[Fedora-directory-users] Samba/Fedora DS/Windows Password Sync

[Jeff Gamsby]

  Using PassSync, changing the passwords from the AD/NT side will also 
change passwords on the Fedora DS side. It will not however change the 
Samba passwords. If you have "ldap passwd sync = yes" in your Samba 
config, then you can use smbpasswd to change all passwords at the same 
time. If you migrate over to an AD server in place of Samba, you can use 
domain logins and have users change their password in Windows which 
would also change the Fedora DS password as well.

Jeff

Phil Allred wrote:
> Here at Brooklyn Law School, we use Fedora DS together with a samba 
> schema quite succesfully.   All students and most faculty log in to  
> lab computers and desktops  that are members of  a Samba domain. We 
> avoid using NT servers as much as possible for open source reasons, 
> but our faculty is hoping we can move them to an exchange server 
> running on NT 2003.  In a test environment, we were able to get 
> password sync happening between an NT server and a replica of our DS,  
> but are wondering how to keep our samba passwords updated.  Currently, 
> we have a web front end pointed at a perl script loosely based on the 
> smb-ldap scripts from IDEALX.  These keep our sambantpassword, 
> sambalmpassword, and unix passwords synced.
> If we continue to use this script to update passwords on Fedora DS, 
> will fedora pick up the password and send it down to the windows 
> server?  I assume there is not much I could do to get it to work in 
> the other direction, which would be ok -- we would require users to 
> continue to change their passwords through our web front end.
>
> Any thoughts or suggestions would be greatly appreciated.
>
>
> Phil Allred
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

-- 
Jeff Gamsby
Center for X-Ray Optics
Lawrence Berkeley National Laboratory
(510) 486-7783