samba / UNIX password sync
Vladimir Kosovac
vkosovac at gmail.com
Wed Aug 30 17:29:22 UTC 2006
Thanks Alexey. Will give this a go.
On 8/31/06, A.Fadyushin at it-centre.ru <A.Fadyushin at it-centre.ru> wrote:
>
> The best way to resolve your problem is to use the some external
> authentication database (such as Windows domain controller) for both the
> SAMBA logins and usual logins (instead of /etc/passwd) as recommended in
> previous replies.
>
> However, if you prefer use both /etc/passwd and smbpasswd on your
> computer without use of domain controller/nss and need to keep them in
> sync, I think that you should add a call to pam_pwdb in 'password'
> section of samba PAM configuration file, so both pam_pwdb and
> pam_smbpass will be called when the password is changed. So, your SAMBA
> PAM configuration will end with something similar to (the option
> 'use_authtok' is used to get a password from previous PAM module, i.e.
> pam_pwdb):
>
> password requisite /lib/security/pam_pwdb.so shadow md5
> password required /lib/security/pam_smbpass.so use_authtok nodelay
> smbconf=/etc/samba/smb.conf
>
> Alexey Fadyushin
> Brainbench MVP for Linux
> http://www.brainbench.com
>
>
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> > bounces at redhat.com] On Behalf Of Matthijs.Sneijders at corusgroup.com
> > Sent: Wednesday, August 30, 2006 1:45 PM
> > To: General Red Hat Linux discussion list
> > Subject: Re: samba / UNIX password sync
> >
> > you might want to consider a slightly different approach to your
> setup,
> >
> > -use pam_smb to authenticate users on your linux system using the
> windows
> > user database
> > -use nss (/etc/nsswitch.conf) to get userinformation from files/nis)
> You
> > still need the windows usernames available in passwd/nis
> > for information like homefolder/shell/uid/gid
> >
> > in smb.conf use server or domain security. (domain is better but
> samba
> > must join the domain first)
> > this enables samba to authenticate incoming connections using the
> windows
> > user database
> >
> > This way, all authentication is done using windows accounts, no
> password
> > sync is needed anymore!
> >
> >
> >
> > Matthijs Sneijders
> >
> >
> >
> >
> > CORUS
> > Research,
> > Development
> > &
> > Technology
> >
> > Building
> > 3G16 room
> > 3-312
> >
> > P.O. Box
> > 10.000
> >
> > 1970 CA
> > IJMUIDEN
> >
> > phone +31 (0)251-496400
> >
> > fax +31 (0)251-470064
> >
> > mail matthijs.sneijders at corusgroup.com
> >
> >
> >
> >
> >
> >
> > |---------+------------------------------>
> > | | "Vladimir Kosovac" |
> > | | <vkosovac at gmail.com|
> > | | > |
> > | | Sent by: |
> > | | redhat-list-bounces|
> > | | @redhat.com |
> > | | |
> > | | |
> > | | 30-08-2006 01:14 |
> > | | Please respond to |
> > | | General Red Hat |
> > | | Linux discussion |
> > | | list |
> > | | |
> > |---------+------------------------------>
> >
> >-----------------------------------------------------------------------
> > --------------------------------------------|
> > |
> > |
> > | To: redhat-list at redhat.com
> > |
> > | cc:
> > |
> > | Subject: samba / UNIX password sync
> > |
> >
> >-----------------------------------------------------------------------
> > --------------------------------------------|
> >
> >
> >
> >
> > Hi all.
> >
> > I am running very old version of samba (2.2.7) and cannot upgrade just
> > yet,
> > must make this work as it is (if possible).
> >
> > After playing a bit with pam modules, I got first part of what I want
> to
> > do
> > going - windows user is able to change domain password from windows.
> > However, this change never gets synced to Linux password, although (I
> > think)
> > configuration is OK. Can someone give me some pointers to what else I
> need
> > to look at? Current relevant config is:
> >
> > Server: Red Hat 7.1 / samba-2.2.7-2.7.2 (compiled from RH source with
> some
> > extra options, --with pam-smb_passwd included)
> > Client: Windows 2000 / some XP
> >
> > #/etc/pam.d/samba
> > #%PAM-1.0
> > # The PAM configuration file for the `samba' service
> > #
> > auth required /lib/security/pam_smbpass.so nodelay
> > account required /lib/security/pam_pwdb.so audit nodelay
> > session required /lib/security/pam_pwdb.so nodelay
> > password required /lib/security/pam_smbpass.so nodelay
> > smbconf=/etc/samba/smb.conf
> >
> > #/etc/samba/smb.conf
> > security = user
> > encrypt passwords = yes
> > smb passwd file = /etc/samba/smbpasswd
> > unix password sync = Yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> > *passwd:*all*authentication*tokens*updated*successfully*
> > pam password change = yes
> > obey pam restrictions = yes
> >
> > What am I missing? Help appreciated,
> >
> > Vladimir
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> >
> > **********************************************************************
> > This transmission is confidential and must not be used or disclosed by
> > anyone other than the intended recipient. Neither Corus Group Plc nor
> > any of its subsidiaries can accept any responsibility for any use or
> > misuse of the transmission by anyone.
> > **********************************************************************
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list