Samba PDC password sync
Damian Sweeney
damian at tct.fwc.edu.to
Sun Oct 7 02:48:01 GMT 2001
A few months ago we changed from Samba 2.07 running on plain text passwords
to Samba 2.2.0a running as a PDC. During the transition the smb.conf had the
following global settings:
encrypt passwords = no
update encrypted = yes
smb passwd file = /etc/samba/smbpasswd
This allowed us to automatically update the smbpasswd file (i.e. passwords
moving from *nix to Window$) as users logged into the network. After most
users had been through this process, we switched to:
encrypted passwords = yes
passwd program = /usr/bin/passwd %u
passwd chat = *password* %n\n *password* %n\n *successful*
smb passwd file = /etc/samba/smbpasswd
Update encrypted was then omitted (because it doesn't work with encryption
on), but whenever a user arrived saying they couldn't use a resource on the
*nix box that needed their old password (perhaps because they didn't log on
in the transition period), we simply give them a temporary samba password and
get them to change it on a Window$ box. This updates both the smbpasswd and
passwd files (and shadow).
We are running RedHat 7.1 and this password syncing has worked from Win9x and
Win2k machines. You may need to adjust the passwd program = and/or passwd
chat = parameters to suit your *nix.
Hope that helps,
Damian.
More information about the samba-ntdom
mailing list