[Samba] Sync unix and samba passwords
Craig Jackson
CJackson at abbott-simses.com
Sun Oct 1 02:20:02 GMT 2006
> -----Original Message-----
> From: samba-bounces+cjackson=abbott-simses.com at lists.samba.org
> [mailto:samba-bounces+cjackson=abbott-simses.com at lists.samba.org]On
> Behalf Of Craig Jackson
> Sent: Saturday, September 30, 2006 8:06 AM
> To: samba at lists.samba.org
> Subject: RE: [Samba] Sync unix and samba passwords
>
>
>
>
> > -----Original Message-----
> > From: samba-bounces+cjackson=abbott-simses.com at lists.samba.org
> > [mailto:samba-bounces+cjackson=abbott-simses.com at lists.samba.org]On
> > Behalf Of Craig Jackson
> > Sent: Friday, September 29, 2006 3:57 PM
> > To: samba at lists.samba.org
> > Subject: [Samba] Sync unix and samba passwords
> >
> >
> > Hi,
> >
> > We have an Exchange server (server 2003) that is a domain
> > controller and
> > a few Samba file servers that are not part of the Windows
> domain. The
> > Samba servers use their own LDAP directory ( ldapsam backend with
> > pam_ldap ) that is synchronized to one openldap directory
> > server but is
> > not synchronized to the Windows domain AD. The workstations are all
> > local accounts and not members of any domain either. I am happy with
> > this arrangement despite having to enter user information twice and
> > would rather not change it.
> >
> > Goal: I would like to use Services for Unix on the Windows AD
> > controller
> > to synchronize linux passwords so that the end user has to change
> > password once for email/Samba and once for local computer.
> >
> > Problem: When Linux administrator issues the passwd command as in #
> > passwd <username> the ldap userPassword attribute is
> changed correctly
> > but the Samba NT/LM passwords are not also changed.
> >
> > What I have already done: Googled the issue and found that
> unix passwd
> > sync in smb.conf is not what I need. Ldap passwd sync = yes is in
> > smb.conf. I have found some info on pam_smbpass.so but do not have
> > enough information to know if this is what I need and how to use it.
> >
> > Or can someone tell me if this will not work at all. Better ideas?
> >
> > Thanks!
> > Craig
> > --
>
>
> Samba docs say that pam_smbpass.so is in fact what I need and I have
> added the following line to /etc/pam.d/common-passwd
>
> password required pam_smbpass.so nullok use_authtok try_first_pass
>
> But #passwd <user> doesn't sync the LDAP NT/LM passwords and
> there is this
> in the log:
>
> CRON[18769]: PAM adding faulty module: /lib/security/pam_smbpass.so
>
> According to Samba docs, pam_smbpass.so is used to keep the smbpasswd
> (Samba password) database in sync, but does that really mean ONLY
> smbpasswd or any Samba backend?
>
#apt-get install pam_smbpass fixed the faulty module error -- DUH!
but still no sync of LDAP smb passwords after changing unix password with
passwd command.
Using samba 3.022 on Ubuntu Dapper
Is this the right list for this?
Thanks.
Craig
More information about the samba
mailing list