[Samba] password

Andrea Bencini andrea.bencini at tin.it
Sat Dec 29 16:21:48 GMT 2007

----- Original Message ----- 
From: "Dale Schroeder" <dale at BriannasSaladDressing.com>
To: "Andrea Bencini" <andrea.bencini at tin.it>
Sent: Friday, December 28, 2007 7:42 PM
Subject: Re: [Samba] password

> Andrea,
> SWAT's help files are a good resource, as shown below.
> Dale
> passwd program (G)
>    The name of a program that can be used to set UNIX user passwords.
>    Any occurrences of /|%u|/ will be replaced with the user name. The
>    user name is checked for existence before calling the password
>    changing program.
>    Also note that many passwd programs insist in /reasonable /
>    passwords, such as a minimum length, or the inclusion of mixed case
>    chars and digits. This can pose a problem as some clients (such as
>    Windows for Workgroups) uppercase the password before sending it.
>    /Note/ that if the /|unix password sync|/ parameter is set to |yes |
>    then this program is called /AS ROOT/ before the SMB password in the
>    smbpasswd file is changed. If this UNIX password change fails, then
>    |smbd| will fail to change the SMB password also (this is by design).
>    If the /|unix password sync|/ parameter is set this parameter /MUST
>    USE ABSOLUTE PATHS/ for /ALL/ programs called, and must be examined
>    for security implications. Note that by default /|unix password
>    sync|/ is set to |no|.
>    Default: //|passwd program|/ = || /
>    Example: //|passwd program|/ = |/bin/passwd %u| /
> passwd chat (G)
>    This string controls the /"chat"/ conversation that takes places
>    between smbd(8)
>    <> and the
>    local password changing program to change the user's password. The
>    string describes a sequence of response-receive pairs that smbd(8)
>    <> uses to
>    determine what to send to the passwd program and what to expect
>    back. If the expected output is not received then the password is
>    not changed.
>    This chat sequence is often quite site specific, depending on what
>    local methods are used for password control (such as NIS etc).
>    Note that this parameter only is only used if the unix password sync
>    parameter is set to |yes|. This sequence is then called /AS ROOT/
>    when the SMB password in the smbpasswd file is being changed,
>    without access to the old password cleartext. This means that root
>    must be able to reset the user's password without knowing the text
>    of the previous password. In the presence of NIS/YP, this means that
>    the passwd program must be executed on the NIS master.
>    The string can contain the macro /|%n|/ which is substituted for the
>    new password. The chat sequence can also contain the standard macros
>    \n, \r, \t and \s to give line-feed, carriage-return, tab and space.
>    The chat sequence string can also contain a '*' which matches any
>    sequence of characters. Double quotes can be used to collect strings
>    with spaces in them into a single string.
>    If the send string in any part of the chat sequence is a full stop
>    ".", then no string is sent. Similarly, if the expect string is a
>    full stop then no string is expected.
>    If the pam password change parameter is set to |yes|, the chat pairs
>    may be matched in any order, and success is determined by the PAM
>    result, not any particular output. The \n macro is ignored for PAM
>    conversions.
>    Default: //|passwd chat|/ = |*new*password* %n\n*new*password* %n\n
>    *changed*| /
>    Example: //|passwd chat|/ = |"*Enter OLD password*" %o\n "*Enter NEW
>    password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"| /
> Andrea Bencini wrote:
>> I would like to know about "passwd program" and "passwd chat" (I have 
>> already read man of smb.conf)
>> 1- What is their function
>> 2- When I should use them
>> Thanks
>> Andrea

More information about the samba mailing list