Re: [Samba] How to Change samba's PW from XP

Sun, 07 May 2006 11:18:57 -0700

My advice is work with the protocol rather than trying to fight it. You've effectively got two domains. Either get rid of one (and make the server a member of the other domain) or make both real domains. If you pick the latter, either have the user accounts in both domains with separate passwords or establish a trust relationship (obviously the latter is easier for everyone).
Trying to have a domain without a controller is really messing up the Windows security model. I personally would not recommend going down that road. You're inventing a new security model that really will leave you out on your own. 


You may want to check some Windows server forums. Your proposal is 
basically (as I understand it) to have users in a Windows domain able to 
access shares on and change passwords for accounts local to a server 
which is not a member of any domain. Samba really doesn't have anything 
to do with this.



jayb wrote:


Thank you for the response. I was hoping to avoid the PDC path.

We're our samba file server is using ldap and it has all the

Account policies configured. 

Is there any way possible to get the samba file server 
To push out a message to the XP box stating that the password has expired

When the user goes to access a folder on the samba server? That is, without the 
samba

Server configured for PDC?  


An vica-versa, is there any way possible to send a password update message to 
the
Samba server? That is, via some script that would push a user's old/new 
password to the
Samba server that would cause smbpasswd to be invoked with this information?


There some be some low-level SMB message protocol that could be exploited to do 
this task?

Thanks again

jay


-----Original Message-----

From: Gary Dale [mailto:[EMAIL PROTECTED] 
Sent: Sunday, May 07, 2006 9:43 AM

To: jayb
Cc: '[email protected]'
Subject: Re: [Samba] How to Change samba's PW from XP



It sounds like you have two domains. One way to handle this, since you 
seem to be saying that your Samba server is really just a file server, 
is to make it a member server in the Windows domain and get your 
passwords from the Windows domain.



Or you can set up a domain trust between the two domains, so your Samba 
domain trusts your Windows domain. In either of these cases, all your 
user information is in the Windows domain only so there is no need to 
push password information to your Samba server.



Or you could integrate your Samba LDAP with the Authentication Server's 
(AS) LDAP. You'd need to add the fields from the Samba LDAP schema to 
the AS LDAP schema and merge the data. Then point Samba to the AS LDAP 
server. I believe this would make the Samba server a DC in the Windows 
domain.



Finally, you could have two separate domains, which sounds like your 
current case. In this case, when the user changes their password, 
Windows allows them the select the domain they want to change their 
password in. Select the Samba domain from the pulldown list (how to get 
the second (Samba) domain on the list is Windows XP question :) ).



jayb wrote:


 


Unfortuntely, the Samba LDAP is separate from our LDAP Authentication 
server. So, when the user changes his Windows password, it changes the 
Authentication server just fine.



Then when the user accesses his Samba file server he gets prompted for 
Username / password where he has to enter in an old password until 
someone changes it to the new password on the samba server.


If only there was some way for the XP box to tell the
samba server to put up a "password change" dialog box. Or the push
A password change to the samba server from within windows.

Thanks
jay




-----Original Message-----
From: Gary Dale [mailto:[EMAIL PROTECTED]
Sent: Sunday, May 07, 2006 1:28 AM
To: jayb; [email protected]
Subject: Re: [Samba] How to Change samba's PW from XP


jayb wrote:




   


I could really use a quick yes/no answer here. If answer yes a pointer 
to a Howto.


I have a samba based file server running in workgroup mode with
security = user

XP User authentication is managed by a separate LDAP server.

Is there a way from within XP such as  command utility, anything, I
could use to update the samba server's password?

RIght now, it a manual excerise to update the samba server password
everytime the user changes his/her password.

I see this question asked a lot but I just can't seem to fine an
answer.

When working as a PDC, what mechanism is used to update the user's
password then?


thanks

jay



  

     


You should be able to change the password as per normal Windows usage 
if

Samba is using the LDAP server.

Password setting seems to be a two-step process. Firstly, Samba updates

its password then it uses a script to run the local passwd program to 
change the local Linux/Unix password. If either fails, the password is 
not updated (as far as I can tell).


Samba uses "expect" to test the prompts from passwd to feed it the
password and confirm completion.

I ran into a problem with this when my smb.conf password script didn't 
match what my passwd program was sending out, preventing me from 
changing password from Windows. :)






   





 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba














    











					Reply via email to