[Samba] Sync password (with MIT-kerberos server) and migration

Andrew Bartlett abartlet at samba.org
Mon Jan 17 09:12:08 GMT 2005


On Sun, 2005-01-16 at 15:52 -0500, FM wrote:
> Hello, my first post here :-),
> 
> 
> For several years, I are using samba 2.0 with local backend for windows
> stations and servers.
> NIS was our used for Linux stations and servers
> 
> Now, LDAP /KERBEROS is replacing NIS and Samba (with ldap backend) will
> replace the local backend .
> 
> My questions : 
> 1- How can I migrate information form server1 (samba 2) to server2 (samba 3)
> ? I read the official Samba how-to but this scenario is not covered.

Use the ldapsam_compat passdb backend, for compatability with Samba 2.2.
I'm not sure about Samba 2.0 however, that's before my time...

> 2- Because Samba can not use MIT-Kerberos for password (as far as I know), I
> need to sync samba password with Kerberos database. When user from Windows
> want to change his password, samba will use a custom script (not created yet
> ) to also so update the Kerberos password (if you have examples they're more
> then welcome).
> But the big problem is Linux users : If they want to update they password,
> they use kpasswd but it will not update  samba password.
> Is one of you manage to create a script to update both DB form command line
> ? I not a kerberos/samba expert but I suppose it's possible to change samba
> password form linux command linux and then call the kerberos kpasswd to also
> change this password. Then, I'll add it to all users ~/bin

The solution I use is to back Heimdal kerberos onto the Samba password
backend.  

https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050117/d71eb596/attachment.bin


More information about the samba mailing list