[Samba] Re: Password Syncing
Ganeshram Iyer
ganeshramiyer at sbcglobal.net
Sat Aug 21 17:17:56 GMT 2004
Thanks Ulf for your suggestion. I did have a question about your post.
The line that you suggest we add to the /etc/pam.d/passwd file would
change the SAMBA password when the UNIX password changes.
(Does the line you suggest replace the password line already present in
the passwd file?
password required pam_stack.so service=system-auth)
Is there a way to change the UNIX password when the SAMBA password is
changed in a similar fashion using PAM? I have tried using the "unix
password sync = yes" parameter with "password program = usr/bin/passwd
%u" and "password chat" parameters but have never been able to change
the UNIX password when SAMBA password is changed. I have simply ruled
that this method does not work at all for me after umpteen tries.
So if you have a PAM based password sync going from SAMBA to UNIX I
would really appreciate it.
Also found the following:
(http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2582436)
Password Synchronization Configuration
A sample PAM configuration that shows the use of pam_smbpass to make
sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) is
changed. Useful when an expired password might be changed by an
application (such as *ssh*).
#%PAM-1.0
# password-sync
#
auth requisite pam_nologin.so
auth required pam_unix.so
account required pam_unix.so
password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password required pam_smbpass.so nullok use_authtok try_first_pass
session required pam_unix.so
Is this the /etc/pam.d/passwd file? The documentation does not
explicitly mention it as such. Would this work in place of the config
line that you have provided?
Any comments that you may provide would be highly helpful. I am trying
to implement a single username/password system for the user and till now
have been totally unsuccessful.
Thanks in advance.
Ganesh
Ulf Dettmer wrote:
> Hi,
> the file you need to modify is /etc/pam.d/passwd . You should include
> a line like this:
> password required pam_smbpass.so use_authtok use_first_pass
> smbconf=/etc/samba/smb.conf
> cheers, Ulf
>
>
> Stephen Le schrieb:
>
>> Hello,
>>
>> Is there a way to sync the Unix password database with Samba's
>> database? I know that Samba is able to update the Unix database if a
>> user changes their password via smbpasswd, but what if a user changes
>> their Unix password with passwd?
>>
>> I looked into libpam-smbpass, but it didn't seem to work; the
>> documentation was rather sparse, so I just overwrote my
>> /etc/pam.d/samba with the provided "password-sync" in the samples
>> directory.
>>
>> Additionally, I would prefer not to use unencrypted passwords.
>>
>> Thanks,
>> Stephen Le
>
>
More information about the samba
mailing list