me. YMMV

Tony


Simon

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

2012-03-12 Thread Simon Matthews

On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloy  wrote:

> On Sunday 11 March 2012 05:31:35 Simon Matthews wrote:
> > On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal
> >
> > wrote:
> > > Do you have password sync enabled?If password sync is
> > > enabled, samba will try to use the passwd command to set the
> > > unix password.  But with nis, you probably might need something
> > > nis specific. On solaris it was “passwd –r nis” -  not sure
> > > about linux.Probably better to just disable password sync.
> >
>
> I've got a very similar setup to you. Except I use a smbpasswd file.
>
> > No, I don't have this option enabled. I am not sure how it is
> > relevant. Problem summary:
> > The samba PDC is an NIS client
> > "getent passwd" retruns the passwd data.
> > The user's SAMBA password was set  using smbpasswd
> > The user's NIS passwd was set using yppasswd
>
> So far all the same.
>
> > ALL I had to do to allow domain logins was:
> > ypcat passwd | grep  >> /etc/passwd
>
> Why duplicate the password entries. I just have them in NIS and
> /etc/passwd just has the system passwords.
>
> > Note that after copying the user details to /etc/passwd, the
> > password that was set with "smbpasswd" was the password that was
> > used with the successful domain login.
>
> Don't really uinderstand what you mean by "domain logins"
>
> 1.  Create the user under linux first
> 2.  Use smbpasswd to add the user to samba
>
> You now have a user in both linux and samba but remember the passwords
> are stored separately, changing one does not change the other.
>
> 3.   Edit /etc/nsswitch.conf. Set
>
> passwd:files nis
> shdow:  files
>


Removing the "nis" entry from "shadow:" in /etc/nsswitch.conf solved the
issue. I don't understand why, but it did .

Simon

>
> That works for me. YMMV
>
> Tony
>
> >
> > Simon
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

2012-03-11 Thread Tony Molloy

On Sunday 11 March 2012 05:31:35 Simon Matthews wrote:
> On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal
> 
> wrote:
> > Do you have password sync enabled?If password sync is
> > enabled, samba will try to use the passwd command to set the
> > unix password.  But with nis, you probably might need something
> > nis specific. On solaris it was “passwd –r nis” -  not sure
> > about linux.Probably better to just disable password sync.
> 

I've got a very similar setup to you. Except I use a smbpasswd file.

> No, I don't have this option enabled. I am not sure how it is
> relevant. Problem summary:
> The samba PDC is an NIS client
> "getent passwd" retruns the passwd data.
> The user's SAMBA password was set  using smbpasswd
> The user's NIS passwd was set using yppasswd

So far all the same.

> ALL I had to do to allow domain logins was:
> ypcat passwd | grep  >> /etc/passwd

Why duplicate the password entries. I just have them in NIS and 
/etc/passwd just has the system passwords.

> Note that after copying the user details to /etc/passwd, the
> password that was set with "smbpasswd" was the password that was
> used with the successful domain login.

Don't really uinderstand what you mean by "domain logins"

1.  Create the user under linux first
2.  Use smbpasswd to add the user to samba

You now have a user in both linux and samba but remember the passwords 
are stored separately, changing one does not change the other.

3.   Edit /etc/nsswitch.conf. Set

passwd:files nis
shdow:  files

That works for me. YMMV

Tony

> 
> Simon

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

2012-03-10 Thread Simon Matthews

On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal
wrote:

> Do you have password sync enabled?If password sync is enabled, samba
> will try to use the passwd command to set the unix password.  But with
> nis, you probably might need something nis specific. On solaris it was
> “passwd –r nis” -  not sure about linux.Probably better to just disable
> password sync.
>

No, I don't have this option enabled. I am not sure how it is relevant.
Problem summary:
The samba PDC is an NIS client
"getent passwd" retruns the passwd data.
The user's SAMBA password was set  using smbpasswd
The user's NIS passwd was set using yppasswd
ALL I had to do to allow domain logins was:
ypcat passwd | grep  >> /etc/passwd
Note that after copying the user details to /etc/passwd, the password that
was set with "smbpasswd" was the password that was used with the successful
domain login.

Simon



> 
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Simon Matthews [mailto:simon.d.matth...@gmail.com]
> *Sent:* Friday, March 09, 2012 4:04 PM
> *To:* gaiseric.van...@gmail.com
> *Cc:* samba@lists.samba.org
> *Subject:* Re: [Samba] samba PDC/NIS client
>
> ** **
>
> ** **
>
> On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal 
> wrote:
>
> I don't think is this a samba issue.   Samba accounts need to have a
> corresponding unix account.   Shouldn't matter if they are in NIS or
> /etc/passwd.   If you have users in both it could get a problem.
>
> Is "getent passwd" really showing the users from NIS?
>
> ** **
>
> Yes.  In fact, for those users who are in both the /etc/passwd and nis
> tables, it shows both entries (and the details match between both entries)
> 
>
> ** **
>
>  How about "getent shadow" (assuming a linux machine and not solaris,
>
>  
>
> No, this only shows the users with entries in /etc/shadow. However:
>
> 1. getent passwd includes the hashed passwords of users in the nis tables*
> ***
>
> 2. It was not necessary to add the user to /etc/shadow in order to allow
> samba domain logins. All I had to do was add the user to /etc/passwd.
>
>  
>
> and probably doesn't matter anyway.)   Do you have an /etc/nsswitch.conf
> entry for
>
>shadow:  files nis
>
> Yes 
>
>
>
> Are you missing the : in the nsswitch.conf entries?
>
> No. 
>
>
> Are your user names all in lower case?  Are they all 8 characters or under.
> 
>
> ** **
>
>  Yes. 
>
> ** **
>
> Simon
>
>
>
>
>
>
>
>
> On 03/08/12 22:46, Simon Matthews wrote:
>
> I have a server which is a samba PDC and has recently been converted to an
> NIS client. For historic reasons, many users login information is in the
> local machine's /etc/passwd and /etc/shadow files.
>
> samba is set up to use a tdbsam database.
>
> I got the first indication of problems when I tried to add a user using the
> smbpasswd -a command. I found that smbpasswd would not recognize the user
> unless either the username was in the /etc/passwd file, or I changed
> /etc/nsswitch.conf from
> passwd compat
> TO:
> passwd files nis
>
> However, if I make the latter change, the user cannot log into any Windows
> machines that are controlled by my PDC. To allow logins, all I have to do
> is
> ypcat passwd | grep  >>  /etc/passwd
> After this, the user can log in.
>
> Is there any configuration of samba that will allow it to properly
> recognize user data from the NIS map and not require the user to be listed
> in the /etc/passwd file?
>
> Simon
>
> ** **
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> ** **
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

2012-03-10 Thread Gaiseric Vandal

Do you have password sync enabled?If password sync is enabled, samba
will try to use the passwd command to set the unix password.  But with  nis,
you probably might need something nis specific. On solaris it was "passwd -r
nis" -  not sure about linux.Probably better to just disable password
sync.

 

 

 

From: Simon Matthews [mailto:simon.d.matth...@gmail.com] 
Sent: Friday, March 09, 2012 4:04 PM
To: gaiseric.van...@gmail.com
Cc: samba@lists.samba.org
Subject: Re: [Samba] samba PDC/NIS client

 

 

On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal 
wrote:

I don't think is this a samba issue.   Samba accounts need to have a
corresponding unix account.   Shouldn't matter if they are in NIS or
/etc/passwd.   If you have users in both it could get a problem.

Is "getent passwd" really showing the users from NIS?

 

Yes.  In fact, for those users who are in both the /etc/passwd and nis
tables, it shows both entries (and the details match between both entries)

 

 How about "getent shadow" (assuming a linux machine and not solaris,

 

No, this only shows the users with entries in /etc/shadow. However:

1. getent passwd includes the hashed passwords of users in the nis tables

2. It was not necessary to add the user to /etc/shadow in order to allow
samba domain logins. All I had to do was add the user to /etc/passwd.

 

and probably doesn't matter anyway.)   Do you have an /etc/nsswitch.conf
entry for

   shadow:  files nis

Yes 



Are you missing the : in the nsswitch.conf entries?

No. 


Are your user names all in lower case?  Are they all 8 characters or under.

 

 Yes. 

 

Simon








On 03/08/12 22:46, Simon Matthews wrote:

I have a server which is a samba PDC and has recently been converted to an
NIS client. For historic reasons, many users login information is in the
local machine's /etc/passwd and /etc/shadow files.

samba is set up to use a tdbsam database.

I got the first indication of problems when I tried to add a user using the
smbpasswd -a command. I found that smbpasswd would not recognize the user
unless either the username was in the /etc/passwd file, or I changed
/etc/nsswitch.conf from
passwd compat
TO:
passwd files nis

However, if I make the latter change, the user cannot log into any Windows
machines that are controlled by my PDC. To allow logins, all I have to do is
ypcat passwd | grep  >>  /etc/passwd
After this, the user can log in.

Is there any configuration of samba that will allow it to properly
recognize user data from the NIS map and not require the user to be listed
in the /etc/passwd file?

Simon

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

2012-03-09 Thread Simon Matthews

On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal
wrote:

> I don't think is this a samba issue.   Samba accounts need to have a
> corresponding unix account.   Shouldn't matter if they are in NIS or
> /etc/passwd.   If you have users in both it could get a problem.
>
> Is "getent passwd" really showing the users from NIS?


Yes.  In fact, for those users who are in both the /etc/passwd and nis
tables, it shows both entries (and the details match between both entries)

 How about "getent shadow" (assuming a linux machine and not solaris,


No, this only shows the users with entries in /etc/shadow. However:
1. getent passwd includes the hashed passwords of users in the nis tables
2. It was not necessary to add the user to /etc/shadow in order to allow
samba domain logins. All I had to do was add the user to /etc/passwd.


> and probably doesn't matter anyway.)   Do you have an /etc/nsswitch.conf
> entry for
>
>shadow:  files nis
>
Yes

>
>
> Are you missing the : in the nsswitch.conf entries?
>
No.

>
> Are your user names all in lower case?  Are they all 8 characters or under.


 Yes.

Simon

>
>
>
>
>
>
>
> On 03/08/12 22:46, Simon Matthews wrote:
>
>> I have a server which is a samba PDC and has recently been converted to an
>> NIS client. For historic reasons, many users login information is in the
>> local machine's /etc/passwd and /etc/shadow files.
>>
>> samba is set up to use a tdbsam database.
>>
>> I got the first indication of problems when I tried to add a user using
>> the
>> smbpasswd -a command. I found that smbpasswd would not recognize the user
>> unless either the username was in the /etc/passwd file, or I changed
>> /etc/nsswitch.conf from
>> passwd compat
>> TO:
>> passwd files nis
>>
>> However, if I make the latter change, the user cannot log into any Windows
>> machines that are controlled by my PDC. To allow logins, all I have to do
>> is
>> ypcat passwd | grep  >>  /etc/passwd
>> After this, the user can log in.
>>
>> Is there any configuration of samba that will allow it to properly
>> recognize user data from the NIS map and not require the user to be listed
>> in the /etc/passwd file?
>>
>> Simon
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

2012-03-09 Thread Gaiseric Vandal

I don't think is this a samba issue.   Samba accounts need to have a 
corresponding unix account.   Shouldn't matter if they are in NIS or 
/etc/passwd.   If you have users in both it could get a problem.


Is "getent passwd" really showing the users from NIS?  How about 
"getent shadow" (assuming a linux machine and not solaris, and probably 
doesn't matter anyway.)   Do you have an /etc/nsswitch.conf entry for


shadow:  files nis


Are you missing the : in the nsswitch.conf entries?

Are your user names all in lower case?  Are they all 8 characters or under.






On 03/08/12 22:46, Simon Matthews wrote:

I have a server which is a samba PDC and has recently been converted to an
NIS client. For historic reasons, many users login information is in the
local machine's /etc/passwd and /etc/shadow files.

samba is set up to use a tdbsam database.

I got the first indication of problems when I tried to add a user using the
smbpasswd -a command. I found that smbpasswd would not recognize the user
unless either the username was in the /etc/passwd file, or I changed
/etc/nsswitch.conf from
passwd compat
TO:
passwd files nis

However, if I make the latter change, the user cannot log into any Windows
machines that are controlled by my PDC. To allow logins, all I have to do is
ypcat passwd | grep  >>  /etc/passwd
After this, the user can log in.

Is there any configuration of samba that will allow it to properly
recognize user data from the NIS map and not require the user to be listed
in the /etc/passwd file?

Simon


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba PDC/NIS client

2012-03-08 Thread Simon Matthews

I have a server which is a samba PDC and has recently been converted to an
NIS client. For historic reasons, many users login information is in the
local machine's /etc/passwd and /etc/shadow files.

samba is set up to use a tdbsam database.

I got the first indication of problems when I tried to add a user using the
smbpasswd -a command. I found that smbpasswd would not recognize the user
unless either the username was in the /etc/passwd file, or I changed
/etc/nsswitch.conf from
passwd compat
TO:
passwd files nis

However, if I make the latter change, the user cannot log into any Windows
machines that are controlled by my PDC. To allow logins, all I have to do is
ypcat passwd | grep  >> /etc/passwd
After this, the user can log in.

Is there any configuration of samba that will allow it to properly
recognize user data from the NIS map and not require the user to be listed
in the /etc/passwd file?

Simon
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba PDC/NIS client

Re: [Samba] samba PDC/NIS client

Re: [Samba] samba PDC/NIS client

Re: [Samba] samba PDC/NIS client

Re: [Samba] samba PDC/NIS client

Re: [Samba] samba PDC/NIS client

Re: [Samba] samba PDC/NIS client

Re: [Samba] samba PDC/NIS client

[Samba] samba PDC/NIS client

9 matches

Site Navigation

Mail list logo

Footer information