Sorry about the acro, I am working with Fedora Directory Server (ldap). Currently user passwords stored in FDS can be changed from netatalk (apple protocol), FDS web interface, or unix/passwd via the PAM interface. To hit all three of these areas I would think that the password sync would need to somehow be down in FDS. Looking forward I would like to find an ldap solution. Anything else will cause additional steps when I add new users to the network. I will read through pbedit but unless I can trigger it through ldap I don't know what good it will do.
JD -----Original Message----- From: Scott Lovenberg [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 09, 2008 12:43 PM To: Ryan Novosielski Cc: Denis Cardon; samba@lists.samba.org; Deas, Jim Subject: Re: Sync passwords unix/smb with FDS backend? Ryan Novosielski wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Denis Cardon wrote: >> Hi Jim, >>> Using simple authentication I have been able to tie FDS to Samba 3.x.24. >>> Knowing that the unix passwd and smb passwd are different, dare I ask >>> how difficult it would be to have them sync? Most of my users are using >>> netatalk w/ posix user info and MD5 password. I would like to swing this >>> over to samba without the worries of two passwords per user. I have seen >>> blips on this but not directly related to FDS >>> >> if you store both your samba and your unix password in the ldap, you can >> get them in sync by updating both of them when one change its password. >> You'll need to update the smb.conf file to take that into account for >> the windows part, and update your other password changing apps accordingly. >> >> If what you want is in fact getting a NTLM hash from the existing md5 >> hash, I'm afraid it won't be possible. Users will have to change their >> password once to update both ntlm and md5 password hash. > > Not entirely true, or at least it wasn't last time I tried this. For me, > I used a method that included a PAM module that, on successful auth > (actually, for HP-UX, any auth, which was unfortunate, since they have > no 'requisite' directive in PAM), populated the smbpasswd file. > > I don't know what FDS is, but it seems to me you could go this route and > then convert the smbpasswd file to whatever you wanted via pdbedit. > > =R > > - -- > ---- _ _ _ _ ___ _ _ _ > |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II > |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) > \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHhStZmb+gadEcsb4RAoxpAJ4ueyjIEKhv+mBdSN+qjVuN4niWfQCgi1NS > 4K1ZQsfiaFFzoXdqAcFV0xg= > =l57P > -----END PGP SIGNATURE----- > Scratch my last message about FDS; I was thinking of Apache Directory Server. FDS is pretty mature. Sorry about that. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba