Greetings Can anyone tell me if this is possible? Given a network of Linux based servers with a Linux based PDC (Centos 3.9) running samba 3.0.26a and NIS with Windows-XP clients, we want to enforce password changing policies for the Windows Domain. We want to have users able to change their own passwords at required but with some control over minimum complexity, re-use etc. We want them to be able to change their passwords from the XP workstations and have that change propagated to samba and to NIS without any intervention. I have tried to implement this but seem to constantly run into problems with PAM. If we switch off pam password change in smb.conf, we can change passwords from the workstation but they don't get propagated. The only way I have been able to achieve what we want is by getting someome with root access to change passwords for the end users (not something we want to make a habit of). Any input would be /very/ gratefullt accepted. Rgds Nigel.
"Nigel Allen" <dna@edrs.com.au> wrote in message news:49B4665B.9010401@edrs.com.au...> > Greetings > > Can anyone tell me if this is possible? > > Given a network of Linux based servers with a Linux based PDC (Centos > 3.9) running samba 3.0.26a and NIS with Windows-XP clients, we want to > enforce password changing policies for the Windows Domain. > > We want to have users able to change their own passwords at required but > with some control over minimum complexity, re-use etc. We want them to > be able to change their passwords from the XP workstations and have that > change propagated to samba and to NIS without any intervention. > > I have tried to implement this but seem to constantly run into problems > with PAM. If we switch off pam password change in smb.conf, we can > change passwords from the workstation but they don't get propagated. The > only way I have been able to achieve what we want is by getting someome > with root access to change passwords for the end users (not something we > want to make a habit of). > > Any input would be /very/ gratefullt accepted. > > Rgds > > Nigel. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >I find it a lot easier to set up Samba using OpenLDAP for authentication. I use the NT 4.0 tool User Manager for Domains to manage users. Take a look at Samba by Example for detailed information on creating a PDC with Samba and LDAP. Chapter 5 "Making Happy Users" has this info. and more. It is important to set all of this up in a test environment before making changes to your production system. You may also want to use more recent versions of CentOS and Samba.