From owner-freebsd-questions  Fri Mar  2  5:54:29 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194])
	by hub.freebsd.org (Postfix) with ESMTP id C5F7E37B71B
	for <questions@freebsd.org>; Fri,  2 Mar 2001 05:54:24 -0800 (PST)
	(envelope-from so@server.i-clue.de)
Received: from i-clue.de (automatix.i-clue.de [192.168.0.112])
	by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id QAA17410;
	Fri, 2 Mar 2001 16:00:38 +0100
Message-ID: <3A9FA662.FF3761A8@i-clue.de>
Date: Fri, 02 Mar 2001 14:55:47 +0100
From: Christoph Sold <so@server.i-clue.de>
Reply-To: Christoph Sold <so@server.i-clue.de>
X-Mailer: Mozilla 4.75 [de] (WinNT; U)
X-Accept-Language: de
MIME-Version: 1.0
To: igorr@crosswinds.net
Cc: Christoph Sold <so@i-clue.de>, questions@freebsd.org
Subject: Re: Samba and NIS
References: <20010302094032.A5369@linux.rainbow> <3A9FA0DF.AD106559@i-clue.de> <20010302164117.A8178@linux.rainbow>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



Igor Robul schrieb:
> 
> On Fri, Mar 02, 2001 at 02:32:15PM +0100, Christoph Sold wrote:
> >
> >
> > Igor Robul schrieb:
> > >
> > > Hello,
> > >
> > > Had anybody tried use Samba with NIS authentification on FreeBSD?
> >
> > Although I use both NIS client and Samba server on the same machine, I
> > still have my Samba clients to authenticate against a NT 4 domain.
> >
> > AFAIR, Samba uses its own passwd file, so you have to define either
> > another NIS map manually, or just NFS-mount the directory containing the
> > smbpasswd file.
> I just wish to tell Samba use Unix password, so I don't need maintain
> two password bases. Also, I don't have NT servers on network.
> I know that Samba can be authentificated against NIS+ or LDAP.
> 

From man smb.conf:

NOTE ABOUT USERNAME/PASSWORD VALIDATION
       There  are a number of ways in which a user can connect to
       a service. The  server  follows  the  following  steps  in
       determining  if  it will allow a connection to a specified
       service. If all the steps fail then the connection request
       is  rejected.  If one of the steps pass then the following
       steps are not checked.

       If the service is marked "guest only = yes" then  steps  1
       to 5 are skipped.

       1.     Step  1:  If the client has passed a username/pass-
#             word pair and that username/password pair is  vali-
#                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#             dated  by  the UNIX system's password programs then
#             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
              the connection is made as that username. Note  that
              this  includes the \\server\service%username method
              of passing a username.

Note the sentence above. This means, if _any_ password mechanism can
validate the username/passwd pair, the user will be able to access. Just
add a user account to your unix box.

HTH
-Christoph Sold

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message