[Samba] Re: samba 3.0.4 on SLES8: password sync will not
work...(decode_pw_buffer: incorrect password length)
Chris Almond
chris_almond at us.ibm.com
Mon May 17 22:21:32 GMT 2004
thanks - I am using a samb3-3.0.4-4 build (src rpm) from sernet.
also, I am actually seeking to get password sync in the other direction
than that handled by pam_smbpass below. I want a domain user (say
running a WinXP client) to change their domain password (w/Samba as
PDC), and cause this to also change their unix password via password
sync. I believe what you describe below is for sync in this direction:
/etc/passwd --> /etc/samba/smbpasswd
Because you pointed out PAM as a possible factor in this, I tried
reading up a little and playing w/PAM settings in smb.conf - no luck -
still can't sync
> RRuegner wrote:
>
> Hi you should use the suse rpms , from ftp.suse.com people gd , or get
> the latest smba packs from sernet ftp,
> yes and of course you have to change /etc/pam.d/login
> with something like this
> #%PAM-1.0
> # password-sync
> #
> # A sample PAM configuration that shows the use of pam_smbpass to make
> # sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
> # is changed. Useful when an expired password might be changed by an
> # application (such as ssh).
> auth requisite pam_nologin.so
> auth required pam_unix.so
> account required pam_unix.so
> password requisite pam_cracklib.so retry=3
> password requisite pam_unix.so shadow md5 use_authtok
> try_first_pass
> password required pam_smbpass.so nullok use_authtok
> try_first_pass
> session required pam_unix.so
> ######################################################################################
>
> so it will work,
> be aware that you will get failure if you client has the latest ms
> patches which breaks this feature, but it should be ok with the latest
> version of stable samba ( which you can get at sernets ftp )
> Regards
More information about the samba
mailing list