[Samba] Making Samba change the Unix Password (/etc/shadow)
Parag Kalra
paragkalra at gmail.com
Tue Feb 5 23:16:21 GMT 2008
Hello all,
I am getting confused?
Is it possible to reflect the changes made in /etc/passwd on
/etc/samba/smbpasswd or is it vice versa?
What exactly does " unix password sync = Yes " do ?
Also I found a work around from following URL:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id431902
I don't know where to place the following entry:
[#%PAM-1.0
# password-sync
#
auth requisite pam_nologin.so
auth required pam_unix.so
account required pam_unix.so
password requisite pam_cracklib.so retry=3
password requisite pam_unix.so shadow md5 use_authtok try_first_pass
password required pam_smbpass.so nullok use_authtok try_first_pass
session required pam_unix.so]
Do I need to need to create a new file "/etc/pam.d/"? If yes then by
what name and what all services do I need to run apart from smb?
Thanks and Regards,
Parag Kalra
On 2/5/08, Adam Williams <awilliam at mdah.state.ms.us> wrote:
> this is my passwd chat for RHEL:
>
> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>
>
> Parag Kalra wrote:
> > I am using RHEL 4 U5.
> >
> > The enteries under concern are:
> >
> > unix password sync = Yes
> >
> > passwd program = /usr/bin/passwd %u
> >
> > passwd chat = "*enter old password*" %o\\n "*Enter NEW password*" %n\\n
> > "*reenter New passwd*" %n\\n "*password changed*"
> >
> > username map = /etc/samba/smbusers
> >
> > Also to view the entire file please see the attachment.
> > --
> > Parag Kalra
> >
> > On Feb 5, 2008 5:37 AM, Rubin Bennett <rbennett at thatitguy.com> wrote:
> >
> >
> >> Ok, I assume that your system does have a pam auth subsystem?
> >>
> >> What distro are you on, and may we see your smb.conf (you can omit the
> >> share definitions)?
> >>
> >> Rubin
> >> On Tue, 2008-02-05 at 05:26 +0530, Parag Kalra wrote:
> >>
> >>> Yes I have restarted smb but still no fruits.
> >>>
> >>> Also placing "passwd chat debug = yes" didn't generate any log
> >>> in /var/log/samba/smd.log
> >>>
> >>> Could anyone please explain the following:
> >>>
> >>> [If you want to keep using passwd instead of PAM, could you write a
> >>> wrapper/replacement for passwd that logs everything that happens?]
> >>>
> >>> --
> >>> Parag Kalra
> >>>
> >>> On Feb 5, 2008 5:11 AM, Rubin Bennett <rbennett at thatitguy.com> wrote:
> >>> Did you restart samba (/etc/init.d/smb restart)?
> >>>
> >>> You need to at least do a reload (/etc/init.d/smb reload) for
> >>> config
> >>> file changes to be read.
> >>>
> >>> Rubin
> >>>
> >>>
> >>> On Tue, 2008-02-05 at 08:09 +0900, Michael Heydon wrote:
> >>> > Parag Kalra wrote:
> >>> > > Hi Rubin,
> >>> > >
> >>> > > I made the changes suggested by you but still its not
> >>> working.
> >>> > >
> >>> > > --
> >>> > > Parag Kalra
> >>> > >
> >>> > > On Feb 5, 2008 3:29 AM, Rubin Bennett
> >>> <rbennett at thatitguy.com> wrote:
> >>> > >
> >>> > >
> >>> > >> On Tue, 2008-02-05 at 02:26 +0530, Parag Kalra wrote:
> >>> > >>
> >>> > >>> Hello all,
> >>> > >>>
> >>> > >>> I am trying to change the linux login password through
> >>> the smbpasswd
> >>> > >>> command by placing following parameters in smb.conf
> >>> file:
> >>> > >>>
> >>> > >>> unix password sync = Yes
> >>> > >>> passwd program = /usr/bin/passwd %u
> >>> > >>> passwd chat = "*enter old password*" %o\\n "*Enter NEW
> >>> password*"
> >>> > >>> %n\\n "*reenter New passwd*" %n\\n "*password changed*"
> >>> > >>>
> >>> > >>>
> >>> > >> testparm is your friend :) It should complain about the
> >>> passwd command,
> >>> > >> and for good reason; it shouldn't be there. Use:
> >>> > >> pam password change = yes
> >>> > >> instead, and get rid of the passwd program and passwd
> >>> chat lines.
> >>> > >>
> >>> > >>
> >>> > PAM is far from universal, there are plenty of OSes and
> >>> distros that do
> >>> > not include PAM. The man page doesn't say anything about
> >>> passwd program
> >>> > being depreciated, why would testparm complain about it?
> >>> >
> >>> > Are you getting anything in the logs when trying to reset
> >>> the password?
> >>> > Have you tried enabling passwd chat debug (you may have to
> >>> up your log
> >>> > level as well)? If you want to keep using passwd instead of
> >>> PAM, could
> >>> > you write a wrapper/replacement for passwd that logs
> >>> everything that
> >>> > happens?
> >>> > >> HTH,
> >>> > >> Rubin
> >>> > >>
> >>> > >>
> >>> > >
> >>> >
> >>> > *Michael Heydon - IT Administrator *
> >>> > michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
> >>>
> >>> --
> >>>
> >>> Rubin Bennett
> >>> RB Technologies
> >>> http://thatitguy.com
> >>> rbennett at thatitguy.com
> >>> (802)223-4448
> >>>
> >>> "They that can give up essential liberty to obtain a little
> >>> temporary security deserve neither liberty nor safety"
> >>> --Benjamin Franklin, Historical Review of Pennsylvania, 1759
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Love,
> >>> PARAG . A . KALRA
> >>>
> >>> Good judgment comes from experience, and experience comes from bad
> >>> judgment
> >>>
> >>> http://discoverlinux.blogspot.com
> >>> Debian Linux! A Dawn of New Era!
> >>>
> >> --
> >> Rubin Bennett
> >> RB Technologies
> >> http://thatitguy.com
> >> rbennett at thatitguy.com
> >> (802)223-4448
> >>
> >> "They that can give up essential liberty to obtain a little
> >> temporary security deserve neither liberty nor safety"
> >> --Benjamin Franklin, Historical Review of Pennsylvania, 1759
> >>
> >>
> >>
> >>
> >
> >
> >
>
--
Love,
PARAG . A . KALRA
Good judgment comes from experience, and experience comes from bad judgment
http://discoverlinux.blogspot.com
Debian Linux! A Dawn of New Era!
More information about the samba
mailing list