Samba 3.6.12 and NIS











up vote
1
down vote

favorite
1












We were able to use Samba and NIS on Samba 3.0.8 on Solaris 10 U5. When we update system to Solaris 10 U11, samba version became 3.6.12. And we are unable to authenticate like old style.



I did not include some parameters on below(create directory mask,etc...)



Old smb.conf



    [global]

    workgroup = WORKGROUPNAME

    server string =  Samba Server

    security = SERVER

    password server = dc6n, dc7n

    username map = /etc/sfw/username.map

    local master = No

    dns proxy = No

    wins server = dc6n, dc7n

    kernel oplocks = No

    host msdfs = No

    map archive = No

    oplocks = No

    level2 oplocks = No


old nsswitch.conf



    passwd files nis

    hosts  files nis


We try to set same configuration to Samba 3.6.12, but it did not work. So I decided to use security = ADS with Kerberos. This is worked but the way we did not want. Because, only windows domain users were able to login and NIS users not.



New /etc/smb.conf



    workgroup = WORKGROUPNAME

    realm = domain.com

    security = ADS

    password server = dc6n.domain.com

    utmp = Yes

    idmap config *:backend = tdb

    idmap config *:range = 5000-9999

    idmap config NETADM:backend = tdb

    idmap config NETADM:range = 10000-90000

    idmap uid = 100000-500000

    idmap gid = 100000-500000

    template homedir = /home/%U

    template shell = /bin/tcsh

    winbind cache time = 1800

    winbind enum users = No

    winbind enum groups = No

    winbind use default domain = Yes

    winbind separator = /

    create krb5 conf = No

    local master = yes

    domain login = yes

    domain master = yes

    preferred master = yes


New /etc/nsswitch.conf



    passwd files winbind  nis

    hosts  files winbind  nis


New /etc/krb5.conf



    [libdefaults] 

        domain.com = domain.com

        dns_lookup_kdc = true 



    [realms] 

        symantec.local = { 

            kdc = dc6n.domain.com

            admin_server = dc6n.domain.com

        } 



    [domain_realm] 

    .domain.com = domain.com


I am able to get users info from AD and NIS with wbinfo and genent commands.



How can we authenticate like old style again?






solaris samba nis







share|improve this question
























  • What did you mean old style authentication?Old style auth is samba users sync with Unix users.Is it? I didnt know samba can use NIS for Authentication.Samba can use LDAP/Kerberos for authentication.
    – supriady
    Jan 10 '17 at 14:09












  • Solaris used NIS server for Authentication.You can sync samba users with unix users.You log in to samba using unix users.
    – supriady
    Jan 10 '17 at 14:15















up vote
1
down vote

favorite
1












We were able to use Samba and NIS on Samba 3.0.8 on Solaris 10 U5. When we update system to Solaris 10 U11, samba version became 3.6.12. And we are unable to authenticate like old style.



I did not include some parameters on below(create directory mask,etc...)



Old smb.conf



    [global]

    workgroup = WORKGROUPNAME

    server string =  Samba Server

    security = SERVER

    password server = dc6n, dc7n

    username map = /etc/sfw/username.map

    local master = No

    dns proxy = No

    wins server = dc6n, dc7n

    kernel oplocks = No

    host msdfs = No

    map archive = No

    oplocks = No

    level2 oplocks = No


old nsswitch.conf



    passwd files nis

    hosts  files nis


We try to set same configuration to Samba 3.6.12, but it did not work. So I decided to use security = ADS with Kerberos. This is worked but the way we did not want. Because, only windows domain users were able to login and NIS users not.



New /etc/smb.conf



    workgroup = WORKGROUPNAME

    realm = domain.com

    security = ADS

    password server = dc6n.domain.com

    utmp = Yes

    idmap config *:backend = tdb

    idmap config *:range = 5000-9999

    idmap config NETADM:backend = tdb

    idmap config NETADM:range = 10000-90000

    idmap uid = 100000-500000

    idmap gid = 100000-500000

    template homedir = /home/%U

    template shell = /bin/tcsh

    winbind cache time = 1800

    winbind enum users = No

    winbind enum groups = No

    winbind use default domain = Yes

    winbind separator = /

    create krb5 conf = No

    local master = yes

    domain login = yes

    domain master = yes

    preferred master = yes


New /etc/nsswitch.conf



    passwd files winbind  nis

    hosts  files winbind  nis


New /etc/krb5.conf



    [libdefaults] 

        domain.com = domain.com

        dns_lookup_kdc = true 



    [realms] 

        symantec.local = { 

            kdc = dc6n.domain.com

            admin_server = dc6n.domain.com

        } 



    [domain_realm] 

    .domain.com = domain.com


I am able to get users info from AD and NIS with wbinfo and genent commands.



How can we authenticate like old style again?






solaris samba nis







share|improve this question
























  • What did you mean old style authentication?Old style auth is samba users sync with Unix users.Is it? I didnt know samba can use NIS for Authentication.Samba can use LDAP/Kerberos for authentication.
    – supriady
    Jan 10 '17 at 14:09












  • Solaris used NIS server for Authentication.You can sync samba users with unix users.You log in to samba using unix users.
    – supriady
    Jan 10 '17 at 14:15













up vote
1
down vote

favorite
1









up vote
1
down vote

favorite
1






1





We were able to use Samba and NIS on Samba 3.0.8 on Solaris 10 U5. When we update system to Solaris 10 U11, samba version became 3.6.12. And we are unable to authenticate like old style.



I did not include some parameters on below(create directory mask,etc...)



Old smb.conf



    [global]

    workgroup = WORKGROUPNAME

    server string =  Samba Server

    security = SERVER

    password server = dc6n, dc7n

    username map = /etc/sfw/username.map

    local master = No

    dns proxy = No

    wins server = dc6n, dc7n

    kernel oplocks = No

    host msdfs = No

    map archive = No

    oplocks = No

    level2 oplocks = No


old nsswitch.conf



    passwd files nis

    hosts  files nis


We try to set same configuration to Samba 3.6.12, but it did not work. So I decided to use security = ADS with Kerberos. This is worked but the way we did not want. Because, only windows domain users were able to login and NIS users not.



New /etc/smb.conf



    workgroup = WORKGROUPNAME

    realm = domain.com

    security = ADS

    password server = dc6n.domain.com

    utmp = Yes

    idmap config *:backend = tdb

    idmap config *:range = 5000-9999

    idmap config NETADM:backend = tdb

    idmap config NETADM:range = 10000-90000

    idmap uid = 100000-500000

    idmap gid = 100000-500000

    template homedir = /home/%U

    template shell = /bin/tcsh

    winbind cache time = 1800

    winbind enum users = No

    winbind enum groups = No

    winbind use default domain = Yes

    winbind separator = /

    create krb5 conf = No

    local master = yes

    domain login = yes

    domain master = yes

    preferred master = yes


New /etc/nsswitch.conf



    passwd files winbind  nis

    hosts  files winbind  nis


New /etc/krb5.conf



    [libdefaults] 

        domain.com = domain.com

        dns_lookup_kdc = true 



    [realms] 

        symantec.local = { 

            kdc = dc6n.domain.com

            admin_server = dc6n.domain.com

        } 



    [domain_realm] 

    .domain.com = domain.com


I am able to get users info from AD and NIS with wbinfo and genent commands.



How can we authenticate like old style again?






solaris samba nis







share|improve this question















We were able to use Samba and NIS on Samba 3.0.8 on Solaris 10 U5. When we update system to Solaris 10 U11, samba version became 3.6.12. And we are unable to authenticate like old style.



I did not include some parameters on below(create directory mask,etc...)



Old smb.conf



    [global]

    workgroup = WORKGROUPNAME

    server string =  Samba Server

    security = SERVER

    password server = dc6n, dc7n

    username map = /etc/sfw/username.map

    local master = No

    dns proxy = No

    wins server = dc6n, dc7n

    kernel oplocks = No

    host msdfs = No

    map archive = No

    oplocks = No

    level2 oplocks = No


old nsswitch.conf



    passwd files nis

    hosts  files nis


We try to set same configuration to Samba 3.6.12, but it did not work. So I decided to use security = ADS with Kerberos. This is worked but the way we did not want. Because, only windows domain users were able to login and NIS users not.



New /etc/smb.conf



    workgroup = WORKGROUPNAME

    realm = domain.com

    security = ADS

    password server = dc6n.domain.com

    utmp = Yes

    idmap config *:backend = tdb

    idmap config *:range = 5000-9999

    idmap config NETADM:backend = tdb

    idmap config NETADM:range = 10000-90000

    idmap uid = 100000-500000

    idmap gid = 100000-500000

    template homedir = /home/%U

    template shell = /bin/tcsh

    winbind cache time = 1800

    winbind enum users = No

    winbind enum groups = No

    winbind use default domain = Yes

    winbind separator = /

    create krb5 conf = No

    local master = yes

    domain login = yes

    domain master = yes

    preferred master = yes


New /etc/nsswitch.conf



    passwd files winbind  nis

    hosts  files winbind  nis


New /etc/krb5.conf



    [libdefaults] 

        domain.com = domain.com

        dns_lookup_kdc = true 



    [realms] 

        symantec.local = { 

            kdc = dc6n.domain.com

            admin_server = dc6n.domain.com

        } 



    [domain_realm] 

    .domain.com = domain.com


I am able to get users info from AD and NIS with wbinfo and genent commands.



How can we authenticate like old style again?






solaris samba nis




solaris samba nis






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 23 '17 at 1:14









Jeff Schaller

36.4k952120




36.4k952120










asked Jan 18 '14 at 9:26









mr unix

63




63












  • What did you mean old style authentication?Old style auth is samba users sync with Unix users.Is it? I didnt know samba can use NIS for Authentication.Samba can use LDAP/Kerberos for authentication.
    – supriady
    Jan 10 '17 at 14:09












  • Solaris used NIS server for Authentication.You can sync samba users with unix users.You log in to samba using unix users.
    – supriady
    Jan 10 '17 at 14:15


















  • What did you mean old style authentication?Old style auth is samba users sync with Unix users.Is it? I didnt know samba can use NIS for Authentication.Samba can use LDAP/Kerberos for authentication.
    – supriady
    Jan 10 '17 at 14:09












  • Solaris used NIS server for Authentication.You can sync samba users with unix users.You log in to samba using unix users.
    – supriady
    Jan 10 '17 at 14:15
















What did you mean old style authentication?Old style auth is samba users sync with Unix users.Is it? I didnt know samba can use NIS for Authentication.Samba can use LDAP/Kerberos for authentication.
– supriady
Jan 10 '17 at 14:09






What did you mean old style authentication?Old style auth is samba users sync with Unix users.Is it? I didnt know samba can use NIS for Authentication.Samba can use LDAP/Kerberos for authentication.
– supriady
Jan 10 '17 at 14:09














Solaris used NIS server for Authentication.You can sync samba users with unix users.You log in to samba using unix users.
– supriady
Jan 10 '17 at 14:15




Solaris used NIS server for Authentication.You can sync samba users with unix users.You log in to samba using unix users.
– supriady
Jan 10 '17 at 14:15










1 Answer
1






active

oldest

votes

















up vote
0
down vote













Make sure you have an entry for winbind sessions in your /etc/pam.d/system-auth-ac file.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f109869%2fsamba-3-6-12-and-nis%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    Make sure you have an entry for winbind sessions in your /etc/pam.d/system-auth-ac file.






    share|improve this answer



























      up vote
      0
      down vote













      Make sure you have an entry for winbind sessions in your /etc/pam.d/system-auth-ac file.






      share|improve this answer

























        up vote
        0
        down vote










        up vote
        0
        down vote









        Make sure you have an entry for winbind sessions in your /etc/pam.d/system-auth-ac file.






        share|improve this answer














        Make sure you have an entry for winbind sessions in your /etc/pam.d/system-auth-ac file.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Apr 17 '14 at 13:45









        Michael Mrozek

        59.9k28187208




        59.9k28187208










        answered Apr 16 '14 at 0:18









        user205093

        1




        1






























             

            draft saved


            draft discarded



















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f109869%2fsamba-3-6-12-and-nis%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Morgemoulin

            Image
            Morgemoulin — miejscowość i gmina — Państwo   Francja Region Grand Est Departament Moza Okręg Verdun Kod INSEE 55357 Powierzchnia 6,82 km² Populacja  (1990) • liczba ludności 75 • gęstość 11 os./km² Kod pocztowy 55400 Położenie na mapie Francji Morgemoulin 49°14′N   5°35′E / 49,233333   5,583333 Portal Francja Morgemoulin – miejscowość i gmina we Francji, w regionie Grand Est, w departamencie Moza. Według danych na rok 1990 gminę zamieszkiwało 75 osób, a gęstość zaludnienia wynosiła 11 osób/km² (wśród 2335 gmin Lotaryngii Morgemoulin plasuje się na 970. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 848.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Verdun Abaucourt-Hautecourt • Aincreville • Ambly-sur-Meuse • Amel-sur-l'Étang • Ancemont • Arrancy-sur-Crusne • Aubréville • Autré...
            Read more

            Scott Moir

            Image
            Scott Moir Tessa Virtue i Scott Moir w 2016 r. Reprezentacja   Kanada Data i miejsce urodzenia 2 września 1987 London Wzrost 180 cm Konkurencja Pary taneczne Partner sportowy Tessa Virtue Trener Marie-France Dubreuil, Patrice Lauzon, Romain Haguenauer Poprzednio: Marina Zujewa, Oleg Epstein, Igor Szpilband, Johnny Johns, Carol Moir, Paul MacIntosh, Suzanne Killing Klub Montreal International School of Skating Poprzednio: Arctic Edge FSC Ilderton Skating Club Lokalizacja treningowa Montreal Poprzednio: Canton Kitchener Rekordy życiowe ISU przed sezonem 2018/2019 Nota łączna 206,07 Igrzyska Olimpijskie 2018 Taniec krótki 83,67 Igrzyska Olimpijskie 2018 Taniec dowolny 122,40 Igrzyska Olimpijskie 2018 Dorobek medalowy Reprezentacja   Kanada Igrzyska olimpijskie Złoto Vancouver 2010 pary taneczne Złoto Pjongczang 2018 pary taneczne Złoto Pjongczang 2018 drużynowo Srebro S...
            Read more

            Souastre

            Image
            Souastre — miejscowość i gmina — Herb Państwo   Francja Region Hauts-de-France Departament Pas-de-Calais Okręg Arras Kod INSEE 62800 Powierzchnia 7,18 km² Populacja  (1990) • liczba ludności 352 • gęstość 49 os./km² Kod pocztowy 62111 Położenie na mapie Francji Souastre 50°09′N   2°34′E / 50,150000   2,566667 Portal Francja Souastre – miejscowość i gmina we Francji, w regionie Hauts-de-France, w departamencie Pas-de-Calais. Według danych na rok 1990 gminę zamieszkiwały 352 osoby, a gęstość zaludnienia wynosiła 49 osób/km² (wśród 1549 gmin regionu Nord-Pas-de-Calais Souastre plasuje się na 887. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 507.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Arras Ablain-Saint-Nazaire Ablainzevelle Acheville Achicourt Achiet-le-Grand Achiet-le-Pe...
            Read more