Begin Tom Cook quotation: > > I found this same information in some other documents. Hmm, maybe if > > I specify the passwd program correctly then the password stored in > > LDAP can be updated through samba. That isn't such a big deal, IMO, > > because other means can be devised (eg an authenticated web form > > submission over SSL or logging in to a nicely-behaved PAM-enabled *NIX > > box and using 'passwd'). > > Certainly if you use a web form to change passwords then you could > have it update both LDAP and smbpasswd. > > > As it stands right now, there isn't any automated synchronization > > between the windows sytstems and the unix systems. The unix systems > > A good point. Some synchronisation is better than none. > I've got this sort of setup working, with /etc/pam.d/passwd: password required pam_ldap.so and the samba password synchronisation: passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n.* . and then people change their passwords using 'smbpasswd', or the little button "change password" on the NT boxes (which simply runs smbpasswd.) This does the trick. We've also got a nice web password-changing script, but that simply passes its arguments to smbpasswd, so it goes through the above procedure anyway. It's a little ugly, in that everything on the linux box authenticates off ldap through pam except for samba, but it works. Martin -- pgp public key at http://ocsc.ormond.unimelb.edu.au/~mstrauss/pgp_key.asc or send email with subject: request key -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/E/MU d? s: a--- C++++ UL+++++$ P++ L++(+++) E--- W+++ N+++ o+ K? w--- O- M-- V- PS+++ PE Y++ PGP+++ t- 5- X- R+++ !tv b++++ DI+++ D+(+++) G++++ e* h++ r++ y+ ------END GEEK CODE BLOCK------
Attachment:
pgp1hpnnnz_zW.pgp
Description: PGP signature