Re: [Samba] Fwd: RE: Welcome to the samba mailing list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2006 03:05 PM, dimidivi escreveu: Hello, Hey! I have a Solaris 10 machine (SunOS 5.10 Generic_118833-18 sun4u sparc) installed with Samba Version 3.0.23a. Samba has been compiled from source with PAM modules. The modules 'pam_smbpass.so' and 'pam_winbind.so' reside at: /usr/local/samba/lib/security smb.conf is located at /usr/local/samba/lib/ We are talking about /etc/pam.conf, not /etc/pam.d/ configuration with separate files. The modules for pam.conf are in /usr/lib/security/$ISA (default). This is what I want: Users have a unix shell and use a tool that exports the output to an CSV file on the samba share. I'm forced to use password expiration. I would like the users to change their password only once. Either by syncing the /etc/password or /etc/shadow file with the smbpassword file, or by just validating the samba login against the /etc/password or /etc/shadow file. I don't really care, as long as it works. LDAP is not an option? You can use 'unix passwd sync' and ask them to use smbpasswd to change their password, it will do the trick in the other way. Or you can do some ninja magic to make the expiration date changes from time to time (but it is not a real solution). I've been searching documentation, mail list archives, How-to's and man pages, I've tried with trial and error. I raised the debug levels for smbd and nmbd and checked the log files for hints, including the system log files. I just cannot get it to work. The smbpasswd file remains unchanged after a password change. Am I just not understanding the concept here, or is there a simple thing I've forgotten or overlooking?? Try the other way around, using smbpasswd to change the samba password and get it in sync with unix password. Question: What is the service name for samba to be used in pam.conf?? I assumed (and read her and there) it is 'samba'. But is it really?? Yes. :) Did you read the PAM chapter in the Samba Official HOWTO? http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html PAM describes the service name should stated in the man page of the service. This is not the case with smnd or nmbd (at least, I can't find it). Below are some summaries from both pam.conf and smb.conf. Just the things I think that are related. But if someone need the whole thing, please let me know. Is there anyone who can help me?? I really need to get it working one way or another. I hope this helps, I'm not using pam... I'm using LDAP. Many thanks for your effort. It's much appreciated! Dimitry Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFInEzCj65ZxU4gPQRAoLJAKCK5Nvqwy8hXSfgD7oxvYJsYSbAeQCfa7lZ DJyPTq82nLCEOsarzMnmGDE= =y/V4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: RE: Welcome to the samba mailing list
Hello, I have a Solaris 10 machine (SunOS 5.10 Generic_118833-18 sun4u sparc) installed with Samba Version 3.0.23a. Samba has been compiled from source with PAM modules. The modules 'pam_smbpass.so' and 'pam_winbind.so' reside at: /usr/local/samba/lib/security smb.conf is located at /usr/local/samba/lib/ We are talking about /etc/pam.conf, not /etc/pam.d/ configuration with separate files. The modules for pam.conf are in /usr/lib/security/$ISA (default). This is what I want: Users have a unix shell and use a tool that exports the output to an CSV file on the samba share. I'm forced to use password expiration. I would like the users to change their password only once. Either by syncing the /etc/password or /etc/shadow file with the smbpassword file, or by just validating the samba login against the /etc/password or /etc/shadow file. I don't really care, as long as it works. I've been searching documentation, mail list archives, How-to's and man pages, I've tried with trial and error. I raised the debug levels for smbd and nmbd and checked the log files for hints, including the system log files. I just cannot get it to work. The smbpasswd file remains unchanged after a password change. Am I just not understanding the concept here, or is there a simple thing I've forgotten or overlooking?? Question: What is the service name for samba to be used in pam.conf?? I assumed (and read her and there) it is 'samba'. But is it really?? PAM describes the service name should stated in the man page of the service. This is not the case with smnd or nmbd (at least, I can't find it). Below are some summaries from both pam.conf and smb.conf. Just the things I think that are related. But if someone need the whole thing, please let me know. Is there anyone who can help me?? I really need to get it working one way or another. Many thanks for your effort. It's much appreciated! Dimitry --- /etc/pam.conf samba auth required pam_unix_cred.so.1 samba auth required pam_unix_auth.so.1 samba accountrequired pam_unix_account.so.1 samba password required pam_dhkeys.so.1 samba password requisitepam_authtok_get.so.1 shadow md5 use_authtok try_first_pass samba password requisite pam_authtok_check.so.1 samba password required pam_authtok_store.so.1 samba password requisite /usr/local/samba/lib/security/pam_smbpass.so nullok use_authtok try_first_pass debug smbconf=/usr/local/samba/lib/smb.conf samba sessionrequired pam_unix_session.so.1 smb.conf security = user log file = /usr/local/samba/var/log.%m max log size = 500 ; local master = no ; os level = 33 ; domain master = yes ; preferred master = yes ; domain logons = yes ; wins support = yes ; wins server = w.x.y.z ; wins proxy = yes dns proxy = no ; add user script = /usr/sbin/useradd %u ; add group script = /usr/sbin/groupadd %g ; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u ; delete user script = /usr/sbin/userdel %u ; delete user from group script = /usr/sbin/deluser %u %g ; delete group script = /usr/sbin/groupdel %g ; passdb backend = tdbsam pam password change = Yes obey pam restrictions = Yes passwd program = /usr/bin/passwd .%u. passwd chat = *New*Password* %n\n \ *Re-enter*new*password* %n\n *Password*changed* passwd chat debug = yes unix password sync = Yes encrypt passwords = yes [search] comment = CDR Searches path = /data/searches public = no writable = no printable = no --- __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
