----- Original Message -----
From: "Dale Schroeder" <[EMAIL PROTECTED]>
To: "Andrea Bencini" <[EMAIL PROTECTED]>
Sent: Friday, December 28, 2007 7:42 PM
Subject: Re: [Samba] password
Andrea,
SWAT's help files are a good resource, as shown below.
Dale
passwd program (G)
The name of a program that can be used to set UNIX user passwords.
Any occurrences of /|%u|/ will be replaced with the user name. The
user name is checked for existence before calling the password
changing program.
Also note that many passwd programs insist in /reasonable /
passwords, such as a minimum length, or the inclusion of mixed case
chars and digits. This can pose a problem as some clients (such as
Windows for Workgroups) uppercase the password before sending it.
/Note/ that if the /|unix password sync|/ parameter is set to |yes |
then this program is called /AS ROOT/ before the SMB password in the
smbpasswd file is changed. If this UNIX password change fails, then
|smbd| will fail to change the SMB password also (this is by design).
If the /|unix password sync|/ parameter is set this parameter /MUST
USE ABSOLUTE PATHS/ for /ALL/ programs called, and must be examined
for security implications. Note that by default /|unix password
sync|/ is set to |no|.
Default: //|passwd program|/ = || /
Example: //|passwd program|/ = |/bin/passwd %u| /
passwd chat (G)
This string controls the /"chat"/ conversation that takes places
between smbd(8)
<http://192.168.1.223:901/swat/help/manpages/smbd.8.html> and the
local password changing program to change the user's password. The
string describes a sequence of response-receive pairs that smbd(8)
<http://192.168.1.223:901/swat/help/manpages/smbd.8.html> uses to
determine what to send to the passwd program and what to expect
back. If the expected output is not received then the password is
not changed.
This chat sequence is often quite site specific, depending on what
local methods are used for password control (such as NIS etc).
Note that this parameter only is only used if the unix password sync
parameter is set to |yes|. This sequence is then called /AS ROOT/
when the SMB password in the smbpasswd file is being changed,
without access to the old password cleartext. This means that root
must be able to reset the user's password without knowing the text
of the previous password. In the presence of NIS/YP, this means that
the passwd program must be executed on the NIS master.
The string can contain the macro /|%n|/ which is substituted for the
new password. The chat sequence can also contain the standard macros
\n, \r, \t and \s to give line-feed, carriage-return, tab and space.
The chat sequence string can also contain a '*' which matches any
sequence of characters. Double quotes can be used to collect strings
with spaces in them into a single string.
If the send string in any part of the chat sequence is a full stop
".", then no string is sent. Similarly, if the expect string is a
full stop then no string is expected.
If the pam password change parameter is set to |yes|, the chat pairs
may be matched in any order, and success is determined by the PAM
result, not any particular output. The \n macro is ignored for PAM
conversions.
Default: //|passwd chat|/ = |*new*password* %n\n*new*password* %n\n
*changed*| /
Example: //|passwd chat|/ = |"*Enter OLD password*" %o\n "*Enter NEW
password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"| /
Andrea Bencini wrote:
I would like to know about "passwd program" and "passwd chat" (I have
already read man of smb.conf)
1- What is their function
2- When I should use them
Thanks
Andrea
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
