Julien TEHERY
2019-May-14 11:58 UTC
[Samba] Samba4 changing a user's password from linux workstation
I've gotten pretty unhappy with "realmd" and "sssd". They try to hide>> a lot of steps away from the user, but the internal interactions are a >> bit of a "mousetrap" game. When it works, you get the mouse. But if >> any of the many steps are even slightly worn, it becomes erratic or >> fails. >> > > >Update: In fact i succeeded in reseting user password from a linux workstation with kpasswd through pam_sssd. At the beginning I thought we were prompted directly for new password, but we had to first type in the old one before choosing a new one.
Rowland penny
2019-May-14 12:13 UTC
[Samba] Samba4 changing a user's password from linux workstation
On 14/05/2019 12:58, Julien TEHERY via samba wrote:> I've gotten pretty unhappy with "realmd" and "sssd". They try to hide >>> a lot of steps away from the user, but the internal interactions are a >>> bit of a "mousetrap" game. When it works, you get the mouse. But if >>> any of the many steps are even slightly worn, it becomes erratic or >>> fails. >>> >> >> >> > Update: In fact i succeeded in reseting user password from a linux > workstation with kpasswd through pam_sssd. > At the beginning I thought we were prompted directly for new password, > but we had to first type in the old one before choosing a new one. >kpasswd has nothing to do with sssd, it prompts for the old password, then the new password (twice), it then changes the users password. smbpasswd works in the same way (and it works with AD) I cannot understand why anybody uses sssd, it is a program that requires separate configuration and does very little that winbind (only one config file) doesn't. Just what does sssd give you, what do you need it for ? Rowland
Luc Lalonde
2019-May-14 13:35 UTC
[Samba] Samba4 changing a user's password from linux workstation
Hello Rowland, We’ve been using SSSD with Acitve Directory for a few years now… It’s been solid for us. Our Linux clients use the AD-Kerberos via SSSD for secure NFS4 mounts with POSIX attributes defined in AD (uidNumber, gidNumber, unixHomeDirectory, loginShell). Before putting into production, I tested using Winbind and could not get it to do what I wanted. If I remember correctly, I had problems with groups. I didn’t want DOMAIN\groupname… just groupname to show. I don’t remember why this was causing me problems… just that this was the main reason. At the time, I found that the documentation for integrating AD with Linux was best documented… in particular at RedHat: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/summary-direct <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/summary-direct> They give further reasons for choosing SSSD over Winbind in that document. Cheers, Luc.> On May 14, 2019, at 8:13 AM, Rowland penny via samba <samba at lists.samba.org> wrote: > > On 14/05/2019 12:58, Julien TEHERY via samba wrote: >> I've gotten pretty unhappy with "realmd" and "sssd". They try to hide >>>> a lot of steps away from the user, but the internal interactions are a >>>> bit of a "mousetrap" game. When it works, you get the mouse. But if >>>> any of the many steps are even slightly worn, it becomes erratic or >>>> fails. >>>> >>> >>> >>> >> Update: In fact i succeeded in reseting user password from a linux workstation with kpasswd through pam_sssd. >> At the beginning I thought we were prompted directly for new password, but we had to first type in the old one before choosing a new one. >> > kpasswd has nothing to do with sssd, it prompts for the old password, then the new password (twice), it then changes the users password. > > smbpasswd works in the same way (and it works with AD) > > I cannot understand why anybody uses sssd, it is a program that requires separate configuration and does very little that winbind (only one config file) doesn't. Just what does sssd give you, what do you need it for ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20190514/3cdeffb3/signature.sig>