Is it possible to sync. smb usernames to unix username ?

[Paul Warren]

On Thu, 23 Mar 2000, Frank Wiegerinck (Faculteit) wrote:

> Is it possible to sync. smb usernames to unix usernames.
> I have to implement a Samba-server into network where
> users already have an unix username. There are already
> 2000 users and adding these usernames manual isn't 
> possible because it will take to much time. Each year
> 400-600 users have to be deleted and the same count of 
> users have to be added to the unix-environment and
> samba-environment. A option or programma which will
> sync. the userdatabases will be nice.

The usernames isn't really the problem - Samba will use Unix usernames by
default.  The difficulty is when you need/want to use encrypted passwords
with Samba.  In order to use SMB encrypted passwords you need to obtain an
encrypted copy of the user's password.  This cannot be extracted from the
password hash in /etc/passwd or /etc/shadow, it needs to be derived from a
plain text copy of the users' passwords.

We have just had to implement encrypted samba passwords on our system -
not quite as many users as you, but too many to do by hand.  My solution
was:

A home made PAM module pam_smb_auth_sync.so.  This is added to the login
PAM files so that everytime a user logs in via telnet or ssh, it takes a
copy of the users password and encrypts it, and sets it in /etc/smbpasswd.  
This much is good for initialising /etc/smbpasswd if all of your users log
in regularly.  You will need to add the users to the /etc/smbpasswd file
first, but this can be done easily with a shell script and smbpasswd -a.

The module pam_smbpass.so to keep passwords synced - add this to
/etc/pam.d/passwd and whenever a user changes their Unix password, their
SMB password will be updated at the same time.

Let me know if you want full details, or the source for
pam_smb_auth_sync.

yours,

Paul