Is there a way to have the Samba password file sync up from the Linux (Red Hat 7) password file either automatically or in a batch process. We change user passwords every view months and it's a pain to have to change both files each time. Brad Bell Maharam
I am looking for a way to sync passwords in samba and linux. I know samba changes your unix password threw the password sync feature in samba but is there a way to change your samba password if a user changes their linux password automatically?
I have searched and searched but haven't found any responses on the the list for this problem. I am using Samba 2.2.8. I use Kerberos 5 with ldap for the system accounts. I am just learning about kerberos and ldap, so I am by no means any expert. I plan on trying to use the Samba with ldap HOWTO later on but I wanted to get the initial services working first. I have configured PAM so that when passwd is run, it successfully changes the kerberos password and the samba password at the same time. I noticed that it really doesn't care what the samba password is set to, it just overwrites anything that is already in the smbpasswd file. I also have successfully configured Samba to change the samba password from the windows client (using the change password feature in Ctrl-Alt-Del). The only way I could get the password change from the client to work was to set "unix password sync = no" but I would like the functionality of this, so that when a user changes their samba password from the client, it changes both of the passwords. Does anyone have an idea on how to fix this? Thanks, Doug
I just circumvented it all and made a cgi page that changes them both off...then I dont have to worry about the syncing> -----Original Message----- > From: Doug Curtis [mailto:doug.curtis@world-mail.org] > Sent: Wednesday, May 07, 2003 5:20 PM > To: samba@lists.samba.org > Subject: [Samba] Password syncing > > > I have searched and searched but haven't found any responses > on the the > list for this problem. > > I am using Samba 2.2.8. I use Kerberos 5 with ldap for the system > accounts. I am just learning about kerberos and ldap, so I > am by no means > any expert. I plan on trying to use the Samba with ldap > HOWTO later on but > I wanted to get the initial services working first. > > I have configured PAM so that when passwd is run, it > successfully changes > the kerberos password and the samba password at the same > time. I noticed > that it really doesn't care what the samba password is set > to, it just > overwrites anything that is already in the smbpasswd file. > > I also have successfully configured Samba to change the samba > password from > the windows client (using the change password feature in > Ctrl-Alt-Del). The only way I could get the password change from the > client to work was to set "unix password sync = no" but I > would like the > functionality of this, so that when a user changes their > samba password > from the client, it changes both of the passwords. > > Does anyone have an idea on how to fix this? > > Thanks, > > Doug > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
hi doug,> I also have successfully configured Samba to change the samba password > from the windows client (using the change password feature in > Ctrl-Alt-Del). The only way I could get the password change from the > client to work was to set "unix password sync = no" but I would like > the functionality of this, so that when a user changes their samba > password from the client, it changes both of the passwords. > > Does anyone have an idea on how to fix this?maybe your passwordchat crashes! -> try to write a little shellscript that asks you for the password and writes this in a file. use this script as passwordprogramm and turn on sync. if passwordchange works now and in your file is the new pwd, you know definitively that the string you defined at passwordchat is not the same as the expected one of your passwordprogramm. suggestion 1: try to get your chat and pwdprogramm work together - look out: each character and also carriage return must be set suggestion 2: if your shellscript works use it ;-) let your script call the passwordprogramm!!! greetings thomas reisenbichler
> suggestion 2: > if your shellscript works use it ;-) > let your script call the passwordprogramm!!!Hi Doug, Indeed, I have done the same here - but used a expect script to get the syncing done between smbpass and our NIS/YPmaster server. passwd program = /samba_<hostname>/tools/changepasswd.exp %u passwd chat = *new* %n\n *OK* *OK* passwd chat debug = Yes unix password sync = Yes (Works with Ctrl-Alt-Del in XP too) Goodluck, Leroy
Ok, this has probably been asked 1000 times before but what is the variable to put in the password chat to send the old (or current) password? I thought it was %o but that just seems to pass "%o" to the passwd command instead of the actual password. Thanks, Doug At 09:17 AM 5/8/2003 +0200, NSC - NetworkServiceCenter wrote:>hi doug, > > > I also have successfully configured Samba to change the samba password > > from the windows client (using the change password feature in > > Ctrl-Alt-Del). The only way I could get the password change from the > > client to work was to set "unix password sync = no" but I would like > > the functionality of this, so that when a user changes their samba > > password from the client, it changes both of the passwords. > > > > Does anyone have an idea on how to fix this? > >maybe your passwordchat crashes! -> try to write a little shellscript that >asks you for the password and writes this in a file. use this script as >passwordprogramm and turn on sync. if passwordchange works now and in your >file is the new pwd, you know definitively that the string you defined at >passwordchat is not the same as the expected one of your passwordprogramm. > >suggestion 1: >try to get your chat and pwdprogramm work together - look out: each >character and also carriage return must be set > >suggestion 2: >if your shellscript works use it ;-) >let your script call the passwordprogramm!!! > > >greetings >thomas reisenbichler
After some googling: http://www.faqchest.com/linux/samba-l/smb-98/smb-9810/smb98101609_21391.html passwd program = /opt/samba/1.9.18p8/bin/smbpasswd passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed* So it's indeed %o ------------------------ Doug Curtis <doug.curtis@world-mail.org> wrote: ------------------------ The problem is my passwd (with Kerberos) asks for the current password>before entering the new one, even when run as root. > >Thanks, > >Doug > >At 02:11 PM 5/9/2003 +0200, kenneth.westelinck@pandora.be wrote: >> >From my smb.conf: >>passwd program = /usr/bin/passwd %u >>passwd chat = *Enter\snew\sUNIX\spassword:* %n\n >>*Retype\snew\sUNIX\spassword:* %n\n . >> >> >>------------------------ >> Doug Curtis wrote: >>------------------------ >>Ok, this has probably been asked 1000 times before but what is the variable >> >to put in the password chat to send the old (or current) password? I >> >thought it was %o but that just seems to pass "%o" to the passwd command >> >instead of the actual password. >> > >> >Thanks, >> > >> >Doug >> > >> >At 09:17 AM 5/8/2003 +0200, NSC - NetworkServiceCenter wrote: >> >>hi doug, >> >> >> >> > I also have successfully configured Samba to change the samba password >> >> > from the windows client (using the change password feature in >> >> > Ctrl-Alt-Del). The only way I could get the password change from the >> >> > client to work was to set "unix password sync = no" but I would like >> >> > the functionality of this, so that when a user changes their samba >> >> > password from the client, it changes both of the passwords. >> >> > >> >> > Does anyone have an idea on how to fix this? >> >> >> >>maybe your passwordchat crashes! -> try to write a little shellscript that >> >>asks you for the password and writes this in a file. use this script as >> >>passwordprogramm and turn on sync. if passwordchange works now and in your >> >>file is the new pwd, you know definitively that the string you defined at >> >>passwordchat is not the same as the expected one of your passwordprogramm. >> >> >> >>suggestion 1: >> >>try to get your chat and pwdprogramm work together - look out: each >> >>character and also carriage return must be set >> >> >> >>suggestion 2: >> >>if your shellscript works use it ;-) >> >>let your script call the passwordprogramm!!! >> >> >> >> >> >>greetings >> >>thomas reisenbichler >> > >> >-- >> >To unsubscribe from this list go to the following URL and read the >> >instructions: http://lists.samba.org/mailman/listinfo/samba
Ok, after I read the man page more carefully on smb.conf, I now know that I can't pass the old password plaintext to the server. So I guess %o only works when using non encrypted passwords? How about disabling the check for current password when root is resetting? Doug At 03:05 PM 5/9/2003 +0200, kenneth.westelinck@pandora.be wrote:>After some googling: >http://www.faqchest.com/linux/samba-l/smb-98/smb-9810/smb98101609_21391.html >passwd program = /opt/samba/1.9.18p8/bin/smbpasswd >passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n >*changed* >So it's indeed %o > >------------------------ > Doug Curtis <doug.curtis@world-mail.org> wrote: >------------------------ >The problem is my passwd (with Kerberos) asks for the current password > >before entering the new one, even when run as root. > > > >Thanks, > > > >Doug > > > >At 02:11 PM 5/9/2003 +0200, kenneth.westelinck@pandora.be wrote: > >> >From my smb.conf: > >>passwd program = /usr/bin/passwd %u > >>passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > >>*Retype\snew\sUNIX\spassword:* %n\n . > >> > >> > >>------------------------ > >> Doug Curtis wrote: > >>------------------------ > >>Ok, this has probably been asked 1000 times before but what is the variable > >> >to put in the password chat to send the old (or current) password? I > >> >thought it was %o but that just seems to pass "%o" to the passwd command > >> >instead of the actual password. > >> > > >> >Thanks, > >> > > >> >Doug > >> > > >> >At 09:17 AM 5/8/2003 +0200, NSC - NetworkServiceCenter wrote: > >> >>hi doug, > >> >> > >> >> > I also have successfully configured Samba to change the samba > password > >> >> > from the windows client (using the change password feature in > >> >> > Ctrl-Alt-Del). The only way I could get the password change from the > >> >> > client to work was to set "unix password sync = no" but I would like > >> >> > the functionality of this, so that when a user changes their samba > >> >> > password from the client, it changes both of the passwords. > >> >> > > >> >> > Does anyone have an idea on how to fix this? > >> >> > >> >>maybe your passwordchat crashes! -> try to write a little > shellscript that > >> >>asks you for the password and writes this in a file. use this script as > >> >>passwordprogramm and turn on sync. if passwordchange works now and > in your > >> >>file is the new pwd, you know definitively that the string you > defined at > >> >>passwordchat is not the same as the expected one of your > passwordprogramm. > >> >> > >> >>suggestion 1: > >> >>try to get your chat and pwdprogramm work together - look out: each > >> >>character and also carriage return must be set > >> >> > >> >>suggestion 2: > >> >>if your shellscript works use it ;-) > >> >>let your script call the passwordprogramm!!! > >> >> > >> >> > >> >>greetings > >> >>thomas reisenbichler > >> > > >> >-- > >> >To unsubscribe from this list go to the following URL and read the > >> >instructions: http://lists.samba.org/mailman/listinfo/samba