[Samba] PAM Module for SMB-LDAP

Bradley W. Langhorst brad at langhorst.com
Thu Jan 30 18:56:01 GMT 2003


On Thu, 2003-01-30 at 13:46, Buchan Milne wrote:
> > Date: 30 Jan 2003 10:40:50 -0500
> > From: "Bradley W. Langhorst" <brad at langhorst.com>
> > To: Matthias Eichler <me at ame.de>
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] PAM Module for SMB-LDAP
> > Message: 18
> > On Thu, 2003-01-30 at 05:28, Matthias Eichler wrote:
> > 
> >>> And with these settings you can really change the lmpassword and
> >>> ntpassword attributes in LDAP when doing a passwd under UNIX?!?
> > 
> > yes - i am using samba3a21 but i'm pretty sure this worked with 2.2.6
> > when i last tried the 2.2 branch
> 
> It really has no relationship to which samba you're running, since this
> is when changing your password on a unix machine which is not a DC, so
> you can't (AFAIK) use pam_smbpass, and the machine may have no samba
> components installed on it anyway.
I could be mistaken but I believe that the pam_smbpass that comes with
samba uses native samba calls to change the password.

Really - this does work on my setup
i've just tested it by changing my password like this on the command
line
 passwd bwlang
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
LDAP password information changed for bwlang
passwd: password updated successfully

now when i log in to an xp machine (joined to the samba pdc)
i must use the new password

here's what my auth.log says...
Jan 30 13:49:22 bitc PAM_unix[29461]: username [bwlang] obtained
Jan 30 13:49:22 bitc PAM_unix[29461]: Password for bwlang was changed
Jan 30 13:49:22 bitc PAM_smbpass[29461]: username [bwlang] obtained
Jan 30 13:49:22 bitc PAM_smbpass[29461]: password for (bwlang/603)
changed by (root/0)


> 
> AFIAK, the only way around this is a hacked pam_ldap which changes
> ntpasswd and lmpasswd, there is one around somewhere ...
maybe I'm using that hacked pam_ldap but I don't remember installing
it...

am i smoking crack here? seems to work.

brad
-- 
Bradley W. Langhorst <brad at langhorst.com>



More information about the samba mailing list