RRuegner wrote:
Hi Cris again, youre right in this setup i useI was just playing with PAM last night to allow user to change their passwords.
smbpasswd backend with samba 3.0.4 , cause i also patched the pptpd to look at it,
but i didnt noticed any problem using smbpasswd instead
of tdb ( but for sure it is not recomended any more )
I use this for a small network, but everything works which is from need for a pdc.
In other networks i use ldap, cause of using bdc and advanced features
I think the use of the smb passwd backends (tdb, ldap etc ) has to fit to your needs, and what you prefer, in this case pam and smbpasswd gives me help
in being compatibel to older stuff which i wanna use ,too.
/etc/pam.d/samba:
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
#the following 2 lines get samba to bybass pam_cracklib -- especially the dictionary checks
password required pam_pwdb.so shadow md5
password optional pam_smbpass.so nullok use_authtok try_first_pass
#password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf debug
/etc/pam.d/system-auth #%PAM-1.0
auth required pam_env.so auth sufficient pam_unix.so likeauth nullok #auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so #account sufficent pam_ldap.so password requisite pam_cracklib.so retry=3 minlen=4 password requisite pam_unix.so shadow md5 use_authtok try_first_pass password optional pam_smbpass.so nullok use_authtok try_first_pass #password sufficient pam_ldap.so use_authtok #password required pam_deny.so session required pam_limits.so session required pam_unix.so #session optional pam_ldap.so
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
