[Samba] Re: samba 3.0.4 on SLES8: password sync will not
work...(decode_pw_buffer: incorrect password length)
RRuegner
robert at ruegner.org
Mon May 17 23:59:04 GMT 2004
Hi Cris again, youre right in this setup i use
smbpasswd backend with samba 3.0.4 , cause i also patched the pptpd to
look at it,
but i didnt noticed any problem using smbpasswd instead
of tdb ( but for sure it is not recomended any more )
I use this for a small network, but everything works which is from need
for a pdc.
In other networks i use ldap, cause of using bdc and advanced features
I think the use of the smb passwd backends (tdb, ldap etc ) has to fit
to your needs, and what you prefer, in this case pam and smbpasswd gives
me help
in being compatibel to older stuff which i wanna use ,too.
Regards
Chris Almond schrieb:
> thanks - I am using a samb3-3.0.4-4 build (src rpm) from sernet.
> also, I am actually seeking to get password sync in the other direction
> than that handled by pam_smbpass below. I want a domain user (say
> running a WinXP client) to change their domain password (w/Samba as
> PDC), and cause this to also change their unix password via password
> sync. I believe what you describe below is for sync in this direction:
> /etc/passwd --> /etc/samba/smbpasswd
>
> Because you pointed out PAM as a possible factor in this, I tried
> reading up a little and playing w/PAM settings in smb.conf - no luck -
> still can't sync
>
>
> > RRuegner wrote:
>
>>
>> Hi you should use the suse rpms , from ftp.suse.com people gd , or get
>> the latest smba packs from sernet ftp,
>> yes and of course you have to change /etc/pam.d/login
>> with something like this
>> #%PAM-1.0
>> # password-sync
>> #
>> # A sample PAM configuration that shows the use of pam_smbpass to make
>> # sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
>> # is changed. Useful when an expired password might be changed by an
>> # application (such as ssh).
>> auth requisite pam_nologin.so
>> auth required pam_unix.so
>> account required pam_unix.so
>> password requisite pam_cracklib.so retry=3
>> password requisite pam_unix.so shadow md5 use_authtok
>> try_first_pass
>> password required pam_smbpass.so nullok use_authtok
>> try_first_pass
>> session required pam_unix.so
>> ######################################################################################
>>
>> so it will work,
>> be aware that you will get failure if you client has the latest ms
>> patches which breaks this feature, but it should be ok with the latest
>> version of stable samba ( which you can get at sernets ftp )
>> Regards
>
>
More information about the samba
mailing list