Is there a way to sync Samba passwords with linux user passwords
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a way to sync Samba passwords with linux user passwords
Hi,
When I create new users the login id and password works with telnet and ftp. Is there a way I can have it automatically set the password for samba?
This is what I currently have to do
Create user
adduser someone
# configure that user
smbpasswd
# use same pass that I used on adduser
is there anyway I can have this set up so I don’t need to run smbpasswd every time I create a user? For example, would it be possible to have smbd read the password file from /etc/shadow, rather than from /etc/samba/private/smbpasswd ?
Yes you can, just make sure that their login/password settings for windows are the same in Linux*, if you are trying to set various linux boxes in SAMBA you have a problem, you cannot have automatic login from within Linux.
To solve your problem about the users and passwords use GnoSamba or SWAT (I preffer the former) you simply tell GnoSamba which users have access to your computer once, and it automatically adds them. The Linux/Linux on SMB is not solved though. The user sitll has to login to the SMB server.
* Windows boradcasts the login options (a security whole (hole), yes... I love the irony of these homophones ) but warranties(?) that the users will login automatically on trusted(?) systems.
passwd chat (G)
This string controls the "chat" conversation that takes places
between smbd and the local password changing program to change
the user's password. The string describes a sequence of
response-receive pairs that smbd(8) uses to determine what to
send to the passwd program and what to expect back. If the
expected output is not received then the password is not
changed.
This chat sequence is often quite site specific, depending on
what local methods are used for password control (such as NIS
etc).
Note that this parameter only is only used if the unix password
sync parameter is set to yes. This sequence is then called AS
ROOT when the SMB password in the smbpasswd file is being
changed, without access to the old password cleartext. This
means that root must be able to reset the user's password with-
out knowing the text of the previous password. In the presence
of NIS/YP, this means that the passwd program must be executed
on the NIS master.
The string can contain the macro %n which is substituted for the
new password. The chat sequence can also contain the standard
macros \n, \r, \t and \s to give line-feed, carriage-return,
tab and space. The chat sequence string can also contain a '*'
which matches any sequence of characters. Double quotes can be
used to collect strings with spaces in them into a single
string.
If the send string in any part of the chat sequence is a full
stop ".", then no string is sent. Similarly, if the expect
string is a full stop then no string is expected.
If the pam password change parameter is set to yes, the chat
pairs may be matched in any order, and success is determined by
the PAM result, not any particular output. The \n macro is
ignored for PAM conversions.
See also unix password sync, passwd program , passwd chat debug
and pam password change.
Default: passwd chat = *new*password* %n\n *new*password* %n\n
*changed*
Example: passwd chat = "*Enter OLD password*" %o\n "*Enter NEW
password*" %n\n "*Reenter NEW password*" %n\n "*Password
changed*"
passwd chat debug (G)
This boolean specifies if the passwd chat script parameter is
run in debug mode. In this mode the strings passed to and
received from the passwd chat are printed in the smbd(8) log
with a debug level of 100. This is a dangerous option as it will
allow plaintext passwords to be seen in the smbd log. It is
available to help Samba admins debug their passwd chat scripts
when calling the passwd program and should be turned off after
this has been done. This option has no effect if the pam pass-
word change paramter is set. This parameter is off by default.
See also passwd chat , pam password change , passwd program .
Default: passwd chat debug = no
passwd program (G)
The name of a program that can be used to set UNIX user pass-
words. Any occurrences of %u will be replaced with the user
name. The user name is checked for existence before calling the
password changing program.
Also note that many passwd programs insist in reasonable pass-
words, such as a minimum length, or the inclusion of mixed case
chars and digits. This can pose a problem as some clients (such
as Windows for Workgroups) uppercase the password before sending
it.
Note that if the unix password sync parameter is set to yes then
this program is called AS ROOT before the SMB password in the
smbpasswd(5)
file is changed. If this UNIX password change fails, then smbd
will fail to change the SMB password also (this is by design).
If the unix password sync parameter is set this parameter MUST
USE ABSOLUTE PATHS for ALL programs called, and must be examined
for security implications. Note that by default unix password
sync is set to no.
See also unix password sync.
Default: passwd program = /bin/passwd
Example: passwd program = /sbin/npasswd %u
unix password sync (G)
This boolean parameter controls whether Samba attempts to syn-
chronize the UNIX password with the SMB password when the
encrypted SMB password in the smbpasswd file is changed. If
this is set to yes the program specified in the passwd program-
parameter is called AS ROOT - to allow the new UNIX password to
be set without access to the old UNIX password (as the SMB pass-
word change code has no access to the old password cleartext,
only the new).
See also passwd program, passwd chat.
Default: unix password sync = no
There may be other parameters that I missed. Do a man smb.conf and look for any passwd parameters.
You can set samba to authenticate by pam. You will have to do some reading. I think the pam method sends clear text passwords over the network and that is something that you don't want to happen. If your users have shell access to the samba server, disable them from using the passwd command by chmodding it.
Quote:
This is what I currently have to do
Create user
adduser someone
# configure that user
smbpasswd
# use same pass that I used on adduser
You should set this password to some initial value and have the user change it themself from windows. This way, both unix and samba passwords will be changed immediately.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
) but warranties(?) that the users will login automatically on trusted(?) systems.
