samba / UNIX password sync

Vladimir Kosovac vkosovac at gmail.com
Wed Aug 30 17:20:39 UTC 2006 

Matthijs, thanks for the comments.

I failed to mention - this samba server is actually acting as a domain
controller, no windows servers involved.
Perhaps I did not get the whole concept right but I was under impression
that option

unix password sync = Yes

allows just that - keeping smb and Linux passwords in sync when smb password
is changed from windows client machine.

Regards, Vladimir

On 8/30/06, Matthijs.Sneijders at corusgroup.com <
Matthijs.Sneijders at corusgroup.com> wrote:
>
> you might want to consider a slightly different approach to your setup,
>
> -use pam_smb to authenticate users on your linux system using the windows
> user database
> -use nss  (/etc/nsswitch.conf)  to get userinformation from files/nis) You
> still need the windows usernames available in passwd/nis
>       for information like homefolder/shell/uid/gid
>
> in smb.conf use server or domain security.  (domain is better but samba
> must join the domain first)
> this enables samba to authenticate incoming connections using the windows
> user database
>
> This way, all authentication is done using windows accounts,  no password
> sync is needed anymore!
>
>
>
> Matthijs Sneijders
>
>
>
>
>      CORUS
>      Research,
>      Development
>      &
>      Technology
>
>      Building
>      3G16 room
>      3-312
>
>      P.O. Box
>      10.000
>
>      1970 CA
>      IJMUIDEN
>
>      phone       +31 (0)251-496400
>
>      fax         +31 (0)251-470064
>
>      mail        matthijs.sneijders at corusgroup.com
>
>
>
>
>
>
> |---------+------------------------------>
> |         |           "Vladimir Kosovac" |
> |         |           <vkosovac at gmail.com|
> |         |           >                  |
> |         |           Sent by:           |
> |         |           redhat-list-bounces|
> |         |           @redhat.com        |
> |         |                              |
> |         |                              |
> |         |           30-08-2006 01:14   |
> |         |           Please respond to  |
> |         |           General Red Hat    |
> |         |           Linux discussion   |
> |         |           list               |
> |         |                              |
> |---------+------------------------------>
>
>   >-------------------------------------------------------------------------------------------------------------------|
>   |
> |
>   |       To:       redhat-list at redhat.com
>                                                                             |
>   |
> cc:
> |
>   |       Subject:  samba / UNIX password
> sync                                                                        |
>
>   >-------------------------------------------------------------------------------------------------------------------|
>
>
>
>
> Hi all.
>
> I am running very old version of samba (2.2.7) and cannot upgrade just
> yet,
> must make this work as it is (if possible).
>
> After playing a bit with pam modules, I got first part of what I want to
> do
> going - windows user is able to change domain password from windows.
> However, this change never gets synced to Linux password, although (I
> think)
> configuration is OK. Can someone give me some pointers to what else I need
> to look at? Current relevant config is:
>
> Server: Red Hat 7.1 / samba-2.2.7-2.7.2 (compiled from RH source with some
> extra options, --with pam-smb_passwd included)
> Client: Windows 2000 / some XP
>
> #/etc/pam.d/samba
> #%PAM-1.0
> # The PAM configuration file for the `samba' service
> #
> auth       required     /lib/security/pam_smbpass.so nodelay
> account    required     /lib/security/pam_pwdb.so audit nodelay
> session    required     /lib/security/pam_pwdb.so nodelay
> password   required     /lib/security/pam_smbpass.so nodelay
> smbconf=/etc/samba/smb.conf
>
> #/etc/samba/smb.conf
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> pam password change = yes
> obey pam restrictions = yes
>
> What am I missing? Help appreciated,
>
> Vladimir
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> **********************************************************************
> This transmission is confidential and must not be used or disclosed by
> anyone other than the intended recipient. Neither Corus Group Plc nor
> any of its subsidiaries can accept any responsibility for any use or
> misuse of the transmission by anyone.
> **********************************************************************
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list