We divide the unified logon problem for UNIX machines into three smaller problems:
1. Obtaining Windows NT user and group information 2. Authenticating Windows NT users 3. Password changing for Windows NT users
The winbind system provides a simple and elegant solution to all three components of the unified logon problem.
First two things are explained, with pam configuration examples. I have got them to work fine and dandy. The problem is the third, for which I hardly find any bits of useful information googling the net.
So, I have a w2kAD user that's logged in a linux machine. How does he change his password?
Have tried this:
/etc/pam.d/passwd
auth sufficient pam_unix2.so nullok use_first_pass auth sufficient pam_winbind.so account sufficient pam_unix2.so account sufficient pam_winbind.so #password required pam_pwcheck.so nullok password sufficient pam_unix2.so nullok use_first_pass use_authtok password sufficient pam_winbind.so #session required pam_unix2.so
Also, I have added password sufficient pam_winbind.so in /etc/pam.d/login and /etc/pam.d/xdm
I'm not sure that all of the above is ok, in fact I'm sure it's not ok.
If I type "passwd" as user w2kAD, it says "Unknown user".
As local unix user, "passwd" tries to change the NT password, which I don't want, and it can't.
I know about smbpasswd -r PDC -U username, but I need better integration with windows. For example, will I be able to get password expiry to work, by setting it up in w2kAD? So that the linux box will prompt the w2k user for a new password? Is this doable?
Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
