Use the popular heimdal, openldap + smbk5pwd, samba3 combo
This will keep samba/ldap/kerberos passwords in sync no matter how or where the password is changed. Otherwise you could do some pam hackery, perhaps stacking pam_winbind and pam_krb5 for password changing. You would have to do this on all the nodes on your network. and for the windows side of things you could write a password change script, which would be called by samba on a password change. On Tue, 01 Sep 2009 16:48:01 +0200, Robert Markula <robert.mark...@gmx.net> wrote: > Hi, > please consider the following situation in a heterogenous, Windows > Server-less network, where users use both Windows and Linux: > > - On Windows users authenticate against a Samba 3.3.2 PDC with tdbsam > backend. > - On Linux users authenticate against a combination of OpenLDAP and > Kerberos. > > This, of course, brings up the old problem that users have to > synchronise their passwords manually for both Windows and Linux. > > The ideal solution would be that Samba would just support authentication > against Linux-based Kerberos, but (correct me if I'm wrong) that doesn't > seem possible with Samba3. > > Is there anything else that can be done? So if users on Windows can't > use Linux-based Kerberos for SSO, maybe there is at least a way for > users to change their passwords on one OS and get it automatically > synced for the other (i.e. if a user changes his password on a Windows > machine it gets automatically changed for his Linux account as well and > vice versa)? > > Cheers, > Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
