samba - Oct 2002 - Samba password changes?

hi,

i've setup a LDAP server with account information,
and compiled samba with ldap support.

everything works great, except for the password changes
i still have to run two seprate commands ( passwd, smbpasswd )
to change a users password.

i've tried to put the pam_smbpasswd.so module into
system-auth, but that does work?

any pointers?

thanks


adriaan putter

hi...i used idealx..they have a set of scripts that eliminates this...each
script updates both the ldap..and the smbpasswd...and the passwd
file...check it out...

-----Original Message-----
From: glug-bounce@linux.org.za [mailto:glug-bounce@linux.org.za]On
Behalf Of Adriaan.Putter@aventis.com
Sent: 08 October 2002 08:58
To: samba@lists.samba.org; glug@linux.org.za
Subject: [GLUG] Samba password changes?


hi,

i've setup a LDAP server with account information,
and compiled samba with ldap support.

everything works great, except for the password changes
i still have to run two seprate commands ( passwd, smbpasswd )
to change a users password.

i've tried to put the pam_smbpasswd.so module into
system-auth, but that does work?

any pointers?

thanks


adriaan putter

----
To unsubscribe from this list: send the line "unsubscribe glug" in
the subject of a message to glug-request@linux.org.za. If you have a
problem unsubscribing, please mail glug-admins@linux.org.za

Adriaan.Putter@aventis.com wrote:
> hi,
> 
> i've setup a LDAP server with account information,
> and compiled samba with ldap support.
> 
> everything works great, except for the password changes
> i still have to run two seprate commands ( passwd, smbpasswd )
> to change a users password.
> 
> i've tried to put the pam_smbpasswd.so module into
> system-auth, but that does work?
> 
No, pam_smbpasswd is meant for modifying the smbpasswd file, it doesn't 
do anything else.

I found the best solution was to use:

unix password sync = yes
pam password change = yes
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n 
*LDAP*passwd:*all*authentication*tokens*updated*successfully*

(not sure if the passwd chat is necessary)

and then modify your /etc/pam.d/passwd to do password changes via LDAP. 
This ensures that password changes from samba apply the same rules that 
any other password change would apply.

Only problem I have now is if a user does a unix password change, it 
currently won't change their windows password, but I believe there is a 
hacked pam_ldap which will do that too.

(I have some issues with the idealx stuff, but it should all work out 
the box on recent Mandrake RPMs).

Regards,
Buchan


-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7