From owner-freebsd-questions Sat Jun 29 4:45:52 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B30E737B400 for ; Sat, 29 Jun 2002 04:45:48 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4574443E0A for ; Sat, 29 Jun 2002 04:45:47 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.12.4/8.12.4) with ESMTP id g5TBjdtD016825; Sat, 29 Jun 2002 12:45:39 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.4/8.12.4/Submit) id g5TBjYlf016824; Sat, 29 Jun 2002 12:45:34 +0100 (BST) Date: Sat, 29 Jun 2002 12:45:34 +0100 From: Matthew Seaman To: Alex Cc: freebsd-questions@FreeBSD.ORG Subject: Re: centralized authentication question Message-ID: <20020629114534.GB15592@happy-idiot-talk.infracaninophi> References: <111644664.20020629103036@dds.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <111644664.20020629103036@dds.nl> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Jun 29, 2002 at 10:30:36AM +0200, Alex wrote: > My aim is to setup a samba PDC and BDC server for a windows network > and integrate the password database. So that any change will also > reflect the other OS. To avoid changing the password two times, or > adding a user twice. Have you guys any tips for me? I've tried to do just that before, unfortunately somewhat before the time when Samba had anything like workable domain controller functionality... Anyhow, the conclusion I came to at the time was that there wasn't really any good way to keep the NT and Unix (NIS) password databases in synch --- about the only approach possible was to use the Samba config settings which will run the unix passwd or yppasswd commands whenever it received a password change request from the windows boxes. It never worked very well and I never found a good way to set the NT password from a unix box. Ultimately it turned out that having separate password databases had it's advantages so we learned to live with the situation. Nowadays, I'd look into using LDAP as a common database for both the Unix and NT account data. See: http://www.skills-1st.co.uk/papers/security-with-ldap-jan-2002/slides.pdf http://www.openldap.org/ http://www.padl.com/OSS/pam_ldap.html > I have already setup a NIS server and want to setup a kerberos server > in the near future. LDAP would replace NIS. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message