[389-users] LDAP to samba password synchronization
John A. Sullivan III
jsullivan at opensourcedevel.com
Wed May 13 19:13:19 UTC 2009
On Wed, 2009-05-13 at 15:06 -0400, John A. Sullivan III wrote:
> Hello, all. Several hours of googling and testing have not solved my
> problem. We are using Directory Server as our authentication mechanism
> for as much as possible in our environment. So far, we have integrated
> all our Linux servers, synchronized with AD, and are using it for
> Zimbra.
>
> We have just implemented a standalone SAMBA server and are having
> trouble synchronizing passwords. I see plenty of examples of how to
> have changes made using smbpasswd passed to the posix password in LDAP.
> But that's not what we want. We want users (some of whom use SAMBA and
> some of whom do not) to have a single place to change their password.
> The users are all KDE. Changing their passwords in the KDE control
> module for security changes everything brilliantly EXCEPT SAMBA.
>
> How do we make password changes executed by the users or by the LDAP
> admin in idm-console propagate to the SAMBA password attributes? Thanks
> - John
I forgot to mention, we did change pam as follows:
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_smbpass.so use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
However, I would think this would affect password changes made only on
the SAMBA server itself and not changes made by users at their desktops
and reflected through to Linux. We really need changes made in LDAP
from wherever they are made to affect the SAMBA password attributes in
Linux. Is that possible? If so, how? Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
More information about the Fedora-directory-users
mailing list