[Samba] Re: Password Syncing

Ganeshram Iyer ganeshramiyer at sbcglobal.net
Sat Aug 21 17:17:56 GMT 2004 

Thanks Ulf for your suggestion. I did have a question about your post. 
The line that you suggest we add to the /etc/pam.d/passwd file would 
change the SAMBA password when the UNIX password changes.
(Does the line you suggest replace the password line already present in 
the passwd file?
password   required     pam_stack.so service=system-auth)

Is there a way to change the UNIX password when the SAMBA password is 
changed in a similar fashion using PAM? I have tried using the "unix 
password sync = yes" parameter with "password program = usr/bin/passwd 
%u" and "password chat" parameters but have never been able to change 
the UNIX password when SAMBA password is changed. I have simply ruled 
that this method does not work at all for me after umpteen tries.

So if you have a PAM based password sync going from SAMBA to UNIX I 
would really appreciate it.

Also found the following: 
(http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2582436)


        Password Synchronization Configuration

A sample PAM configuration that shows the use of pam_smbpass to make 
sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) is 
changed. Useful when an expired password might be changed by an 
application (such as *ssh*).

#%PAM-1.0
# password-sync
#
auth       requisite    pam_nologin.so
auth       required     pam_unix.so
account    required     pam_unix.so
password   requisite    pam_cracklib.so retry=3
password   requisite    pam_unix.so shadow md5 use_authtok try_first_pass
password   required     pam_smbpass.so nullok use_authtok try_first_pass
session    required     pam_unix.so

Is this the /etc/pam.d/passwd file? The documentation does not 
explicitly mention it as such. Would this work in place of the config 
line that you have provided?

Any comments that you may provide would be highly helpful. I am trying 
to implement a single username/password system for the user and till now 
have been totally unsuccessful.

Thanks in advance.
Ganesh

Ulf Dettmer wrote:

> Hi,
> the file you need to modify is /etc/pam.d/passwd . You should include 
> a line like this:
> password required       pam_smbpass.so  use_authtok use_first_pass 
> smbconf=/etc/samba/smb.conf
> cheers, Ulf
>
>
> Stephen Le schrieb:
>
>> Hello,
>>
>> Is there a way to sync the Unix password database with Samba's
>> database? I know that Samba is able to update the Unix database if a
>> user changes their password via smbpasswd, but what if a user changes
>> their Unix password with passwd?
>>
>> I looked into libpam-smbpass, but it didn't seem to work; the
>> documentation was rather sparse, so I just overwrote my
>> /etc/pam.d/samba with the provided "password-sync" in the samples
>> directory.
>>
>> Additionally, I would prefer not to use unencrypted passwords.
>>
>> Thanks,
>> Stephen Le
>
>

More information about the samba mailing list