[Samba] password

[Edmundo Valle Neto]

Andrea Bencini escreveu:
>> SWAT's help files are a good resource, as shown below.
>>
>> Dale
>
> I will explain you my question.
> I have installed samba-3.0.28-0 like PDC and I have only some  Xp prof 
> clients.
> In "global" section of smb.conf I have set
> passdb backend = tdbsam
> unix password sync = no
> encrypt password = yes
>
> I have NOT set  "passwd program" and "passwd chat"
> Then, with pdbedit, I have set password expired.
> I can change the password, when it is expired, from Xp prof client.
>
> The question is:
> Are "passwd program" and "passwd chat"  part of the suit to change the 
> password?

Yes.

> I have NOT used them, but I can change anyway the passwords; then when 
> should I use
> them? In which situation?

As already said, the man page are very clear. The password program is 
the program used to change UNIX passwords. And UNIX passwords are not, 
lets say, "samba passwords".

Samba maintains its hashes by its own (that only it uses), but the UNIX 
part is configurable.
These options are used if you enable back the unix password sync. Theres 
some other options used with LDAP too.

What you will notice if you not sync the UNIX part, is that these 
accounts would not be able to be used with the same password by other 
services (that don't use the samba NT and LM hashes to authenticate), 
you will not be able to log in a shell, for example.

The password chat is the configuration used to know when to feed or to 
consider the output a response to the password program, as password 
programs doesn't accept passwords in their command line for security 
reasons. It works like a program called expect that is used for the same 
purpose in automated configurations.

Use these options together if you plan to sync the UNIX part of the set 
of passwords with the samba part and you are not using LDAP.

> Thanks
> Andrea
>


Regards.

Edmundo Valle Neto