[Samba] changing smb passwords from non smb machines

Andrew Bartlett abartlet at samba.org
Sat Oct 12 00:49:01 GMT 2002

"Bradley W. Langhorst" wrote:
> In the interest of not having password divergence between NT and unix
> I've got everything authenticating against and ldap database.
> samba password updates are not a problem - i just
> use the unix password syncing features.
> however the other direction is proving to be a problem.
> I can rig pam to update both passwords with pam_ldap and pam_smbpass
> on machines that run samba. On some machines I don't want to run samba
> but i still want to provide passwd updates.
> I've considered and rejected pam_smb and pam_ntdom
> since they don't seem to have the password updating features (just auth
> features).

pam_winbind does password changes.

> I'd rather have the samba stuff updated by an exop on the ldap server
> but i don't think that is possible since the ldap server would have to
> know how to generate NT and LM hashes

If you are into this kind of thing, I think it would be very nice.  I've
recectly added the support to pdb_ldap to call such a routine - which
would allow Samba to do only one password set, allowing the ldap server
to deal with the rest.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list