[Samba] Unix password synch

Bradley, James D. CONT (EAGAN, MCALLISTER ASSOC Dept 723) james.d.bradley at navy.mil
Tue Dec 21 13:56:42 GMT 2004

I have a related question (if this is the right place to ask...).  I'm
using pam_krb5 to authenticate users against an ADS domain, which works
well.  They can also change their AD account password with the passwd
command.  What I would like to happen is both the AD account and local
(Unix) account passwords get changed at the same time (that way users
could still log in with their "usual" password, even if there was some
loss of connectivity to the AD server).  Here's my current setup for

password   sufficient  pam_krb5.so
password   required    pam_unix.so try_first_pass nullok obscure \
                                   min=4 max=8 md5

What happens here is, the AD password gets changed, but the Unix
password is untouched (I've tried making the pam_krb5 line "optional" as
well, but that doesn't work either).  What's worse, I can't change
passwords for local-only accounts (like root) at all.  I have to comment
out the pam_krb5 line to do that.  I'm running Debian 3.1 (Sarge),
libpam-krb5 1.0-10.  Can anyone help?



James Bradley
Eagan, McAllister & Associates
james.d.bradley at navy.mil

-----Original Message-----
From: samba-bounces+james.d.bradley=navy.mil at lists.samba.org
[mailto:samba-bounces+james.d.bradley=navy.mil at lists.samba.org] On
Behalf Of Ow Mun Heng
Sent: Tuesday, December 21, 2004 1:10 AM
To: Samba-list
Subject: Re: [Samba] Unix password synch

On Tue, 2004-12-21 at 13:45, Anish Mathew wrote:
> Hi all,
> Is there any way to automatically update the samba
> password when a user changes his unix account password
> using the passwd command.
Short Answer - Yes.
> I want samba to look in passwd file for
> authentication. I dont want to create two accounts one
> for local unix and then for the samba.

How to get passwd to sync both Linux and smbpasswd

Update	:	Ow Mun Heng
Date	: 	Long Time Ago

The pam_smbpass PAM module can be used to sync users' Samba passwords
with their system passwords when the passwd command is used. If a user
invokes the passwd command, the password he uses to log in to the Red
Hat Linux system as well as the password he must provide to connect to a
Samba share are changed. 
To enable this feature, add the following line to /etc/pam.d/system-auth
below the pam_cracklib.so invocation: 
password required /lib/security/pam_smbpass.so nullok use_authtok

This module is incorporated into the samba source/rpm package

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    required      /lib/security/pam_smbpass.so nullok
use_authtok try_first_pass
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

# less /usr/share/doc/samba-2.2.7/docs/pam_smbpass/README

Ow Mun Heng
Gentoo/Linux on D600 1.4Ghz 
98% Microsoft(tm) Free!!
Neuromancer 14:06:56 up 4:56, 6 users, 0.47, 0.55, 0.25 

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list