[Samba] Sync unix and samba passwords
CJackson at abbott-simses.com
Sat Sep 30 13:05:42 GMT 2006
> -----Original Message-----
> From: samba-bounces+cjackson=abbott-simses.com at lists.samba.org
> [mailto:samba-bounces+cjackson=abbott-simses.com at lists.samba.org]On
> Behalf Of Craig Jackson
> Sent: Friday, September 29, 2006 3:57 PM
> To: samba at lists.samba.org
> Subject: [Samba] Sync unix and samba passwords
> We have an Exchange server (server 2003) that is a domain
> controller and
> a few Samba file servers that are not part of the Windows domain. The
> Samba servers use their own LDAP directory ( ldapsam backend with
> pam_ldap ) that is synchronized to one openldap directory
> server but is
> not synchronized to the Windows domain AD. The workstations are all
> local accounts and not members of any domain either. I am happy with
> this arrangement despite having to enter user information twice and
> would rather not change it.
> Goal: I would like to use Services for Unix on the Windows AD
> to synchronize linux passwords so that the end user has to change
> password once for email/Samba and once for local computer.
> Problem: When Linux administrator issues the passwd command as in #
> passwd <username> the ldap userPassword attribute is changed correctly
> but the Samba NT/LM passwords are not also changed.
> What I have already done: Googled the issue and found that unix passwd
> sync in smb.conf is not what I need. Ldap passwd sync = yes is in
> smb.conf. I have found some info on pam_smbpass.so but do not have
> enough information to know if this is what I need and how to use it.
> Or can someone tell me if this will not work at all. Better ideas?
Samba docs say that pam_smbpass.so is in fact what I need and I have
added the following line to /etc/pam.d/common-passwd
password required pam_smbpass.so nullok use_authtok try_first_pass
But #passwd <user> doesn't sync the LDAP NT/LM passwords and there is this
in the log:
CRON: PAM adding faulty module: /lib/security/pam_smbpass.so
According to Samba docs, pam_smbpass.so is used to keep the smbpasswd
(Samba password) database in sync, but does that really mean ONLY
smbpasswd or any Samba backend?
More information about the samba