Re: samba / UNIX password sync
- From: "Vladimir Kosovac" <vkosovac@xxxxxxxxx>
- Date: Thu, 31 Aug 2006 05:29:22 +1200
Thanks Alexey. Will give this a go.
On 8/31/06, A.Fadyushin@xxxxxxxxxxxx <A.Fadyushin@xxxxxxxxxxxx> wrote:
--
The best way to resolve your problem is to use the some external
authentication database (such as Windows domain controller) for both the
SAMBA logins and usual logins (instead of /etc/passwd) as recommended in
previous replies.
However, if you prefer use both /etc/passwd and smbpasswd on your
computer without use of domain controller/nss and need to keep them in
sync, I think that you should add a call to pam_pwdb in 'password'
section of samba PAM configuration file, so both pam_pwdb and
pam_smbpass will be called when the password is changed. So, your SAMBA
PAM configuration will end with something similar to (the option
'use_authtok' is used to get a password from previous PAM module, i.e.
pam_pwdb):
password requisite /lib/security/pam_pwdb.so shadow md5
password required /lib/security/pam_smbpass.so use_authtok nodelay
smbconf=/etc/samba/smb.conf
Alexey Fadyushin
Brainbench MVP for Linux
http://www.brainbench.com
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Matthijs.Sneijders@xxxxxxxxxxxxxx
> Sent: Wednesday, August 30, 2006 1:45 PM
> To: General Red Hat Linux discussion list
> Subject: Re: samba / UNIX password sync
>
> you might want to consider a slightly different approach to your
setup,
>
> -use pam_smb to authenticate users on your linux system using the
windows
> user database
> -use nss (/etc/nsswitch.conf) to get userinformation from files/nis)
You
> still need the windows usernames available in passwd/nis
> for information like homefolder/shell/uid/gid
>
> in smb.conf use server or domain security. (domain is better but
samba
> must join the domain first)
> this enables samba to authenticate incoming connections using the
windows
> user database
>
> This way, all authentication is done using windows accounts, no
password
> sync is needed anymore!
>
>
>
> Matthijs Sneijders
>
>
>
>
> CORUS
> Research,
> Development
> &
> Technology
>
> Building
> 3G16 room
> 3-312
>
> P.O. Box
> 10.000
>
> 1970 CA
> IJMUIDEN
>
> phone +31 (0)251-496400
>
> fax +31 (0)251-470064
>
> mail matthijs.sneijders@xxxxxxxxxxxxxx
>
>
>
>
>
>
> |---------+------------------------------>
> | | "Vladimir Kosovac" |
> | | <vkosovac@xxxxxxxxx|
> | | > |
> | | Sent by: |
> | | redhat-list-bounces|
> | | @redhat.com |
> | | |
> | | |
> | | 30-08-2006 01:14 |
> | | Please respond to |
> | | General Red Hat |
> | | Linux discussion |
> | | list |
> | | |
> |---------+------------------------------>
>
>-----------------------------------------------------------------------
> --------------------------------------------|
> |
> |
> | To: redhat-list@xxxxxxxxxx
> |
> | cc:
> |
> | Subject: samba / UNIX password sync
> |
>
>-----------------------------------------------------------------------
> --------------------------------------------|
>
>
>
>
> Hi all.
>
> I am running very old version of samba (2.2.7) and cannot upgrade just
> yet,
> must make this work as it is (if possible).
>
> After playing a bit with pam modules, I got first part of what I want
to
> do
> going - windows user is able to change domain password from windows.
> However, this change never gets synced to Linux password, although (I
> think)
> configuration is OK. Can someone give me some pointers to what else I
need
> to look at? Current relevant config is:
>
> Server: Red Hat 7.1 / samba-2.2.7-2.7.2 (compiled from RH source with
some
> extra options, --with pam-smb_passwd included)
> Client: Windows 2000 / some XP
>
> #/etc/pam.d/samba
> #%PAM-1.0
> # The PAM configuration file for the `samba' service
> #
> auth required /lib/security/pam_smbpass.so nodelay
> account required /lib/security/pam_pwdb.so audit nodelay
> session required /lib/security/pam_pwdb.so nodelay
> password required /lib/security/pam_smbpass.so nodelay
> smbconf=/etc/samba/smb.conf
>
> #/etc/samba/smb.conf
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> pam password change = yes
> obey pam restrictions = yes
>
> What am I missing? Help appreciated,
>
> Vladimir
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> **********************************************************************
> This transmission is confidential and must not be used or disclosed by
> anyone other than the intended recipient. Neither Corus Group Plc nor
> any of its subsidiaries can accept any responsibility for any use or
> misuse of the transmission by anyone.
> **********************************************************************
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- References:
- RE: samba / UNIX password sync
- From: A.Fadyushin
- RE: samba / UNIX password sync
- Prev by Date: Re: logrotate.conf and wildcards
- Next by Date: RE: Permit root login for telnet..
- Previous by thread: RE: samba / UNIX password sync
- Next by thread: NFSv4 idmapd memory consumption problem
- Index(es):
Relevant Pages
|
