[Samba] Re: samba 3.0.4 on SLES8: password sync will not
work...(decode_pw_buffer: incorrect password length)
RRuegner
robert at ruegner.org
Mon May 17 23:47:02 GMT 2004
Hi Chris, this is the procedere
to change the password via pam/samba from a win client,
i have it up and runnig with suse 9 and it works like charme
adding this entries below and having the right entries in smb.conf
Regards
Chris Almond schrieb:
> thanks - I am using a samb3-3.0.4-4 build (src rpm) from sernet.
> also, I am actually seeking to get password sync in the other direction
> than that handled by pam_smbpass below. I want a domain user (say
> running a WinXP client) to change their domain password (w/Samba as
> PDC), and cause this to also change their unix password via password
> sync. I believe what you describe below is for sync in this direction:
> /etc/passwd --> /etc/samba/smbpasswd
>
> Because you pointed out PAM as a possible factor in this, I tried
> reading up a little and playing w/PAM settings in smb.conf - no luck -
> still can't sync
>
>
> > RRuegner wrote:
>
>>
>> Hi you should use the suse rpms , from ftp.suse.com people gd , or get
>> the latest smba packs from sernet ftp,
>> yes and of course you have to change /etc/pam.d/login
>> with something like this
>> #%PAM-1.0
>> # password-sync
>> #
>> # A sample PAM configuration that shows the use of pam_smbpass to make
>> # sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
>> # is changed. Useful when an expired password might be changed by an
>> # application (such as ssh).
>> auth requisite pam_nologin.so
>> auth required pam_unix.so
>> account required pam_unix.so
>> password requisite pam_cracklib.so retry=3
>> password requisite pam_unix.so shadow md5 use_authtok
>> try_first_pass
>> password required pam_smbpass.so nullok use_authtok
>> try_first_pass
>> session required pam_unix.so
>> ######################################################################################
>>
>> so it will work,
>> be aware that you will get failure if you client has the latest ms
>> patches which breaks this feature, but it should be ok with the latest
>> version of stable samba ( which you can get at sernets ftp )
>> Regards
>
>
More information about the samba
mailing list