Hi Holger, On Mo 01 Apr 2013 23:14:34 CEST Holger Levsen wrote:
Hi Mike, On Montag, 1. April 2013, Mike Gabriel wrote:To make this work, Samba __has__ to call the PAM password chat in a language independent way (with LANG=C, this is handled internally by Samba). The Samba admin then has to provide a chat matching pattern. This pattern __also__ has to be in English. With the ,,passwd chat'' pattern as specified in smb.conf being in English, you can reliably parse the invoked-by-Samba PAM password chat. No matter what default locale the installed system uses. Note: This has been tested on a German D-E installation, and it works perfectly.Ah, thanks for explaining, makes sense now! So the user got prompted in germanin your test-cases?! :-)
Ähhh... In a way... yes. As I used a German Windows 7 to test this ;-) On the Win7 box (with domain membership in SKOLELINUX domain): Ctrl+Alt+Del -> ,,Kennwort ändern'' -> do the password changing => this should result in the passwords being set in: o LDAP o Kerberos o Samba (lmhash/nthash)The 'passwd program' and the 'passwd chat' parameter in smb.conf handle the kerberos password change. The LDAP password change is handled by 'ldap passwd sync = yes' and the Samba hashes get set natively.
However, with newer Samba versions the lmhash does not get set anymore IIRC, unless you force Samba to do that. This has been deactivated by default as you can ,,reverse engineer'' the plain text passwords from lmhashes [1]. Not sure, when that change occurred in Samba upstream, IIRC somewhere between lenny and squeeze.
Greets, Mike [1] http://wiki.debian.org/DebianEdu/HowTo/RecoverPasswords -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgp_JR26t7EV0.pgp
Description: Digitale PGP-Unterschrift