[Samba] PAM Module for SMB-LDAP
Bradley W. Langhorst
brad at langhorst.com
Tue Jan 28 18:59:02 GMT 2003
On Tue, 2003-01-28 at 05:43, Matthias Eichler wrote:
> Hi Everybody,
>
> maybe we are just too stupid, but for me it seems that
> there is some problem with holding passwords completely
> sync between *NIX-world and WIN-world when I use LDAP
> & Samba.
>
> If a user changes a password under Windows, with "passwd chat"
> the *NIX-Password (attribute: userPassword) can be changend
> very well besides the both Samba-LDAP-attributes lmPassword
> and ntPassword.
>
> But if a user from the *NIX-world wants to change his password
> over a service that uses PAM.D we have the following problem:
>
> pam_smbpass.so can authenticate UNIX Users via SMB-LDAP
> but it can not be used for "passwd" from UNIX-side!!!
> We read already the sourcecode and pam_smbpass.so always
> wants to change the smbpasswd-file, which is not be used
> for regular users in LDAP-mode...
i use pam smbpass for this...
here's my /etc/pam.d/passwd file
password requisite pam_cracklib.so retry=3 minlen=6 difok=3 debug
password [user_unknown=ignore success=ok new_authtok_reqd=ok
ignore=ignore defau
lt=bad] pam_ldap.so use_first_pass
password required pam_unix.so use_first_pass nullok md5 debug
password [user_unknown=ignore success=ok new_authtok_reqd=ok
ignore=ignore defau
lt=bad] pam_smbpass.so use_first_pass audit
I don't claim that file to be perfect but it does seem to work just fine
for me.
Im also using the ldap in the nsswitch.conf
brad
--
Bradley W. Langhorst <brad at langhorst.com>
More information about the samba
mailing list