Not necessary. Exactly what I said. In environment using pam_ldap, there is no "unix password", there is "ldap password", and I have ldap password sync = yes. In other words, passwords of unix users are validated against ldap, and we let SAMBA change the ldap password.Hello Alexander,
Saturday, August 14, 2004, 5:49:43 AM, you wrote:
AEP> Andre Cameron wrote:
unix password sync = Yes
AEP> You don't need that in LDAP setup if you keep posix account information AEP> in LDAP using posixAccount objectclass, like LAM does. You probably want AEP> unix password sync = no, ldap password sync = yes and also mention AEP> pam_smbpass.so in /etc/pam.d/* and also install nss-ldap.
"unix password sync" is not necessary when you want synchronization between Windows password and Unix password? When an user changes his password from a Windows workstation to change it for unix login?
Think about the situation when the user logs in from unix and runs the "passwd" command. To update SMB password automatically, one needs pam_smbpass. But see: if unix password sync = yes, SAMBA will call passwd again, which will change the SAMBA password again via pam_smbpass, and SAMBA will call passwd yet again - a loop.
And in my situation (unix password sync = no, ldap password sync = yes): when a user changes the password from Windows, SAMBA updates also the LDAp password (the one which is checked my pam_ldap). When a user attempts to change his password from unix, pam_smbpass does the same => both SMB and LDAP passwords are changed.
-- Alexander E. Patrakov
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
