Hello, I would like to configure PAM to sync Unix passwords to Samba passwords. When I add a new Unix user or change an existing Unix user's password, I want the same password to be stored in /etc/smbpasswd. I'm trying to follow these instructions: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2606200 It sounds like this is what I want to do: "A sample PAM configuration that shows the use of pam_smbpass to make sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) is changed." I created the file /etc/pam.d/passwd-sync and pasted the following: #%PAM-1.0 # password-sync # auth requisite pam_nologin.so auth required pam_unix.so account required pam_unix.so password requisite pam_cracklib.so retry=3 password requisite pam_unix.so shadow md5 use_authtok try_first_pass password required pam_smbpass.so nullok use_authtok try_first_pass session required pam_unix.s Then I rebooted and changed my Unix password using "passwd", but that didn't change my smbpassd. I checked to make sure I have all of the needed PAM modules, but other than that I don't know what to look for. Am I missing something? Any ideas? Thanks in advance. Charles
tor, 07.04.2005 kl. 19.35 skrev Charles> I would like to configure PAM to sync Unix passwords to Samba passwords. > When I add a new Unix user or change an existing Unix user's password, > I want the same password to be stored in /etc/smbpasswd. > > I'm trying to follow these instructions: > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2606200 > > It sounds like this is what I want to do: > "A sample PAM configuration that shows the use of pam_smbpass to make > sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) is > changed."[...]> Then I rebooted and changed my Unix password using "passwd", but that > didn't change my smbpassd. I checked to make sure I have all of the > needed PAM modules, but other than that I don't know what to look for. > Am I missing something? Any ideas?This doesn't work for me either. Red Hat RHAS3, so I change things in system-auth, not passwd. However, quick and dirty solution: 'mv /usr/bin/passwd /usr/bin/passwd.orig', 'ln -s /usr/bin/smbpasswd /usr/bin/passwd'. That works for me and even updates my LDAP database, as passwd does. Every user that uses it *must* already be a Samba user, though - in LDAP that means that he has to have a sambaSamAccount objectClass attribute before it will work. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: tonye@billy.demon.nl http://www.billy.demon.nl They love us, don't they, They feed us, won't they ...
Hi, I used this module sucessfully, but in the auth part, not passwd. That way the Samba password is set on each login. I noticed however, that it is set only if there is no existing password. The source shows that this is intended, but can be easily amended with your favourite C compiler ... Apparantly the pam_smbpasswd module is primarily intended for migration scenarios where people want to move from unix passwords to Samba passwords. In general, if all your unix users hava a Samba password, there is no reason to keep both passwords anyway, just use the Samba password also for Unix access, e.g. with pam_smb Regards, Schlomo On Thu, 7 Apr 2005, Charles McLaughlin wrote:> Hello, > > I would like to configure PAM to sync Unix passwords to Samba passwords. When > I add a new Unix user or change an existing Unix user's password, I want the > same password to be stored in /etc/smbpasswd. > > I'm trying to follow these instructions: > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html#id2606200 > > It sounds like this is what I want to do: > "A sample PAM configuration that shows the use of pam_smbpass to make sure > private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) is changed." > > I created the file /etc/pam.d/passwd-sync and pasted the following: > > # %PAM-1.0 > # password-sync > # > auth requisite pam_nologin.so > auth required pam_unix.so > account required pam_unix.so > password requisite pam_cracklib.so retry=3 > password requisite pam_unix.so shadow md5 use_authtok try_first_pass > password required pam_smbpass.so nullok use_authtok try_first_pass > session required pam_unix.s > > > Then I rebooted and changed my Unix password using "passwd", but that didn't > change my smbpassd. I checked to make sure I have all of the needed PAM > modules, but other than that I don't know what to look for. Am I missing > something? Any ideas? > > Thanks in advance. > > Charles > >-- Regards, Schlomo
On Sun, 2005-04-10 at 00:14 +0200, Schlomo Schapiro wrote:> Hi, > > I used this module sucessfully, but in the auth part, not passwd. That way > the Samba password is set on each login. > > I noticed however, that it is set only if there is no existing password. > The source shows that this is intended, but can be easily amended with > your favourite C compiler ... > > Apparantly the pam_smbpasswd module is primarily intended for migration > scenarios where people want to move from unix passwords to Samba > passwords. In general, if all your unix users hava a Samba password, there > is no reason to keep both passwords anyway, just use the Samba password > also for Unix access, e.g. with pam_smbI strongly recommend against use of pam_smb. Where you need to authenticate against a Samba password database, look into pam_winbindd, or things like the modification to Heimdal described here: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap This last option allows you to then use a very standard pam_krb5 on your unix workstations. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050410/60c367c1/attachment.bin