[Samba] Synchronising NT, unix and Samba passwords

Buchan Milne bgmilne at cae.co.za
Tue Nov 5 18:19:11 GMT 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Message: 22
> From: James Briar <james.briar at merton.gov.uk>
> To: "'mailman-owner at lists.samba.org'" <mailman-owner at samba.org>
> Date: Thu, 3 Oct 2002 09:07:35 +0100
> Subject: [Samba] Synchronising NT, unix and Samba passwords
>
>
> Our Samba is working perfect except that when a users NT password expires
> and the user changes it they can't access the share anymore from
Windows NT
> explorer. At the moment i have to log on to our unix system and change the
> unix and samba passwords manually to match the new NT password. I've been
> looking through all the websites on Samba but nothing has helped. I've
done
> all sorts of amendments to the smb.conf file (including setting encrypt
> passwords = yes, security = user and update encryted = yes). Should
the unix
> and samba passwords be automatically updated or i'm i trying to do
something
> that you can't do.
> We're using NT4 and Unix (Sun Solaris 8). The Samba version is 2.0.5a. I'm
> implementing a way around this by allowing the users to log into the unix
> system to change their Unix/Samba passwords. I've amended their
.profile to
> include commands "passwd" and "/usr/local/samba/bin/smbpasswd" (and "exit"
> to log them out after).
>

You really need to give more details on your setup for people to be able
to answer this.

How are you managing accounts?

Do you have a windows domain controller?

Is your samba box your domain controller?

If you have a windows DC (which I am assuming, since otherwise password
changes would fail if the smbpasswd wasn't changed), then you will
either want to:
1)join samba to the domain, and maintain user accounts seperately on the
unix box (for other services), other services you want to authenticate
against the windows DC, but only for accounts that exist on the solaris
box can use pam_smb.
2)run winbind on the solaris box (also requires joining the domain), in
which case, all windows user accounts will immediately exist on the
solaris box, and other services can easily authenticate via the windows DC.

If you have neither a samba DC or windows DC, you might as well set your
samba box up as DC.

Regards,
Buchan

- --
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9yAkkrJK6UGDSBKcRAuIXAJ0RhtDcb8HoxCCVqJ/Nb3NJ4+JJKwCgyz29
HSqErarW6WAcnqTivBUZ1DY=
=sZYv
-----END PGP SIGNATURE-----

More information about the samba mailing list