[Samba] Making Samba change the Unix Password (/etc/shadow)
Adam Williams
awilliam at mdah.state.ms.us
Wed Feb 6 15:10:52 GMT 2008
if you have
unix password sync = Yes
and your passwd program = and passwd chat = lines set correctly, in XP,
a user will hit ctrl alt del and click on change password, and put in
their old and new password, and then samba will write their new password
to /etc/samba/smbpasswd and then run the passwd program to change the
user's linux shell password. i don't think you'll need to do anything
special and pam for that. i didn't with out of the box fedora and
centos installations anyway.
Parag Kalra wrote:
> Hello all,
>
> I am getting confused?
>
> Is it possible to reflect the changes made in /etc/passwd on
> /etc/samba/smbpasswd or is it vice versa?
>
> What exactly does " unix password sync = Yes " do ?
>
> Also I found a work around from following URL:
> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id431902
>
> I don't know where to place the following entry:
>
> [#%PAM-1.0
> # password-sync
> #
> auth requisite pam_nologin.so
> auth required pam_unix.so
> account required pam_unix.so
> password requisite pam_cracklib.so retry=3
> password requisite pam_unix.so shadow md5 use_authtok try_first_pass
> password required pam_smbpass.so nullok use_authtok try_first_pass
> session required pam_unix.so]
>
> Do I need to need to create a new file "/etc/pam.d/"? If yes then by
> what name and what all services do I need to run apart from smb?
>
> Thanks and Regards,
> Parag Kalra
>
>
> On 2/5/08, Adam Williams <awilliam at mdah.state.ms.us> wrote:
>
>> this is my passwd chat for RHEL:
>>
>> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
>> *passwd:*all*authentication*tokens*updated*successfully*
>>
>>
>> Parag Kalra wrote:
>>
>>> I am using RHEL 4 U5.
>>>
>>> The enteries under concern are:
>>>
>>> unix password sync = Yes
>>>
>>> passwd program = /usr/bin/passwd %u
>>>
>>> passwd chat = "*enter old password*" %o\\n "*Enter NEW password*" %n\\n
>>> "*reenter New passwd*" %n\\n "*password changed*"
>>>
>>> username map = /etc/samba/smbusers
>>>
>>> Also to view the entire file please see the attachment.
>>> --
>>> Parag Kalra
>>>
>>> On Feb 5, 2008 5:37 AM, Rubin Bennett <rbennett at thatitguy.com> wrote:
>>>
>>>
>>>
>>>> Ok, I assume that your system does have a pam auth subsystem?
>>>>
>>>> What distro are you on, and may we see your smb.conf (you can omit the
>>>> share definitions)?
>>>>
>>>> Rubin
>>>> On Tue, 2008-02-05 at 05:26 +0530, Parag Kalra wrote:
>>>>
>>>>
>>>>> Yes I have restarted smb but still no fruits.
>>>>>
>>>>> Also placing "passwd chat debug = yes" didn't generate any log
>>>>> in /var/log/samba/smd.log
>>>>>
>>>>> Could anyone please explain the following:
>>>>>
>>>>> [If you want to keep using passwd instead of PAM, could you write a
>>>>> wrapper/replacement for passwd that logs everything that happens?]
>>>>>
>>>>> --
>>>>> Parag Kalra
>>>>>
>>>>> On Feb 5, 2008 5:11 AM, Rubin Bennett <rbennett at thatitguy.com> wrote:
>>>>> Did you restart samba (/etc/init.d/smb restart)?
>>>>>
>>>>> You need to at least do a reload (/etc/init.d/smb reload) for
>>>>> config
>>>>> file changes to be read.
>>>>>
>>>>> Rubin
>>>>>
>>>>>
>>>>> On Tue, 2008-02-05 at 08:09 +0900, Michael Heydon wrote:
>>>>> > Parag Kalra wrote:
>>>>> > > Hi Rubin,
>>>>> > >
>>>>> > > I made the changes suggested by you but still its not
>>>>> working.
>>>>> > >
>>>>> > > --
>>>>> > > Parag Kalra
>>>>> > >
>>>>> > > On Feb 5, 2008 3:29 AM, Rubin Bennett
>>>>> <rbennett at thatitguy.com> wrote:
>>>>> > >
>>>>> > >
>>>>> > >> On Tue, 2008-02-05 at 02:26 +0530, Parag Kalra wrote:
>>>>> > >>
>>>>> > >>> Hello all,
>>>>> > >>>
>>>>> > >>> I am trying to change the linux login password through
>>>>> the smbpasswd
>>>>> > >>> command by placing following parameters in smb.conf
>>>>> file:
>>>>> > >>>
>>>>> > >>> unix password sync = Yes
>>>>> > >>> passwd program = /usr/bin/passwd %u
>>>>> > >>> passwd chat = "*enter old password*" %o\\n "*Enter NEW
>>>>> password*"
>>>>> > >>> %n\\n "*reenter New passwd*" %n\\n "*password changed*"
>>>>> > >>>
>>>>> > >>>
>>>>> > >> testparm is your friend :) It should complain about the
>>>>> passwd command,
>>>>> > >> and for good reason; it shouldn't be there. Use:
>>>>> > >> pam password change = yes
>>>>> > >> instead, and get rid of the passwd program and passwd
>>>>> chat lines.
>>>>> > >>
>>>>> > >>
>>>>> > PAM is far from universal, there are plenty of OSes and
>>>>> distros that do
>>>>> > not include PAM. The man page doesn't say anything about
>>>>> passwd program
>>>>> > being depreciated, why would testparm complain about it?
>>>>> >
>>>>> > Are you getting anything in the logs when trying to reset
>>>>> the password?
>>>>> > Have you tried enabling passwd chat debug (you may have to
>>>>> up your log
>>>>> > level as well)? If you want to keep using passwd instead of
>>>>> PAM, could
>>>>> > you write a wrapper/replacement for passwd that logs
>>>>> everything that
>>>>> > happens?
>>>>> > >> HTH,
>>>>> > >> Rubin
>>>>> > >>
>>>>> > >>
>>>>> > >
>>>>> >
>>>>> > *Michael Heydon - IT Administrator *
>>>>> > michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
>>>>>
>>>>> --
>>>>>
>>>>> Rubin Bennett
>>>>> RB Technologies
>>>>> http://thatitguy.com
>>>>> rbennett at thatitguy.com
>>>>> (802)223-4448
>>>>>
>>>>> "They that can give up essential liberty to obtain a little
>>>>> temporary security deserve neither liberty nor safety"
>>>>> --Benjamin Franklin, Historical Review of Pennsylvania, 1759
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Love,
>>>>> PARAG . A . KALRA
>>>>>
>>>>> Good judgment comes from experience, and experience comes from bad
>>>>> judgment
>>>>>
>>>>> http://discoverlinux.blogspot.com
>>>>> Debian Linux! A Dawn of New Era!
>>>>>
>>>>>
>>>> --
>>>> Rubin Bennett
>>>> RB Technologies
>>>> http://thatitguy.com
>>>> rbennett at thatitguy.com
>>>> (802)223-4448
>>>>
>>>> "They that can give up essential liberty to obtain a little
>>>> temporary security deserve neither liberty nor safety"
>>>> --Benjamin Franklin, Historical Review of Pennsylvania, 1759
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>
>
>
More information about the samba
mailing list