[Samba] looking for a pam_smbpass user to answer passwd sync issues

[Deas, Jim]

I need to let my users change their password using PAM to preserve the
existing ldap authentication system. How can I force pam to sync the smb
password to the unix one.

I am running Fedora 7 package on an x86-64 system. I have smb working
via ldap and sambasam.schema (v3.0.24) I have unix password sync = yes
but it should not come into play as I never plan to reset passwords via
smbd.

 

 In '/etc/pam.d/system-auth' I was trying to use pam_smbpass.so

The original pam script for password had

 

password          sufficient           pam_ldap.so use_authtok

 

I changed it to:

 

password          requisite            pam_ldap.so use_authtok

password         required            pam_smbpass.so use_authtok
try_first_pass

 

 

The problem is I get a token manipulation error. Am I using it wrong?

 

What would be even better is if someone knows how to do this directly in
Fedora DS so all avenues of changing the password would change both.
Apparently smbpasswd depends on smbd running so that is not an option. I
don't know if pdbedit could do it or be launched as a script directly
from the directory server.