RE: samba / UNIX password sync
- From: <A.Fadyushin@xxxxxxxxxxxx>
- Date: Wed, 30 Aug 2006 21:08:30 +0400
The best way to resolve your problem is to use the some external
authentication database (such as Windows domain controller) for both the
SAMBA logins and usual logins (instead of /etc/passwd) as recommended in
previous replies.
However, if you prefer use both /etc/passwd and smbpasswd on your
computer without use of domain controller/nss and need to keep them in
sync, I think that you should add a call to pam_pwdb in 'password'
section of samba PAM configuration file, so both pam_pwdb and
pam_smbpass will be called when the password is changed. So, your SAMBA
PAM configuration will end with something similar to (the option
'use_authtok' is used to get a password from previous PAM module, i.e.
pam_pwdb):
password requisite /lib/security/pam_pwdb.so shadow md5
password required /lib/security/pam_smbpass.so use_authtok nodelay
smbconf=/etc/samba/smb.conf
Alexey Fadyushin
Brainbench MVP for Linux
http://www.brainbench.com
-----Original Message-----setup,
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
bounces@xxxxxxxxxx] On Behalf Of Matthijs.Sneijders@xxxxxxxxxxxxxx
Sent: Wednesday, August 30, 2006 1:45 PM
To: General Red Hat Linux discussion list
Subject: Re: samba / UNIX password sync
you might want to consider a slightly different approach to your
windows
-use pam_smb to authenticate users on your linux system using the
user databaseYou
-use nss (/etc/nsswitch.conf) to get userinformation from files/nis)
still need the windows usernames available in passwd/nissamba
for information like homefolder/shell/uid/gid
in smb.conf use server or domain security. (domain is better but
must join the domain first)windows
this enables samba to authenticate incoming connections using the
user databasepassword
This way, all authentication is done using windows accounts, no
sync is needed anymore!to
Matthijs Sneijders
CORUS
Research,
Development
&
Technology
Building
3G16 room
3-312
P.O. Box
10.000
1970 CA
IJMUIDEN
phone +31 (0)251-496400
fax +31 (0)251-470064
mail matthijs.sneijders@xxxxxxxxxxxxxx
|---------+------------------------------>
| | "Vladimir Kosovac" |
| | <vkosovac@xxxxxxxxx|
| | > |
| | Sent by: |
| | redhat-list-bounces|
| | @redhat.com |
| | |
| | |
| | 30-08-2006 01:14 |
| | Please respond to |
| | General Red Hat |
| | Linux discussion |
| | list |
| | |
|---------+------------------------------>
-----------------------------------------------------------------------
--------------------------------------------|
|
|
| To: redhat-list@xxxxxxxxxx
|
| cc:
|
| Subject: samba / UNIX password sync
|
-----------------------------------------------------------------------
--------------------------------------------|
Hi all.
I am running very old version of samba (2.2.7) and cannot upgrade just
yet,
must make this work as it is (if possible).
After playing a bit with pam modules, I got first part of what I want
doneed
going - windows user is able to change domain password from windows.
However, this change never gets synced to Linux password, although (I
think)
configuration is OK. Can someone give me some pointers to what else I
to look at? Current relevant config is:some
Server: Red Hat 7.1 / samba-2.2.7-2.7.2 (compiled from RH source with
extra options, --with pam-smb_passwd included)
Client: Windows 2000 / some XP
#/etc/pam.d/samba
#%PAM-1.0
# The PAM configuration file for the `samba' service
#
auth required /lib/security/pam_smbpass.so nodelay
account required /lib/security/pam_pwdb.so audit nodelay
session required /lib/security/pam_pwdb.so nodelay
password required /lib/security/pam_smbpass.so nodelay
smbconf=/etc/samba/smb.conf
#/etc/samba/smb.conf
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
What am I missing? Help appreciated,
Vladimir
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
**********************************************************************
This transmission is confidential and must not be used or disclosed by
anyone other than the intended recipient. Neither Corus Group Plc nor
any of its subsidiaries can accept any responsibility for any use or
misuse of the transmission by anyone.
**********************************************************************
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- Follow-Ups:
- Re: samba / UNIX password sync
- From: Vladimir Kosovac
- Re: samba / UNIX password sync
- Prev by Date: Re: dos2unix : segmentation fault.
- Next by Date: RE: Permit root login for telnet..
- Previous by thread: Re: samba / UNIX password sync
- Next by thread: Re: samba / UNIX password sync
- Index(es):
Relevant Pages
|
|
