[Samba] Fw: Convert Unix users to Samba users

Andrew Bartlett abartlet at samba.org
Tue Jan 17 20:57:46 MST 2012

On Thu, 2011-12-29 at 12:28 -0500, Ryan Novosielski wrote:
> We used the pam_smbpasswd module, which does not work for either TDBSAM
> or LDAPSAM I don't think. 

pam_smbpass should, it just runs our passdb modules like any other part
of Samba.

> It's OK if you want to maintain an smbpasswd
> file, but I think you really don't for more than X number of users and
> I'm not sure how well it works with Active Directory (this was back
> before AD was big that we were using Samba).

pam_smbpass isn't a way to connect with AD, use pam_winbindd against the
AD domain in this case. 

> The way that that worked was to take advantage of other password
> manipulation people had done (eg. authenticate successfully using
> anything) and that that time the PAM module would get the unencrypted
> password and write it using the proper hash for the new Samba auth
> method. That is a pretty slick idea and if it does not exist for LDAP or
> TDBSAM, I do wonder why not.

This migration should still be avilable, but the slow process of waiting
for correct passwords may or may not work in your environment.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list