mksmbpasswd
Matthias Wächter
matthias at waechter.wol.at
Thu Nov 11 18:42:42 GMT 1999
On Fri, 12 Nov 1999, Tom Kunicki wrote:
> Geoffrey,
>
> Your 'password chat' is setup with the assumption
> that 'unix passowrd sync = yes'. From the smb.conf
> man page, when 'unix password sync = yes' the
> password chat program is always run as root (the users
> old password isn't required for a password change,
> unless your using yppassword!).
>
> So you have two choices.
>
> 1) set 'unix password sync = yes' in smb.conf
1a) set 'password program = /usr/bin/passwd %u'
^^^^^^^^ (or whatever path you have it in).
Since the 'password program' will be run as root, the default /bin/passwd
would change the root's password without the username as the parameter.
`testparm` is your friend now, because it gives at least some kind of
warning for that.
So: Using 'unix password sync = Yes' and 'encrypt passwords = Yes' need
'password program' reflect it's called as root (and thus needs %u as
parameter) and 'password chat' reflect that root changing a password
doesn't need (and doesn't know) the old password (thus starts with
'*New*password* %n\n ...' or similar).
Or the other way round: Since 'unix password sync = Yes' needs the old
password in plaintext, 'encrypt passwords = Yes' would not be able to pass
it to unix because samba doesn't know or receive it. So, 'password
program' must be run as root since he's the only one allowed to enter a
new password without knowing the old one. But because of this, root must
know who he has to change the password for, so you have to specify
'/usr/bin/passwd %u'. Additionally, the 'password chat' must be changed to
reflect the fact that root is never asked for the old password - that's
why we do all this.
To lighten up things, finally the related part of my setup for smb.conf.
Debian 1.something, ...:
encrypt passwords = Yes
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *new*password* %n\n *changed*
Sehr Wus,
- Matthias
--
Wer reitet so spät durch Nacht und Wind?
- Wos waas I
-----------------------------------------------------------------------------
More information about the samba-ntdom
mailing list