Thanks Alexey. Will give this a go. On 8/31/06, A.Fadyushin@xxxxxxxxxxxx <A.Fadyushin@xxxxxxxxxxxx> wrote:
The best way to resolve your problem is to use the some external authentication database (such as Windows domain controller) for both the SAMBA logins and usual logins (instead of /etc/passwd) as recommended in previous replies. However, if you prefer use both /etc/passwd and smbpasswd on your computer without use of domain controller/nss and need to keep them in sync, I think that you should add a call to pam_pwdb in 'password' section of samba PAM configuration file, so both pam_pwdb and pam_smbpass will be called when the password is changed. So, your SAMBA PAM configuration will end with something similar to (the option 'use_authtok' is used to get a password from previous PAM module, i.e. pam_pwdb): password requisite /lib/security/pam_pwdb.so shadow md5 password required /lib/security/pam_smbpass.so use_authtok nodelay smbconf=/etc/samba/smb.conf Alexey Fadyushin Brainbench MVP for Linux http://www.brainbench.com > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Matthijs.Sneijders@xxxxxxxxxxxxxx > Sent: Wednesday, August 30, 2006 1:45 PM > To: General Red Hat Linux discussion list > Subject: Re: samba / UNIX password sync > > you might want to consider a slightly different approach to your setup, > > -use pam_smb to authenticate users on your linux system using the windows > user database > -use nss (/etc/nsswitch.conf) to get userinformation from files/nis) You > still need the windows usernames available in passwd/nis > for information like homefolder/shell/uid/gid > > in smb.conf use server or domain security. (domain is better but samba > must join the domain first) > this enables samba to authenticate incoming connections using the windows > user database > > This way, all authentication is done using windows accounts, no password > sync is needed anymore! > > > > Matthijs Sneijders > > > > > CORUS > Research, > Development > & > Technology > > Building > 3G16 room > 3-312 > > P.O. Box > 10.000 > > 1970 CA > IJMUIDEN > > phone +31 (0)251-496400 > > fax +31 (0)251-470064 > > mail matthijs.sneijders@xxxxxxxxxxxxxx > > > > > > > |---------+------------------------------> > | | "Vladimir Kosovac" | > | | <vkosovac@xxxxxxxxx| > | | > | > | | Sent by: | > | | redhat-list-bounces| > | | @redhat.com | > | | | > | | | > | | 30-08-2006 01:14 | > | | Please respond to | > | | General Red Hat | > | | Linux discussion | > | | list | > | | | > |---------+------------------------------> > >----------------------------------------------------------------------- > --------------------------------------------| > | > | > | To: redhat-list@xxxxxxxxxx > | > | cc: > | > | Subject: samba / UNIX password sync > | > >----------------------------------------------------------------------- > --------------------------------------------| > > > > > Hi all. > > I am running very old version of samba (2.2.7) and cannot upgrade just > yet, > must make this work as it is (if possible). > > After playing a bit with pam modules, I got first part of what I want to > do > going - windows user is able to change domain password from windows. > However, this change never gets synced to Linux password, although (I > think) > configuration is OK. Can someone give me some pointers to what else I need > to look at? Current relevant config is: > > Server: Red Hat 7.1 / samba-2.2.7-2.7.2 (compiled from RH source with some > extra options, --with pam-smb_passwd included) > Client: Windows 2000 / some XP > > #/etc/pam.d/samba > #%PAM-1.0 > # The PAM configuration file for the `samba' service > # > auth required /lib/security/pam_smbpass.so nodelay > account required /lib/security/pam_pwdb.so audit nodelay > session required /lib/security/pam_pwdb.so nodelay > password required /lib/security/pam_smbpass.so nodelay > smbconf=/etc/samba/smb.conf > > #/etc/samba/smb.conf > security = user > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > unix password sync = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > pam password change = yes > obey pam restrictions = yes > > What am I missing? Help appreciated, > > Vladimir > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > > ********************************************************************** > This transmission is confidential and must not be used or disclosed by > anyone other than the intended recipient. Neither Corus Group Plc nor > any of its subsidiaries can accept any responsibility for any use or > misuse of the transmission by anyone. > ********************************************************************** > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
