[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 23/09/11 16:45, Gordon Henderson wrote: > > > Bit of an oddity here... Got a small network of Linux servers, all > running NIS and exporting filesystems via NFS - works well. > > They now need Win clients to access it, so the obvious answer is Samba. > That's fine, but authentication is the issue - what gives these days? > The last time I did anything non trivial, I arranged samba to > authenticate to the Linux password file (via NIS), which worked really > well, and punters used the same login/password to access shares on > several servers, however it required the clients to have the "enable > plain-text password" registry setting which I understand is deprecated > these days. > > Any suggestions? It's really quite some time since I've looked at all > this for anything other than a trivial installation. The most obvious solution is to use LDAP. Which can hold both everything the NIS maps do as well as the Windows password hashes and SIDS. You might also want to enable "update encrypted" in smb.conf which will automatically generate the LM and NT hashes. Regardless of if you have the passdb backend set to either smbpasswd or tdbsam you can use pdbedit -Lw to extract the hashes and Samba account flags in a form which can be manipulated into an ldif file. > The most basic solution I'm thinking of is to have one master samba > password file and simply copy it to the other servers every time I add a > user - crude... What's the magic runes/incantations require to have one This could also lead to some strange things happening when passwords are changed. > samba server as a master and the others authenticsating off it? > Punters will be using a mix of XP, Win7 and I heard some mutterings of > Vista too... A lot are using their 'home' laptop, (both in the office an > remotely via VPN), so I'm not sure forcing them into the whole Win > Domain thing is good either, but... Do you just need access to shares or domain logins too? The latter can require rather more work. >
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq