I have a related question (if this is the right place to ask...). I'm
using pam_krb5 to authenticate users against an ADS domain, which works
well. They can also change their AD account password with the passwd
command. What I would like to happen is both the AD account and local
(Unix) account passwords get changed at the same time (that way users
could still log in with their usual password, even if there was some
loss of connectivity to the AD server). Here's my current setup for
password:
password sufficient pam_krb5.so
password requiredpam_unix.so try_first_pass nullok obscure \
min=4 max=8 md5
What happens here is, the AD password gets changed, but the Unix
password is untouched (I've tried making the pam_krb5 line optional as
well, but that doesn't work either). What's worse, I can't change
passwords for local-only accounts (like root) at all. I have to comment
out the pam_krb5 line to do that. I'm running Debian 3.1 (Sarge),
libpam-krb5 1.0-10. Can anyone help?
Thanks,
James
^^
James Bradley
Eagan, McAllister Associates
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Ow Mun Heng
Sent: Tuesday, December 21, 2004 1:10 AM
To: Samba-list
Subject: Re: [Samba] Unix password synch
On Tue, 2004-12-21 at 13:45, Anish Mathew wrote:
Hi all,
Is there any way to automatically update the samba
password when a user changes his unix account password
using the passwd command.
Short Answer - Yes.
I want samba to look in passwd file for
authentication. I dont want to create two accounts one
for local unix and then for the samba.
How to get passwd to sync both Linux and smbpasswd
Update : Ow Mun Heng
Date: Long Time Ago
The pam_smbpass PAM module can be used to sync users' Samba passwords
with their system passwords when the passwd command is used. If a user
invokes the passwd command, the password he uses to log in to the Red
Hat Linux system as well as the password he must provide to connect to a
Samba share are changed.
To enable this feature, add the following line to /etc/pam.d/system-auth
below the pam_cracklib.so invocation:
password required /lib/security/pam_smbpass.so nullok use_authtok
try_first_pass
This module is incorporated into the samba source/rpm package
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired /lib/security/pam_env.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authrequired /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
passwordrequired /lib/security/pam_cracklib.so retry=3 type=
passwordrequired /lib/security/pam_smbpass.so nullok
use_authtok try_first_pass
passwordsufficient/lib/security/pam_unix.so nullok use_authtok
md5 shadow
passwordrequired /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
# less /usr/share/doc/samba-2.2.7/docs/pam_smbpass/README
--
Ow Mun Heng
Gentoo/Linux on D600 1.4Ghz
98% Microsoft(tm) Free!!
Neuromancer 14:06:56 up 4:56, 6 users, 0.47, 0.55, 0.25
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
