This is a discussion on password-sync between unix and samba - SMB ; what i WANT is this: my linux/unix NIS server will have all the regular unix passwords in the usual way. when a user changes their linux/unix password, the new password should get propagated to the samba password file. i'm running ...
what i WANT is this:
my linux/unix NIS server will have all the regular unix passwords
in the usual way. when a user changes their linux/unix password,
the new password should get propagated to the samba password file.
i'm running samba 3.0.0, red hat linux 9.
in section 188.8.131.52 of the samba manual there's a "password
synchronization configuration" example. that seemed to be the thing
that i wanted.
the first problem was that the example calls for a pam_UNIX.so
library. red hat 9 doesn't have one. i tried pam_unix.so
and pam_stack.so, no go. in all my attempts to guess, changing
the unix password on the machine that would be the NIS host
does not update the smbpasswd file.
i've been checking that by doing an ls -l on /etc/shadow and
the smbpasswd file. /etc/shadow is changing, smbpasswd isn't.
i've tried changing the smbpasswd file directly, and that does
change the date on the password file.
i compiled samba-3.0.0 from source. i have red hat's samba
installed, but not turned on.
i copied smb_passwd.so to /lib/security.
i copied .../source/bin/smbpasswd to /usr/bin.
when i change the /etc/pam.d/samba file, i don't restart anything--i figure
since, when i change my solaris machine's pam.conf, i don't restart
anything on it, and the changes get picked up immediately.
does anybody have what i want working under 3.0.0 (or any other version,
for that matter)? what should my /etc/pam.d/samba file look like?
here's THEIR example--is their example wrong?
auth requisite pam_nologin.so
auth required pam_UNIX.so
account required pam_UNIX.so
password requisite pam_cracklib.so retry=3
password requisite pam_UNIX.so shadow md5 use_authtok try_first_pass
password required pam_smbpass.so nullok use_authtok try_first_pass
session required pam_UNIX.so
i typed the above out of their manual--so if there's a typo, that's probably
not the problem. i can't readily cut and paste from the affected machine,
as it's in a closed room.
(is this the right forum for such a question?)
Jay Scott 512-835-3553 email@example.com
Head of Sun Support, Sr. Operating Systems Specialist
Applied Research Labs, Computer Science Div. S224
University of Texas at Austin