[Samba] looking for a pam_smbpass user to answer passwd sync issues

Deas, Jim James.Deas at warnerbros.com
Thu Jan 10 17:39:22 GMT 2008

I need to let my users change their password using PAM to preserve the
existing ldap authentication system. How can I force pam to sync the smb
password to the unix one.

I am running Fedora 7 package on an x86-64 system. I have smb working
via ldap and sambasam.schema (v3.0.24) I have unix password sync = yes
but it should not come into play as I never plan to reset passwords via


 In '/etc/pam.d/system-auth' I was trying to use pam_smbpass.so

The original pam script for password had


password          sufficient           pam_ldap.so use_authtok


I changed it to:


password          requisite            pam_ldap.so use_authtok

password         required            pam_smbpass.so use_authtok



The problem is I get a token manipulation error. Am I using it wrong?


What would be even better is if someone knows how to do this directly in
Fedora DS so all avenues of changing the password would change both.
Apparently smbpasswd depends on smbd running so that is not an option. I
don't know if pdbedit could do it or be launched as a script directly
from the directory server.


More information about the samba mailing list