[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: authenticate from LDAP (samba PDC)



Begin  Tom Cook  quotation:
> > I found this same information in some other documents.  Hmm, maybe if
> > I specify the passwd program correctly then the password stored in
> > LDAP can be updated through samba.  That isn't such a big deal, IMO,
> > because other means can be devised (eg an authenticated web form
> > submission over SSL or logging in to a nicely-behaved PAM-enabled *NIX
> > box and using 'passwd').
> 
> Certainly if you use a web form to change passwords then you could
> have it update both LDAP and smbpasswd.
> 
> > As it stands right now, there isn't any automated synchronization
> > between the windows sytstems and the unix systems.  The unix systems
> 
> A good point.  Some synchronisation is better than none.
> 

I've got this sort of setup working, with /etc/pam.d/passwd:
  
  password   required   pam_ldap.so

and the samba password synchronisation:

  passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n.* .

and then people change their passwords using 'smbpasswd', or the little
button "change password" on the NT boxes (which simply runs smbpasswd.)
This does the trick.  We've also got a nice web password-changing
script, but that simply passes its arguments to smbpasswd, so it goes
through the above procedure anyway.  It's a little ugly, in that
everything on the linux box authenticates off ldap through pam except
for samba, but it works.

Martin

-- 
pgp public key at http://ocsc.ormond.unimelb.edu.au/~mstrauss/pgp_key.asc
or send email with subject: request key

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/E/MU d? s: a--- C++++ UL+++++$ P++ L++(+++) E--- W+++ N+++ o+ K?
w--- O- M-- V- PS+++ PE Y++ PGP+++ t- 5- X- R+++ !tv b++++ DI+++
D+(+++) G++++ e* h++ r++ y+
------END GEEK CODE BLOCK------

Attachment: pgpDAByzltKFs.pgp
Description: PGP signature


Reply to: