[Samba] Fw: Convert Unix users to Samba users

Andrew Bartlett abartlet at samba.org
Tue Jan 17 20:57:46 MST 2012


On Thu, 2011-12-29 at 12:28 -0500, Ryan Novosielski wrote:
> We used the pam_smbpasswd module, which does not work for either TDBSAM
> or LDAPSAM I don't think. 

pam_smbpass should, it just runs our passdb modules like any other part
of Samba.

> It's OK if you want to maintain an smbpasswd
> file, but I think you really don't for more than X number of users and
> I'm not sure how well it works with Active Directory (this was back
> before AD was big that we were using Samba).

pam_smbpass isn't a way to connect with AD, use pam_winbindd against the
AD domain in this case. 

> The way that that worked was to take advantage of other password
> manipulation people had done (eg. authenticate successfully using
> anything) and that that time the PAM module would get the unencrypted
> password and write it using the proper hash for the new Samba auth
> method. That is a pretty slick idea and if it does not exist for LDAP or
> TDBSAM, I do wonder why not.

This migration should still be avilable, but the slow process of waiting
for correct passwords may or may not work in your environment.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba mailing list