Hi All, I would like to set up a samba server but using the same user / pass for unix logins and smb logins. This works fine if I use non-encrypted passwords but I have to apply the registry patch to set my win98 clients to use non-encrypted passwords. Could I use pam_smb to authenticate the Linux box against its own smb server then use encrypted smb passwords? I understand that if the smb is not running, unix users will not be able to log in but this will not be a problem. TIA Macky
I don't use PAM, but I get the functionality that you want (I think!). (I use 2.2.X as a PDC, but I don't think any of this is PDC specific). I have security=user encrypt passwords=yes passwd program=/usr/bin/passwd %u passwd chat=*New*password* %n\n *new*password* %n\n *updated* unix password sync=yes This means I've had to set up a smbpasswd file, and have to use smbpasswd to addusers to it after I've created their linux accounts. This is described in the docs supplied with the samba code. The unix password sync works, so smbpasswd can change both passwords at the same time. It did take me a couple of goes to get the right password chat though. ----- Original Message ----- From: "Macky" <macky@opusvl.com> To: <samba@lists.samba.org> Sent: Tuesday, February 19, 2002 2:28 PM Subject: [Samba] Linux and SMB using single passwd> Hi All, > > I would like to set up a samba server but using the same user / pass forunix> logins and smb logins. > > This works fine if I use non-encrypted passwords but I have to apply the > registry patch to set my win98 clients to use non-encrypted passwords. > > Could I use pam_smb to authenticate the Linux box against its own smbserver> then use encrypted smb passwords? > > I understand that if the smb is not running, unix users will not be ableto> log in but this will not be a problem. > > > TIA > > Macky > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
Look at the "unix password sync" in smb.conf. It will allow you to have Samba automatically change the user's UNIX password to match the Samba password. The first time a user uses smbpasswd after you configure that it should update their UNIX password to be the same. Of course, if somebody runs passwd directly it will change the password on the UNIX side without updating the Samba password, if you think that's a big deal you can (carefully) replace the passwd command with a script or symbolic link for the ordinary users. On Tue, Feb 19, 2002 at 02:28:13PM +0000, Macky wrote:> Hi All, > > I would like to set up a samba server but using the same user / pass for unix > logins and smb logins. > > This works fine if I use non-encrypted passwords but I have to apply the > registry patch to set my win98 clients to use non-encrypted passwords. > > Could I use pam_smb to authenticate the Linux box against its own smb server > then use encrypted smb passwords? > > I understand that if the smb is not running, unix users will not be able to > log in but this will not be a problem.-- That feeling just came over me. -- Albert DeSalvo, the "Boston Strangler"
We do this, where we actually have all linux machines except the PDC (which has the LDAP server also) doing authentication via LDAP and pam_smb. Users change their password from windows, and the imap server, ssh, login, kde, gdm etc all use pam_smb. We also use auth_smb on squid to auth against the samba pdc. At present I think the best option is to use LDAP and pam_smb together. You just need to ensure that accounts can be added (to smbpasswd and LDAP simultaneously) easily. Of course, having accounts in smbpasswd requires a unix account first (either passwd or LDAP or whatever). So we keep passwd on our PDC, have a script which grabs new accounts from passwd and adds them to ldap (I am not sure if this can be done more easily). Buchan> Message: 2 > From: Macky <macky@opusvl.com> > Reply-To: macky@opusvl.com > To: samba@lists.samba.org > Date: Tue, 19 Feb 2002 14:28:13 +0000 > Subject: [Samba] Linux and SMB using single passwd > > Hi All, > > I would like to set up a samba server but using the same user / pass for unix > logins and smb logins. > > This works fine if I use non-encrypted passwords but I have to apply the > registry patch to set my win98 clients to use non-encrypted passwords. > > Could I use pam_smb to authenticate the Linux box against its own smb server > then use encrypted smb passwords? > > I understand that if the smb is not running, unix users will not be able to > log in but this will not be a problem. > > > TIA > > Macky >-- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/gpg.key