[Samba] Re: samba 3.0.4 on SLES8: password sync will not work...(decode_pw_buffer: incorrect password length)

RRuegner robert at ruegner.org
Mon May 17 23:59:04 GMT 2004 

Hi Cris again, youre right in this setup i use
smbpasswd backend with  samba 3.0.4 , cause i also patched the pptpd to 
look at it,
but i didnt noticed any problem using smbpasswd instead
of tdb ( but for sure it is not recomended any more )
I use this for a small network, but everything works which is from need 
for a pdc.
In other networks i use ldap, cause of using bdc and advanced features
I think the use of the smb passwd backends (tdb, ldap etc ) has to fit 
to your needs, and what you prefer, in this case pam and smbpasswd gives 
me help
in being compatibel to older stuff which i wanna use ,too.

Regards

Chris Almond schrieb:

> thanks - I am using a samb3-3.0.4-4 build (src rpm) from sernet.
> also, I am actually seeking to get password sync in the other direction 
> than that handled by pam_smbpass below.  I want a domain user (say 
> running a WinXP client) to change their domain password (w/Samba as 
> PDC), and cause this to also change their unix password via password 
> sync.  I believe what you describe below is for sync in this direction: 
>  /etc/passwd --> /etc/samba/smbpasswd
> 
> Because you pointed out PAM as a possible factor in this, I tried 
> reading up a little and playing w/PAM settings in smb.conf - no luck - 
> still can't sync
> 
> 
>  > RRuegner wrote:
> 
>>
>> Hi you should use the suse rpms , from ftp.suse.com people gd , or get 
>> the latest smba packs from sernet ftp,
>> yes and of course you have to change /etc/pam.d/login
>> with something like this
>> #%PAM-1.0
>> # password-sync
>> #
>> # A sample PAM configuration that shows the use of pam_smbpass to make
>> # sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
>> # is changed.  Useful when an expired password might be changed by an
>> # application (such as ssh).
>> auth       requisite        pam_nologin.so
>> auth       required         pam_unix.so
>> account    required         pam_unix.so
>> password   requisite        pam_cracklib.so retry=3
>> password   requisite        pam_unix.so shadow md5 use_authtok 
>> try_first_pass
>> password   required         pam_smbpass.so nullok use_authtok 
>> try_first_pass
>> session    required         pam_unix.so
>> ###################################################################################### 
>>
>> so it will work,
>> be aware that you will get failure if you client has the latest ms 
>> patches which breaks this feature, but it should be ok with the latest 
>> version of stable samba ( which you can get at sernets ftp )
>> Regards
> 
>

More information about the samba mailing list