[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 23 Sep 2011, Mark Evans wrote:
On 23/09/11 16:45, Gordon Henderson wrote:Bit of an oddity here... Got a small network of Linux servers, all running NIS and exporting filesystems via NFS - works well. They now need Win clients to access it, so the obvious answer is Samba. That's fine, but authentication is the issue - what gives these days? The last time I did anything non trivial, I arranged samba to authenticate to the Linux password file (via NIS), which worked really well, and punters used the same login/password to access shares on several servers, however it required the clients to have the "enable plain-text password" registry setting which I understand is deprecated these days. Any suggestions? It's really quite some time since I've looked at all this for anything other than a trivial installation.The most obvious solution is to use LDAP. Which can hold both everything the NIS maps do as well as the Windows password hashes and SIDS.
OK. LDAP server.. http://www.howtoforge.com/linux_ldap_authenticationappears to make it relatively easy to use LDAP under Linux, but what about samba..
http://wiki.samba.org/index.php/Samba_&_LDAP OK, it's a possibility... The crucial thing is that it honours unix group permissions though...
You might also want to enable "update encrypted" in smb.conf which will automatically generate the LM and NT hashes. Regardless of if you have the passdb backend set to either smbpasswd or tdbsam you can use pdbedit -Lw to extract the hashes and Samba account flags in a form which can be manipulated into an ldif file.
Life is so easy when you just have NIS to wory about!
The most basic solution I'm thinking of is to have one master samba password file and simply copy it to the other servers every time I add a user - crude... What's the magic runes/incantations require to have oneThis could also lead to some strange things happening when passwords are changed.
Sure, but it's managable, and samba can do a call-back to update the unix password file if someone changes their password - that just screws them for other samba servers :)
samba server as a master and the others authenticsating off it?Punters will be using a mix of XP, Win7 and I heard some mutterings of Vista too... A lot are using their 'home' laptop, (both in the office an remotely via VPN), so I'm not sure forcing them into the whole Win Domain thing is good either, but...Do you just need access to shares or domain logins too? The latter can require rather more work.
We just need access to multiple shares on multiple servers. Even if we had to type in a username+password for every share, it would be OK as long as they were the same for every server.
I'm not wedded to NIS - if LDAP can replace that, then fine.I'm also re-reading all the samba stuff again. An added complication would appear to be that not all the servers are on the same LAN.
Ah well. Looks like some light reading this weekend!Essentially what's happened is that a little R&D co. I support need to take on more staff and contractors - and 99% of these will be using their own laptops in office &| working from home so the nice tidy little Linux setup has been somewhat disrupted!
Cheers, Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq