[Samba] How to Change samba's PW from XP

Gary Dale garydale at torfree.net
Sun May 7 18:16:41 GMT 2006


My advice is work with the protocol rather than trying to fight it. 
You've effectively got two domains. Either get rid of one (and make the 
server a member of the other domain) or make both real domains. If you 
pick the latter, either have the user accounts in both domains with 
separate passwords or establish a trust relationship (obviously the 
latter is easier for everyone).

Trying to have a domain without a controller is really messing up the 
Windows security model. I personally would not recommend going down that 
road. You're inventing a new security model that really will leave you 
out on your own.

You may want to check some Windows server forums. Your proposal is 
basically (as I understand it) to have users in a Windows domain able to 
access shares on and change passwords for accounts local to a server 
which is not a member of any domain. Samba really doesn't have anything 
to do with this.


jayb wrote:

>Thank you for the response. I was hoping to avoid the PDC path.
>
>We're our samba file server is using ldap and it has all the
>Account policies configured. 
>
>Is there any way possible to get the samba file server 
>To push out a message to the XP box stating that the password has expired
>When the user goes to access a folder on the samba server? That is, without the samba
>Server configured for PDC?  
>
>An vica-versa, is there any way possible to send a password update message to the
>Samba server? That is, via some script that would push a user's old/new password to the
>Samba server that would cause smbpasswd to be invoked with this information?
>
>
>There some be some low-level SMB message protocol that could be exploited to do this task?
>
>Thanks again
>
>jay
>
>
>-----Original Message-----
>From: Gary Dale [mailto:garydale at torfree.net] 
>Sent: Sunday, May 07, 2006 9:43 AM
>To: jayb
>Cc: 'samba at lists.samba.org'
>Subject: Re: [Samba] How to Change samba's PW from XP
>
>
>It sounds like you have two domains. One way to handle this, since you 
>seem to be saying that your Samba server is really just a file server, 
>is to make it a member server in the Windows domain and get your 
>passwords from the Windows domain.
>
>Or you can set up a domain trust between the two domains, so your Samba 
>domain trusts your Windows domain. In either of these cases, all your 
>user information is in the Windows domain only so there is no need to 
>push password information to your Samba server.
>
>Or you could integrate your Samba LDAP with the Authentication Server's 
>(AS) LDAP. You'd need to add the fields from the Samba LDAP schema to 
>the AS LDAP schema and merge the data. Then point Samba to the AS LDAP 
>server. I believe this would make the Samba server a DC in the Windows 
>domain.
>
>Finally, you could have two separate domains, which sounds like your 
>current case. In this case, when the user changes their password, 
>Windows allows them the select the domain they want to change their 
>password in. Select the Samba domain from the pulldown list (how to get 
>the second (Samba) domain on the list is Windows XP question :) ).
>
>
>jayb wrote:
>
>  
>
>>Unfortuntely, the Samba LDAP is separate from our LDAP Authentication 
>>server. So, when the user changes his Windows password, it changes the 
>>Authentication server just fine.
>>
>>Then when the user accesses his Samba file server he gets prompted for 
>>Username / password where he has to enter in an old password until 
>>someone changes it to the new password on the samba server.
>>
>>If only there was some way for the XP box to tell the
>>samba server to put up a "password change" dialog box. Or the push
>>A password change to the samba server from within windows.
>>
>>Thanks
>>jay
>>
>>
>>
>>
>>-----Original Message-----
>>From: Gary Dale [mailto:garydale at torfree.net]
>>Sent: Sunday, May 07, 2006 1:28 AM
>>To: jayb; samba at lists.samba.org
>>Subject: Re: [Samba] How to Change samba's PW from XP
>>
>>
>>jayb wrote:
>>
>> 
>>
>>    
>>
>>>I could really use a quick yes/no answer here. If answer yes a pointer 
>>>to a Howto.
>>>
>>>I have a samba based file server running in workgroup mode with
>>>security = user
>>>
>>>XP User authentication is managed by a separate LDAP server.
>>>
>>>Is there a way from within XP such as  command utility, anything, I
>>>could use to update the samba server's password?
>>>
>>>RIght now, it a manual excerise to update the samba server password
>>>everytime the user changes his/her password.
>>>
>>>I see this question asked a lot but I just can't seem to fine an
>>>answer.
>>>
>>>When working as a PDC, what mechanism is used to update the user's
>>>password then?
>>>
>>>
>>>thanks
>>>
>>>jay
>>>
>>>
>>>   
>>>
>>>      
>>>
>>You should be able to change the password as per normal Windows usage 
>>if
>>Samba is using the LDAP server.
>>
>>Password setting seems to be a two-step process. Firstly, Samba updates
>>its password then it uses a script to run the local passwd program to 
>>change the local Linux/Unix password. If either fails, the password is 
>>not updated (as far as I can tell).
>>
>>Samba uses "expect" to test the prompts from passwd to feed it the
>>password and confirm completion.
>>I ran into a problem with this when my smb.conf password script didn't 
>>match what my passwd program was sending out, preventing me from 
>>changing password from Windows. :)
>>
>>
>> 
>>
>>    
>>
>
>
>  
>



More information about the samba mailing list