On Thu, 2011-12-29 at 12:28 -0500, Ryan Novosielski wrote: > We used the pam_smbpasswd module, which does not work for either TDBSAM > or LDAPSAM I don't think.
pam_smbpass should, it just runs our passdb modules like any other part of Samba. > It's OK if you want to maintain an smbpasswd > file, but I think you really don't for more than X number of users and > I'm not sure how well it works with Active Directory (this was back > before AD was big that we were using Samba). pam_smbpass isn't a way to connect with AD, use pam_winbindd against the AD domain in this case. > The way that that worked was to take advantage of other password > manipulation people had done (eg. authenticate successfully using > anything) and that that time the PAM module would get the unencrypted > password and write it using the proper hash for the new Samba auth > method. That is a pretty slick idea and if it does not exist for LDAP or > TDBSAM, I do wonder why not. This migration should still be avilable, but the slow process of waiting for correct passwords may or may not work in your environment. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
