[Samba] changing smb passwords from non smb machines

[Andrew Bartlett]

"Bradley W. Langhorst" wrote:
> 
> In the interest of not having password divergence between NT and unix
> I've got everything authenticating against and ldap database.
> 
> samba password updates are not a problem - i just
> use the unix password syncing features.
> 
> however the other direction is proving to be a problem.
> I can rig pam to update both passwords with pam_ldap and pam_smbpass
> on machines that run samba. On some machines I don't want to run samba
> but i still want to provide passwd updates.
> 
> I've considered and rejected pam_smb and pam_ntdom
> since they don't seem to have the password updating features (just auth
> features).

pam_winbind does password changes.

> I'd rather have the samba stuff updated by an exop on the ldap server
> but i don't think that is possible since the ldap server would have to
> know how to generate NT and LM hashes

If you are into this kind of thing, I think it would be very nice.  I've
recectly added the support to pdb_ldap to call such a routine - which
would allow Samba to do only one password set, allowing the ldap server
to deal with the rest.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net