LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-08-2003, 09:02 PM   #1
MarleyGPN
Member
 
Registered: Apr 2003
Location: Vail, CO
Posts: 73

Rep: Reputation: 15
Is there a way to sync Samba passwords with linux user passwords


Hi,

When I create new users the login id and password works with telnet and ftp. Is there a way I can have it automatically set the password for samba?

This is what I currently have to do

Create user

adduser someone
# configure that user
smbpasswd
# use same pass that I used on adduser

is there anyway I can have this set up so I donít need to run smbpasswd every time I create a user? For example, would it be possible to have smbd read the password file from /etc/shadow, rather than from /etc/samba/private/smbpasswd ?
 
Old 09-09-2003, 01:09 AM   #2
Thetargos
Senior Member
 
Registered: Mar 2003
Location: Mexico City
Distribution: Fedora, Ubuntu & Mint
Posts: 1,679

Rep: Reputation: 45
Yes you can, just make sure that their login/password settings for windows are the same in Linux*, if you are trying to set various linux boxes in SAMBA you have a problem, you cannot have automatic login from within Linux.

To solve your problem about the users and passwords use GnoSamba or SWAT (I preffer the former) you simply tell GnoSamba which users have access to your computer once, and it automatically adds them. The Linux/Linux on SMB is not solved though. The user sitll has to login to the SMB server.

* Windows boradcasts the login options (a security whole (hole), yes... I love the irony of these homophones ) but warranties(?) that the users will login automatically on trusted(?) systems.

Last edited by Thetargos; 09-09-2003 at 01:12 AM.
 
Old 09-09-2003, 10:59 AM   #3
sidmark-2850
Member
 
Registered: Aug 2003
Posts: 133

Rep: Reputation: 15
From man smb.conf

Code:
       passwd chat (G)
              This  string  controls the "chat" conversation that takes places
              between smbd and the local password changing program  to  change
              the   user's  password.  The  string  describes  a  sequence  of
              response-receive pairs that  smbd(8) uses to determine  what  to
              send  to  the  passwd  program  and  what to expect back. If the
              expected output  is  not  received  then  the  password  is  not
              changed.

              This  chat  sequence  is often quite site specific, depending on
              what local methods are used for password control  (such  as  NIS
              etc).

              Note  that this parameter only is only used if the unix password
              sync parameter is set to yes. This sequence is  then  called  AS
              ROOT  when  the  SMB  password  in  the  smbpasswd file is being
              changed, without access to  the  old  password  cleartext.  This
              means  that root must be able to reset the user's password with-
              out knowing the text of the previous password. In  the  presence
              of  NIS/YP,  this means that the passwd program must be executed
              on the NIS master.

              The string can contain the macro %n which is substituted for the
              new  password.  The  chat sequence can also contain the standard
              macros \n, \r,  \t and \s to  give  line-feed,  carriage-return,
              tab  and  space. The chat sequence string can also contain a '*'
              which matches any sequence of characters.  Double quotes can  be
              used  to  collect  strings  with  spaces  in  them into a single
              string.

              If the send string in any part of the chat sequence  is  a  full
              stop  ".",  then  no  string  is  sent. Similarly, if the expect
              string is a full stop then no string is expected.

              If the pam password change parameter is set  to  yes,  the  chat
              pairs  may be matched in any order, and success is determined by
              the PAM result, not any  particular  output.  The  \n  macro  is
              ignored for PAM conversions.

              See also unix password sync,  passwd program , passwd chat debug
              and  pam password change.

              Default: passwd chat = *new*password* %n\n  *new*password*  %n\n
              *changed*

              Example:  passwd  chat = "*Enter OLD password*" %o\n "*Enter NEW
              password*"  %n\n  "*Reenter  NEW  password*"   %n\n   "*Password
              changed*"

       passwd chat debug (G)
              This  boolean  specifies  if the passwd chat script parameter is
              run in debug mode. In  this  mode  the  strings  passed  to  and
              received  from  the  passwd  chat are printed in the smbd(8) log
              with a debug level of 100. This is a dangerous option as it will
              allow  plaintext  passwords  to  be  seen in the smbd log. It is
              available to help Samba admins debug their passwd  chat  scripts
              when  calling  the passwd program and should be turned off after
              this has been done. This option has no effect if the  pam  pass-
              word change paramter is set. This parameter is off by default.

              See also passwd chat , pam password change , passwd program .

              Default: passwd chat debug = no

       passwd program (G)
              The  name  of  a program that can be used to set UNIX user pass-
              words. Any occurrences of %u will  be  replaced  with  the  user
              name.  The user name is checked for existence before calling the
              password changing program.

              Also note that many passwd programs insist in  reasonable  pass-
              words,  such as a minimum length, or the inclusion of mixed case
              chars and digits. This can pose a problem as some clients  (such
              as Windows for Workgroups) uppercase the password before sending
              it.

              Note that if the unix password sync parameter is set to yes then
              this  program  is  called AS ROOT before the SMB password in the
              smbpasswd(5)
               file is changed. If this UNIX password change fails, then  smbd
              will fail to change the SMB password also (this is by design).

              If  the  unix password sync parameter is set this parameter MUST
              USE ABSOLUTE PATHS for ALL programs called, and must be examined
              for  security  implications.  Note that by default unix password
              sync is set to no.

              See also unix password sync.

              Default: passwd program = /bin/passwd

              Example: passwd program = /sbin/npasswd %u


       unix password sync (G)
              This  boolean  parameter controls whether Samba attempts to syn-
              chronize the UNIX  password  with  the  SMB  password  when  the
              encrypted  SMB  password  in  the smbpasswd file is changed.  If
              this is set to yes the program specified in the passwd  program-
              parameter  is called AS ROOT - to allow the new UNIX password to
              be set without access to the old UNIX password (as the SMB pass-
              word  change  code  has no access to the old password cleartext,
              only the new).

              See also passwd program,  passwd chat.

              Default: unix password sync = no

There may be other parameters that I missed. Do a man smb.conf and look for any passwd parameters.

You can set samba to authenticate by pam. You will have to do some reading. I think the pam method sends clear text passwords over the network and that is something that you don't want to happen. If your users have shell access to the samba server, disable them from using the passwd command by chmodding it.

Quote:
This is what I currently have to do

Create user

adduser someone
# configure that user
smbpasswd
# use same pass that I used on adduser
You should set this password to some initial value and have the user change it themself from windows. This way, both unix and samba passwords will be changed immediately.

Cheers
 
  


Reply

Tags
passwd, password, samba, smbpasswd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sync MySQL passwords with local account passwords? turbine216 Linux - Software 2 02-18-2005 03:15 AM
Completely uninstalling MySQL and its passwords passwords...how? I locked myself out! Baix Linux - Newbie 2 01-30-2005 04:10 PM
Global Samba/Linux passwords mrsolo Linux - Networking 2 02-23-2004 12:12 AM
Sync user/group passwords?! jhewitt Linux - Newbie 1 02-12-2004 07:28 PM
end user passwords bear51 Linux - Newbie 0 05-22-2002 01:27 PM


All times are GMT -5. The time now is 11:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration