[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: samba / UNIX password sync



Thanks Alexey. Will give this a go.

On 8/31/06, A Fadyushin it-centre ru <A Fadyushin it-centre ru> wrote:

The best way to resolve your problem is to use the some external
authentication database (such as Windows domain controller) for both the
SAMBA logins and usual logins (instead of /etc/passwd) as recommended in
previous replies.

However, if you prefer use both /etc/passwd and smbpasswd on your
computer without use of domain controller/nss and need to keep them in
sync, I think that you should add a call to pam_pwdb in 'password'
section of samba PAM configuration file, so both pam_pwdb and
pam_smbpass will be called when the password is changed. So, your SAMBA
PAM configuration will end with something similar to (the option
'use_authtok' is used to get a password from previous PAM module, i.e.
pam_pwdb):

password   requisite    /lib/security/pam_pwdb.so shadow md5
password   required     /lib/security/pam_smbpass.so use_authtok nodelay
smbconf=/etc/samba/smb.conf

Alexey Fadyushin
Brainbench MVP for Linux
http://www.brainbench.com


> -----Original Message-----
> From: redhat-list-bounces redhat com [mailto:redhat-list-
> bounces redhat com] On Behalf Of Matthijs Sneijders corusgroup com
> Sent: Wednesday, August 30, 2006 1:45 PM
> To: General Red Hat Linux discussion list
> Subject: Re: samba / UNIX password sync
>
> you might want to consider a slightly different approach to your
setup,
>
> -use pam_smb to authenticate users on your linux system using the
windows
> user database
> -use nss  (/etc/nsswitch.conf)  to get userinformation from files/nis)
You
> still need the windows usernames available in passwd/nis
>       for information like homefolder/shell/uid/gid
>
> in smb.conf use server or domain security.  (domain is better but
samba
> must join the domain first)
> this enables samba to authenticate incoming connections using the
windows
> user database
>
> This way, all authentication is done using windows accounts,  no
password
> sync is needed anymore!
>
>
>
>  Matthijs Sneijders
>
>
>
>
>      CORUS
>      Research,
>      Development
>      &
>      Technology
>
>      Building
>      3G16 room
>      3-312
>
>      P.O. Box
>      10.000
>
>      1970 CA
>      IJMUIDEN
>
>      phone       +31 (0)251-496400
>
>      fax         +31 (0)251-470064
>
>      mail        matthijs sneijders corusgroup com
>
>
>
>
>
>
> |---------+------------------------------>
> |         |           "Vladimir Kosovac" |
> |         |           <vkosovac gmail com|
> |         |           >                  |
> |         |           Sent by:           |
> |         |           redhat-list-bounces|
> |         |           @redhat.com        |
> |         |                              |
> |         |                              |
> |         |           30-08-2006 01:14   |
> |         |           Please respond to  |
> |         |           General Red Hat    |
> |         |           Linux discussion   |
> |         |           list               |
> |         |                              |
> |---------+------------------------------>
>
>-----------------------------------------------------------------------
> --------------------------------------------|
>   |
> |
>   |       To:       redhat-list redhat com
> |
>   |       cc:
> |
>   |       Subject:  samba / UNIX password sync
> |
>
>-----------------------------------------------------------------------
> --------------------------------------------|
>
>
>
>
> Hi all.
>
> I am running very old version of samba (2.2.7) and cannot upgrade just
> yet,
> must make this work as it is (if possible).
>
> After playing a bit with pam modules, I got first part of what I want
to
> do
> going - windows user is able to change domain password from windows.
> However, this change never gets synced to Linux password, although (I
> think)
> configuration is OK. Can someone give me some pointers to what else I
need
> to look at? Current relevant config is:
>
> Server: Red Hat 7.1 / samba-2.2.7-2.7.2 (compiled from RH source with
some
> extra options, --with pam-smb_passwd included)
> Client: Windows 2000 / some XP
>
> #/etc/pam.d/samba
> #%PAM-1.0
> # The PAM configuration file for the `samba' service
> #
> auth       required     /lib/security/pam_smbpass.so nodelay
> account    required     /lib/security/pam_pwdb.so audit nodelay
> session    required     /lib/security/pam_pwdb.so nodelay
> password   required     /lib/security/pam_smbpass.so nodelay
> smbconf=/etc/samba/smb.conf
>
> #/etc/samba/smb.conf
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> pam password change = yes
> obey pam restrictions = yes
>
> What am I missing? Help appreciated,
>
> Vladimir
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> **********************************************************************
> This transmission is confidential and must not be used or disclosed by
> anyone other than the intended recipient. Neither Corus Group Plc nor
> any of its subsidiaries can accept any responsibility for any use or
> misuse of the transmission by anyone.
> **********************************************************************
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]