[Samba] Sync unix and samba passwords

Craig Jackson CJackson at abbott-simses.com
Sat Sep 30 13:05:42 GMT 2006

> -----Original Message-----
> From: samba-bounces+cjackson=abbott-simses.com at lists.samba.org
> [mailto:samba-bounces+cjackson=abbott-simses.com at lists.samba.org]On
> Behalf Of Craig Jackson
> Sent: Friday, September 29, 2006 3:57 PM
> To: samba at lists.samba.org
> Subject: [Samba] Sync unix and samba passwords
> Hi,
> We have an Exchange server (server 2003) that is a domain 
> controller and
> a few Samba file servers that are not part of the Windows domain. The
> Samba servers use their own LDAP directory ( ldapsam backend with
> pam_ldap ) that is synchronized to one openldap directory 
> server but is
> not synchronized to the Windows domain AD. The workstations are all
> local accounts and not members of any domain either. I am happy with
> this arrangement despite having to enter user information twice and
> would rather not change it.
> Goal: I would like to use Services for Unix on the Windows AD 
> controller
> to synchronize linux passwords so that the end user has to change
> password once for email/Samba and once for local computer.
> Problem: When Linux administrator issues the passwd command as in #
> passwd <username> the ldap userPassword attribute is changed correctly
> but the Samba NT/LM passwords are not also changed.
> What I have already done: Googled the issue and found that unix passwd
> sync in smb.conf is not what I need. Ldap passwd sync = yes is in
> smb.conf. I have found some info on pam_smbpass.so but do not have
> enough information to know if this is what I need and how to use it.
> Or can someone tell me if this will not work at all. Better ideas?
> Thanks!
> Craig
> -- 

Samba docs say that pam_smbpass.so is in fact what I need and I have 
added the following line to /etc/pam.d/common-passwd

password   required   pam_smbpass.so nullok use_authtok try_first_pass

But #passwd <user> doesn't sync the LDAP NT/LM passwords and there is this
in the log:

 CRON[18769]: PAM adding faulty module: /lib/security/pam_smbpass.so

According to Samba docs, pam_smbpass.so is used to keep the smbpasswd 
(Samba password) database in sync, but does that really mean ONLY 
smbpasswd or any Samba backend?


More information about the samba mailing list