samba - Oct 1999 - Changing Unix Login Passwords via samba according to the Passwords on the joined NT Domain?

Hi everyone,

we are working in an big NT environment and now have a new Unix-area.
What i want to do, is to change the unix login passwords according to changes in
the NT system.
The aim is, to simplify the password system, so that the users only have ONE
password for everyting.
Independend where they change it or on what system they are working on.

I have successfully connected the samba (2.0.3, newest aix version avail.) on
the unix server (aix 6000) to the NT domain.
All the shares on the unix system can be browsed and viewed from NT according to
the passwords set up in the NT domain.
It also works to access the shares from a 2nd unix system, where also samba is
installed (samba 2.0.3 on hp-ux 9000)

The unix system (1 server, 2 clients) shares the passwords via the yp (yellow
pages) deamon from the server to the clients.

I want the samba now to do this.
To change the unix passwords on the server according to the passwords on the NT
domain, when a user exists on both systems.
This is at the moment only intended to be a one way change (if NT changes, unix
should change to but if unix changes the nt should stay the same and leave the
the unix passwords untouched or override them to the old status. Both would be
ok.)
If there is the possibility to do it in both ways, tell me anyway, it would be
even better :-)

I tried it with password chat, but i deeply looked at the logfiles, but never
the password chat was logged, but also nothing changed.

So, would you please give me some hints how to set up the samba to get this
working?
Attached you find the smb.conf and infos about the password chat. Btw. we have
NO smbpasswd, we only look up the passwords in the NT domain.

Greetings from down under :-)

Regards
Bjoern-Erik Wenz

Engineering, Milton, AUTRA

Password chat (root)
-------------------------------
root@HOST /home/root > passwd user
Changing password for "user"
user's New password: ***
Enter the new password again: ***
root@HOST /home/root >

Password chat (user)
-------------------------------
user-HOST:/home/user> passwd
Changing password for "user"
user's Old password: ###
user's New password: ***
Re-enter user's new password: ***
user-HOST:/home/user>

smb.conf
-------------------------------
# Samba config file created using SWAT
# from HOST (10.20.30.123)
# Date: 1999/10/20 11:57:03

# Global parameters
     workgroup = DOM
     server string = Samba (%v) on CAD-Server: %h
     security = DOMAIN
     encrypt passwords = Yes
     update encrypted = Yes
     map to guest = Bad User
     password server = PDC1 BC1 BC2
     passwd program = /usr/bin/passwd
     passwd chat = *ld*password* %o\n *ew*password* %n\n *new*password* %n\n
*>*
     passwd chat debug = Yes
     unix password sync = Yes
     log file = /var/samba/log/log.%m
     max log size = 50
     socket options = TCP_NODELAY
     dns proxy = No
     wins server = 10.20.30.40
     create mask = 0777
     directory mask = 0777

[CAD-Share]
     comment = UNIX to PC CAD-Sharing Directory
     path = /cad-share
     guest account = guest
     read only = No
     guest ok = Yes

[homes]
     comment = %U's HOME on %L
     path = /home/user/%u
     read only = No
     browseable = No

[My Cad Files]
     comment = My Cad files (%U) on %L
     path = /model/user/%u
     guest account      read only = No

In a message dated: Thu, 21 Oct 1999 12:30:08 +1000
bjoern.wenz@autrc.mail.abb.com said:
>
>
>Hi everyone,
>
>we are working in an big NT environment and now have a new Unix-area.
>What i want to do, is to change the unix login passwords according to
changes
>in the NT system. The aim is, to simplify the password system, so that the
> users only have ONE password for everyting.
What I  would recommend is to run NIS on the Unix side, and migrate all your 
users to Unix usernames/passwords.  That way, no matter where they change the 
password from, it changes in the same place for everything.  Setting up Samba 
to be a PDC, and running this on the same system as you NIS master will allow 
you to sync the password changing for both environments.

Another option would be to go to a web based password changing scheme where 
the user can change their password via a web page, and secure cgi scripts deal 
with changing the passwords in either the unix environment, the NT enviroment, 
or both.  This is a little less secure than the first method, but offers much 
more flexibility, since you can always add in options for other username/
password pairs (LDAP, Databases, etc.).
-- 

Seeya,
Paul
----
	    Depression is merely anger without enthusiasm.
     There cannot be a crisis today; my schedule is already full.
  A conclusion is simply the place where you got tired of thinking.
	 If you're not having fun, you're not doing it right!

Hi

Re to mail of Paul. L. Lussier <plussier@ne.arris-i.com>

Thanks for your Ideas an in other environments i would use this way of doing it.

But fact is, that the unix area and the people woring on it are only a part of
the whole system, that is working for a long time, and also shared over many
different locations. SO the only way - if there is one - would be to get the
unix system to change then passwards according to NT.

The Webbased change sollution is also not possible, because there is no way to
enable web on the users clients.

If you have an idea, i would be pleased to hear it.

CU



Regards
Bjoern-Erik Wenz

Engineering, Milton, AUTRA