[Samba] Password sync problem from unix to windows

Udo Rader udo.rader at bestsolution.at
Wed Apr 9 22:01:56 GMT 2008 

On Wed, 2008-04-09 at 15:52 -0600, SoUnD WrEcK wrote:
> I have searched the list and have been unable to find a definitive answer to
> this problem.
> 
> I am using Samba 3.0.2xx as a PDC.  The server that runs this also happens
> to be a NIS master (not sure if this complicates matters or not).
> 
> When a user's password is changed within a windows client that is part of
> this domain (i.e. using ctrl-alt-del), the password change correctly
> propagates to the unix side.
> 
> However, if a user's password is changed from the unix side (i.e. using
> /usr/bin/passwd), this does not propagate correctly to the windows side.
> This appears to be some sort of Samba password syncing problem.
> 
> Here are some relevant lines from my smb.conf (NOTE: The encrypt passwords
> line is commented out and not exactly sure why that's there or if this is my
> problem.)
> 
> -----
>    ;encrypt passwords = no
> 
>    unix password sync = yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *New*password:* %n\n\
>                  *Re-enter*new*password:* %n\n\
>                  *passwd:*password*successfully*changed*for* %u
> -----
> 
> My main question here is whether or not this can be done- can I sync
> passwords if the password was changed from the unix side?
> 
> One thing I read was that user's must use the smbpasswd command instead of
> passwd.  Would this be an acceptable solution?  If so, could I reroute
> (symlink) /usr/bin/passwd to smbpasswd so that users would be forced to use
> smbpasswd?  I'm not really sure of another way to enforce this..

You basically have two options:

#1 as said, use smbpasswd instead of passwd
#2 use the pam_smbpass module provided by your vendor

the latter one being probably the best method.

-- 
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20080410/78933475/attachment.bin

More information about the samba mailing list