Thank you for the response. I was hoping to avoid the PDC path.
We're our samba file server is using ldap and it has all the
Account policies configured.
Is there any way possible to get the samba file server
To push out a message to the XP box stating that the password has expired
When the user goes to access a folder on the samba server? That is, without the
samba
Server configured for PDC?
An vica-versa, is there any way possible to send a password update message to
the
Samba server? That is, via some script that would push a user's old/new
password to the
Samba server that would cause smbpasswd to be invoked with this information?
There some be some low-level SMB message protocol that could be exploited to do
this task?
Thanks again
jay
-----Original Message-----
From: Gary Dale [mailto:garydale@torfree.net]
Sent: Sunday, May 07, 2006 9:43 AM
To: jayb
Cc: 'samba@lists.samba.org'
Subject: Re: [Samba] How to Change samba's PW from XP
It sounds like you have two domains. One way to handle this, since you
seem to be saying that your Samba server is really just a file server,
is to make it a member server in the Windows domain and get your
passwords from the Windows domain.
Or you can set up a domain trust between the two domains, so your Samba
domain trusts your Windows domain. In either of these cases, all your
user information is in the Windows domain only so there is no need to
push password information to your Samba server.
Or you could integrate your Samba LDAP with the Authentication Server's
(AS) LDAP. You'd need to add the fields from the Samba LDAP schema to
the AS LDAP schema and merge the data. Then point Samba to the AS LDAP
server. I believe this would make the Samba server a DC in the Windows
domain.
Finally, you could have two separate domains, which sounds like your
current case. In this case, when the user changes their password,
Windows allows them the select the domain they want to change their
password in. Select the Samba domain from the pulldown list (how to get
the second (Samba) domain on the list is Windows XP question :) ).
jayb wrote:
>Unfortuntely, the Samba LDAP is separate from our LDAP Authentication
>server. So, when the user changes his Windows password, it changes the
>Authentication server just fine.
>
>Then when the user accesses his Samba file server he gets prompted for
>Username / password where he has to enter in an old password until
>someone changes it to the new password on the samba server.
>
>If only there was some way for the XP box to tell the
>samba server to put up a "password change" dialog box. Or the push
>A password change to the samba server from within windows.
>
>Thanks
>jay
>
>
>
>
>-----Original Message-----
>From: Gary Dale [mailto:garydale@torfree.net]
>Sent: Sunday, May 07, 2006 1:28 AM
>To: jayb; samba@lists.samba.org
>Subject: Re: [Samba] How to Change samba's PW from XP
>
>
>jayb wrote:
>
>
>
>>I could really use a quick yes/no answer here. If answer yes a pointer
>>to a Howto.
>>
>>I have a samba based file server running in workgroup mode with
>>security = user
>>
>>XP User authentication is managed by a separate LDAP server.
>>
>>Is there a way from within XP such as command utility, anything, I
>>could use to update the samba server's password?
>>
>>RIght now, it a manual excerise to update the samba server password
>>everytime the user changes his/her password.
>>
>>I see this question asked a lot but I just can't seem to fine an
>>answer.
>>
>>When working as a PDC, what mechanism is used to update the user's
>>password then?
>>
>>
>>thanks
>>
>>jay
>>
>>
>>
>>
>You should be able to change the password as per normal Windows usage
>if
>Samba is using the LDAP server.
>
>Password setting seems to be a two-step process. Firstly, Samba updates
>its password then it uses a script to run the local passwd program to
>change the local Linux/Unix password. If either fails, the password is
>not updated (as far as I can tell).
>
>Samba uses "expect" to test the prompts from passwd to feed it the
>password and confirm completion.
>I ran into a problem with this when my smb.conf password script didn't
>match what my passwd program was sending out, preventing me from
>changing password from Windows. :)
>
>
>
>