Actually, I figured out what I wanted. I wasn't expressing it well,
mainly cause I couldn't think straight after staring at the monitor for
so long. Basically, what I didn't realize earlier is how pam_smbpasswd
worked. After stepping away from the problem for a few hours it hit me
with a huge "DUR!" pam_smbpasswd does exactly what I want. Of course I
don't want clear text passwords, so by using pam_smbpasswd it
automagically keeps both files up-to-date when a user changes their pass
through passwd (I recognize that I'm preaching to the choir). Thanks
for taking the time to read my post!
Mike.
Gordon Messmer wrote:
Michael Thrift wrote:
I am not authenticating domain users, or windows users, and I don't
want to use smbpasswd. Is there some way to force samba to
authenticate against pam, and only pam? My goal is to not add an
administrative load whatsoever.
The last goal is not one you can achieve.
If you want to authenticate against PAM, you have to set "encrypt
passwords = no". Note, however, that the man page says:
The use of plain text passwords is NOT advised as support
for this feature is no longer maintained in Microsoft Win-
dows products. If you want to use plain text passwords you
must set this parameter to no.
Now, if you choose to set that option, you have to modify all of your
clients, by importing the appropriate "PlainPassword.reg" file from
the samba distribution.
So, basically, you have a choice between modifying how you manage and
change passwords, so that you can support a secure login method for
SMB, or changing the configuration of all of your windows clients
considerably degrading security.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
