RE: samba / UNIX password sync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The best way to resolve your problem is to use the some external
authentication database (such as Windows domain controller) for both the
SAMBA logins and usual logins (instead of /etc/passwd) as recommended in
previous replies.

However, if you prefer use both /etc/passwd and smbpasswd on your
computer without use of domain controller/nss and need to keep them in
sync, I think that you should add a call to pam_pwdb in 'password'
section of samba PAM configuration file, so both pam_pwdb and
pam_smbpass will be called when the password is changed. So, your SAMBA
PAM configuration will end with something similar to (the option
'use_authtok' is used to get a password from previous PAM module, i.e.
pam_pwdb):

password   requisite    /lib/security/pam_pwdb.so shadow md5
password   required     /lib/security/pam_smbpass.so use_authtok nodelay
smbconf=/etc/samba/smb.conf

Alexey Fadyushin
Brainbench MVP for Linux
http://www.brainbench.com


> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Matthijs.Sneijders@xxxxxxxxxxxxxx
> Sent: Wednesday, August 30, 2006 1:45 PM
> To: General Red Hat Linux discussion list
> Subject: Re: samba / UNIX password sync
> 
> you might want to consider a slightly different approach to your
setup,
> 
> -use pam_smb to authenticate users on your linux system using the
windows
> user database
> -use nss  (/etc/nsswitch.conf)  to get userinformation from files/nis)
You
> still need the windows usernames available in passwd/nis
>       for information like homefolder/shell/uid/gid
> 
> in smb.conf use server or domain security.  (domain is better but
samba
> must join the domain first)
> this enables samba to authenticate incoming connections using the
windows
> user database
> 
> This way, all authentication is done using windows accounts,  no
password
> sync is needed anymore!
> 
> 
> 
>  Matthijs Sneijders
> 
> 
> 
> 
>      CORUS
>      Research,
>      Development
>      &
>      Technology
> 
>      Building
>      3G16 room
>      3-312
> 
>      P.O. Box
>      10.000
> 
>      1970 CA
>      IJMUIDEN
> 
>      phone       +31 (0)251-496400
> 
>      fax         +31 (0)251-470064
> 
>      mail        matthijs.sneijders@xxxxxxxxxxxxxx
> 
> 
> 
> 
> 
> 
> |---------+------------------------------>
> |         |           "Vladimir Kosovac" |
> |         |           <vkosovac@xxxxxxxxx|
> |         |           >                  |
> |         |           Sent by:           |
> |         |           redhat-list-bounces|
> |         |           @redhat.com        |
> |         |                              |
> |         |                              |
> |         |           30-08-2006 01:14   |
> |         |           Please respond to  |
> |         |           General Red Hat    |
> |         |           Linux discussion   |
> |         |           list               |
> |         |                              |
> |---------+------------------------------>
>
>-----------------------------------------------------------------------
> --------------------------------------------|
>   |
> |
>   |       To:       redhat-list@xxxxxxxxxx
> |
>   |       cc:
> |
>   |       Subject:  samba / UNIX password sync
> |
>
>-----------------------------------------------------------------------
> --------------------------------------------|
> 
> 
> 
> 
> Hi all.
> 
> I am running very old version of samba (2.2.7) and cannot upgrade just
> yet,
> must make this work as it is (if possible).
> 
> After playing a bit with pam modules, I got first part of what I want
to
> do
> going - windows user is able to change domain password from windows.
> However, this change never gets synced to Linux password, although (I
> think)
> configuration is OK. Can someone give me some pointers to what else I
need
> to look at? Current relevant config is:
> 
> Server: Red Hat 7.1 / samba-2.2.7-2.7.2 (compiled from RH source with
some
> extra options, --with pam-smb_passwd included)
> Client: Windows 2000 / some XP
> 
> #/etc/pam.d/samba
> #%PAM-1.0
> # The PAM configuration file for the `samba' service
> #
> auth       required     /lib/security/pam_smbpass.so nodelay
> account    required     /lib/security/pam_pwdb.so audit nodelay
> session    required     /lib/security/pam_pwdb.so nodelay
> password   required     /lib/security/pam_smbpass.so nodelay
> smbconf=/etc/samba/smb.conf
> 
> #/etc/samba/smb.conf
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> pam password change = yes
> obey pam restrictions = yes
> 
> What am I missing? Help appreciated,
> 
> Vladimir
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> 
> 
> **********************************************************************
> This transmission is confidential and must not be used or disclosed by
> anyone other than the intended recipient. Neither Corus Group Plc nor
> any of its subsidiaries can accept any responsibility for any use or
> misuse of the transmission by anyone.
> **********************************************************************
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux