[Samba] Re: Sync passwords unix/smb with FDS backend?

Scott Lovenberg scott.lovenberg at gmail.com
Wed Jan 9 20:43:24 GMT 2008

Ryan Novosielski wrote:
> Hash: SHA1
> Denis Cardon wrote:
>> Hi Jim,
>>> Using simple authentication I have been able to tie FDS to Samba 3.x.24.
>>> Knowing that the unix passwd and smb passwd are different, dare I ask
>>> how difficult it would be to have them sync? Most of my users are using
>>> netatalk w/ posix user info and MD5 password. I would like to swing this
>>> over to samba without the worries of two passwords per user. I have seen
>>> blips on this but not directly related to FDS
>> if you store both your samba and your unix password in the ldap, you can
>> get them in sync by updating both of them when one change its password.
>> You'll need to update the smb.conf file to take that into account for
>> the windows part, and update your other password changing apps accordingly.
>> If what you want is in fact getting a NTLM hash from the existing md5
>> hash, I'm afraid it won't be possible. Users will have to change their
>> password once to update both ntlm and md5 password hash.
> Not entirely true, or at least it wasn't last time I tried this. For me,
> I used a method that included a PAM module that, on successful auth
> (actually, for HP-UX, any auth, which was unfortunate, since they have
> no 'requisite' directive in PAM), populated the smbpasswd file.
> I don't know what FDS is, but it seems to me you could go this route and
> then convert the smbpasswd file to whatever you wanted via pdbedit.
> =R
> - --
>  ---- _  _ _  _ ___  _  _  _
>  |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
>  |$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
>  \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> iD8DBQFHhStZmb+gadEcsb4RAoxpAJ4ueyjIEKhv+mBdSN+qjVuN4niWfQCgi1NS
> 4K1ZQsfiaFFzoXdqAcFV0xg=
> =l57P

Scratch my last message about FDS; I was thinking of Apache Directory 
Server.  FDS is pretty mature.  Sorry about that.

More information about the samba mailing list