D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] NIS (YP) + Samba ...

 

On 23/09/11 16:45, Gordon Henderson wrote:

Bit of an oddity here... Got a small network of Linux servers, all
running NIS and exporting filesystems via NFS - works well.

They now need Win clients to access it, so the obvious answer is Samba.
That's fine, but authentication is the issue - what gives these days?
The last time I did anything non trivial, I arranged samba to
authenticate to the Linux password file (via NIS), which worked really
well, and punters used the same login/password to access shares on
several servers, however it required the clients to have the "enable
plain-text password" registry setting which I understand is deprecated
these days.

Any suggestions? It's really quite some time since I've looked at all
this for anything other than a trivial installation.

Personally for my own server I add the users as normal users and then use smbpasswd -a username to add the user and create a samba password for them. However I gather it is possible to use LDAP too, I just never really looked into it that hard.

On my machines I haven't used the plain text registry hacks in a few years, I remember using them years ago (probably about 2003/2004) with Samba, but at least with the Samba version that comes with Ubuntu Server 10.04 (3.4.7) it doesn't need the registry modification.


The most basic solution I'm thinking of is to have one master samba
password file and simply copy it to the other servers every time I add a
user - crude... What's the magic runes/incantations require to have one
samba server as a master and the others authenticsating off it?


You might be able to set another samba server up as a backup domain controller or a domain member server.

Not sure if this would be of any help?

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html

Punters will be using a mix of XP, Win7 and I heard some mutterings of
Vista too... A lot are using their 'home' laptop, (both in the office an
remotely via VPN), so I'm not sure forcing them into the whole Win
Domain thing is good either, but...


Maybe give them the choice? If they're running XP Home, Vista Home or Windows 7 Home then they won't be able to join the domain anyway, but as long as their username and password is the same as on the domain then they won't have to manually login to the server when they want to access something on it.

Hope this helps.

Rob

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq