Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Quick way to migrate 500 users to Password Server or tim for SMB authentication?

I upgraded from 10.1 to 10.2 so the netinfo database already had 5000 users in it and netinfo worked fine. I used perl scripts to load them with crypt style passwords. However, I can't get the Work Group Manager to come up, it starts to load them then crashes. I've tried different amounts of users, somewhere between 500 and 1000 crashes it. Without the Work Group Manager, I wouldn't try to do a password server. I filed this as a bug when 10.2 came out, but nothing has been done so far. It's a problem in the graphics, not the databases.

Beware in trying to batch load users into netinfo. It starts skipping users, randomly, if you try to do more than about 100 at a time, even with sleeps between each one. In my testing, with smaller user databases, I've not been able to get clients to use the LDAP authentication, it may be me, I don't know why it doesn't work, the clients just sit there with the colored pinwheel going for long long times, then finally come up in local mode. Even if I could get LDAP to fly, I've not wanted to go to a password server because they can't replicate themselves. As I understand it, If the server should go down, your dead till another can be built and it's only as good as your last backup.

I'm also a little dubious about trying to mount large numbers of user's home directories over the network. Has anyone done this with a few thousand shares over NFS? Is LDAP really meant for large networks with many users?

On Friday, January 31, 2003, at 10:14 AM, Peter Zingg wrote:

I know this has been discussed before, but I have 500 users with Netinfo (crypt-style) passwords that I want to now have authenticated by Password Server so that they can use Samba services. I have (somewhere secure, I hope) a database of their passwords in cleartext, also.

Is there a niutil-type command line for entering these passwords if I switch their authentication method to Password Server? I assume I can do this using niload. If it is going to require manual entering of passwords, I will wait until next summer if I do it at all. Has anyone successfully dealt with this issue? Seems like there will be a lot of admins having to go this route. I've been scared off using Password Server right now by reading some newsgroup postings, so...

Looking around, I find that the 10.2.3 Admin Guide pages 617ff have some mention of using the Authentication Manager with Netinfo ("tim passwords") for authenticating from SMB clients. Will this work with NT-Lan Manager encrypted passwords?

If you follow the instructions on pages 617, it shows how to reset the root tim passwords on various Netinfo domains:

sudo NeST -settimpassword <domain_tag> root <rootpassword> <rootpassword>

Will this command also work with regular users as well as root (assuming they are in the correct Netinfo domain), instead of making users reset their own passwords? The documentation says that after setting up Authenitcation Manager, "each password change made to a user account will generate an Authentication Manager password for the user." I don't want to have to force all my users (or me) to change their passwords.

By the way, what does the abbreviation "tim" stand for?

And it would be nice of Apple to document NeST with a manpage or a PDF.

Peter Zingg
Technology Coordinator
Kentfield School District
699 Sir Francis Drake Blvd.
Kentfield, CA 94904
email@hidden
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >Quick way to migrate 500 users to Password Server or tim for SMB authentication? (From: Peter Zingg <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.