[Samba] Re: Sync passwords unix/smb with FDS backend?
Scott Lovenberg
scott.lovenberg at gmail.com
Wed Jan 9 20:43:24 GMT 2008
Ryan Novosielski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Denis Cardon wrote:
>> Hi Jim,
>>> Using simple authentication I have been able to tie FDS to Samba 3.x.24.
>>> Knowing that the unix passwd and smb passwd are different, dare I ask
>>> how difficult it would be to have them sync? Most of my users are using
>>> netatalk w/ posix user info and MD5 password. I would like to swing this
>>> over to samba without the worries of two passwords per user. I have seen
>>> blips on this but not directly related to FDS
>>>
>> if you store both your samba and your unix password in the ldap, you can
>> get them in sync by updating both of them when one change its password.
>> You'll need to update the smb.conf file to take that into account for
>> the windows part, and update your other password changing apps accordingly.
>>
>> If what you want is in fact getting a NTLM hash from the existing md5
>> hash, I'm afraid it won't be possible. Users will have to change their
>> password once to update both ntlm and md5 password hash.
>
> Not entirely true, or at least it wasn't last time I tried this. For me,
> I used a method that included a PAM module that, on successful auth
> (actually, for HP-UX, any auth, which was unfortunate, since they have
> no 'requisite' directive in PAM), populated the smbpasswd file.
>
> I don't know what FDS is, but it seems to me you could go this route and
> then convert the smbpasswd file to whatever you wanted via pdbedit.
>
> =R
>
> - --
> ---- _ _ _ _ ___ _ _ _
> |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II
> |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
> \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHhStZmb+gadEcsb4RAoxpAJ4ueyjIEKhv+mBdSN+qjVuN4niWfQCgi1NS
> 4K1ZQsfiaFFzoXdqAcFV0xg=
> =l57P
> -----END PGP SIGNATURE-----
>
Scratch my last message about FDS; I was thinking of Apache Directory
Server. FDS is pretty mature. Sorry about that.
More information about the samba
mailing list