[Samba] Re: password synchronization

[Kevin Fries]

Jasper V. Ferrer wrote:

> hi, i have three machines excellence, sapphire and integrity. excellence
> runs samba and acts as a pdc for domain ferrer-lan. sapphire also runs
> samba and is a member of domain ferrer-lan (security=domain). integrity
> runs windowsxp and is also a member of domain ferrer-lan.
> 
> samba on both excellence and sapphire has unix password sync enabled and
> is syncing passwords just fine. so when i change password on integrity the
> local linux password on excellence gets synced too. however this leaves me
> with a different linux password on sapphire.
> 
> since samba on sapphire is a member of domain ferrer-lan, is there a way
> to automagically sync to the local linux password? on samba startup?
> whenever connecting to samba on excellence?
> 
> please help, thank you.
> 

This is a normal password sync problem that has plagued the nixes for years. 
However, there is some excellent tools out now-a-days that make this
problem trivial.

I run two Linux servers and two linux desktops in an otherwise all Windows
network.  I separate my linux logins into two categories: User Accounts;
and System Accounts.

System accounts are accounts such as: root; ftp; service; apache; mysql; and
other such accounts that are system/server specific.  For this I use the
standard Unix password system and PAM.

User accounts though are a different situation completely.  For these, I use
an OpenLDAP server with the nss_ldap and pam_ldap tools from padl.com. 
When set up correctly, all the user accounts will be visible via PAM
authentication, and your password sync will store the data in LDAP. 
Therefore, a change in password in either location, will actually reflect
on all nix or Mac computers using the LDAP for authentication.

HTH
Kevin Fries