andrea.bencini at tin.it
Wed Jan 2 15:20:44 GMT 2008
> As already said, the man page are very clear. The password program is
> the program used to change UNIX passwords. And UNIX passwords are not,
> lets say, "samba passwords".
> Samba maintains its hashes by its own (that only it uses), but the UNIX
> part is configurable.
> These options are used if you enable back the unix password sync. Theres
> some other options used with LDAP too.
> What you will notice if you not sync the UNIX part, is that these
> accounts would not be able to be used with the same password by other
> services (that don't use the samba NT and LM hashes to authenticate),
> you will not be able to log in a shell, for example.
> The password chat is the configuration used to know when to feed or to
> consider the output a response to the password program, as password
> programs doesn't accept passwords in their command line for security
> reasons. It works like a program called expect that is used for the same
> purpose in automated configurations.
> Use these options together if you plan to sync the UNIX part of the set
> of passwords with the samba part and you are not using LDAP.
> Edmundo Valle Neto
More information about the samba