samba - Oct 2008 - Manage password change without windows...

[I'm subscribed, but with mail deliverying turned off. I will read the
thread on web archive, but please CC me... i'm subscribed to the italian
samba list, but there's no answer there...]

I manage some samba domain (samba3 as in debian stable), using LDAP as
backend and smbldap-tools.
The domains born as windows-only, and they are still windows-prevalent,
but i'm inserting here and there some Linux box (Ubuntu), using
LDAP (pam and NSS) for account and password on linux systems.

All the password management are done by 'windows', and i've done a
little script (mimic around the smbldap-tools) that simply read the
expiration data in windows LDAP field and (adapt and) copy them over
the POSIX ones.
So there's no trouble for me to 'expire' a password for the Ubuntu
client, and the client correctly behave on that, prevent users to logon
if password was expired or warn them if only some days misses.


But, as i sayed, now i've some users that are substantially Linux-only
users, and now i need to ask them to make a logon on a windows box to
change their password. ;(


Basically i'm looking for a tool that will permit to users to change
their password using standard tool from an Ubuntu box, updating POSIX
and samba data in LDAP.

1) i've looked at pam_smbpasswd, that in PAM 'password' context
seems
 to do exactly what i need, but seems also that works only for the old
/etc/samba/smbpasswd file and not for pdb (nor LDAP)

2) i've looked also to a web interface (LAM), but this feature was
 available only in 'pro' commercial version.


Someone can point me to the right tool/solution?


Thanks.

-- 
dott. Marco Gaiarin				    GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''               
http://www.sv.lnf.it/
  Polo FVG  -  Via della Bont?, 7 - 33078  -  San Vito al Tagliamento (PN)
  marco.gaiarin(at)sv.lnf.it	  tel +39-0434-842711  fax +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
	   http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

I dont know how but perhaps you can use pam_ldap module

see http://www.padl.com/OSS/pam_ldap.html




Marco Gaiarin ha scritto:
> [I'm subscribed, but with mail deliverying turned off. I will read the
> thread on web archive, but please CC me... i'm subscribed to the
italian
> samba list, but there's no answer there...]
>
> I manage some samba domain (samba3 as in debian stable), using LDAP as
> backend and smbldap-tools.
> The domains born as windows-only, and they are still windows-prevalent,
> but i'm inserting here and there some Linux box (Ubuntu), using
> LDAP (pam and NSS) for account and password on linux systems.
>
> All the password management are done by 'windows', and i've
done a
> little script (mimic around the smbldap-tools) that simply read the
> expiration data in windows LDAP field and (adapt and) copy them over
> the POSIX ones.
> So there's no trouble for me to 'expire' a password for the
Ubuntu
> client, and the client correctly behave on that, prevent users to logon
> if password was expired or warn them if only some days misses.
>
>
> But, as i sayed, now i've some users that are substantially Linux-only
> users, and now i need to ask them to make a logon on a windows box to
> change their password. ;(
>
>
> Basically i'm looking for a tool that will permit to users to change
> their password using standard tool from an Ubuntu box, updating POSIX
> and samba data in LDAP.
>
> 1) i've looked at pam_smbpasswd, that in PAM 'password' context
seems
>  to do exactly what i need, but seems also that works only for the old
> /etc/samba/smbpasswd file and not for pdb (nor LDAP)
>
> 2) i've looked also to a web interface (LAM), but this feature was
>  available only in 'pro' commercial version.
>
>
> Someone can point me to the right tool/solution?
>
>
> Thanks.
>
>

If you are using OpenLDAP, you should try that:

http://www.openldap.org/doc/admin24/appendix-contrib.html#smbk5pwd

I've not tested it but it should work (i guess you also need pam_ldap).

2008/10/16 Marco Gaiarin <gaio@sv.lnf.it>:
>
> [I'm subscribed, but with mail deliverying turned off. I will read the
> thread on web archive, but please CC me... i'm subscribed to the
italian
> samba list, but there's no answer there...]
>
> I manage some samba domain (samba3 as in debian stable), using LDAP as
> backend and smbldap-tools.
> The domains born as windows-only, and they are still windows-prevalent,
> but i'm inserting here and there some Linux box (Ubuntu), using
> LDAP (pam and NSS) for account and password on linux systems.
>
> All the password management are done by 'windows', and i've
done a
> little script (mimic around the smbldap-tools) that simply read the
> expiration data in windows LDAP field and (adapt and) copy them over
> the POSIX ones.
> So there's no trouble for me to 'expire' a password for the
Ubuntu
> client, and the client correctly behave on that, prevent users to logon
> if password was expired or warn them if only some days misses.
>
>
> But, as i sayed, now i've some users that are substantially Linux-only
> users, and now i need to ask them to make a logon on a windows box to
> change their password. ;(
>
>
> Basically i'm looking for a tool that will permit to users to change
> their password using standard tool from an Ubuntu box, updating POSIX
> and samba data in LDAP.
>
> 1) i've looked at pam_smbpasswd, that in PAM 'password' context
seems
>  to do exactly what i need, but seems also that works only for the old
> /etc/samba/smbpasswd file and not for pdb (nor LDAP)
>
> 2) i've looked also to a web interface (LAM), but this feature was
>  available only in 'pro' commercial version.
>
>
> Someone can point me to the right tool/solution?
>
>
> Thanks.
>
> --
> dott. Marco Gaiarin                                 GNUPG Key ID: 240A3D66
>  Associazione ``La Nostra Famiglia''               
http://www.sv.lnf.it/
>  Polo FVG  -  Via della Bont?, 7 - 33078  -  San Vito al Tagliamento (PN)
>  marco.gaiarin(at)sv.lnf.it      tel +39-0434-842711  fax +39-0434-842797
>
>                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>           http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
>        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>