pam_smbpass is a pam module which comes with samba which allows among others. the ability to keep a smbpasswd file in sync with the unix passwd file. The advantages of this is that there is only one user administration task required and users can automatically use encrypted passwords when they use samba. Currently, redhat's samba package does not include the required pam_smbpasswd.so but you can easily grab the samba srpm and build it for your self. The file can be found under the BUILD/sambaxxx/source/bin directory. Using this module requires some changes to your pam configuration. The first thing to do it remove execute permissions from authconf so it will not destroy your settings. Next, edit (after making a backup) /etc/pam.d/system-auth so it looks like this: #%PAM-1.0 The first bold line will make pam_smbpass migrate the account when the user logs in for the first time. The bold second line will make pam_smbpass update the users smbpassword when they change their password using passwd. The only problem with this is setting passwords on new accounts. The migration is only done on first login so when new users passwords are set, the password synchronisation fails. The solution to this is to migrate on password setting as well. This requires a small patch to smbpasswd. Patch against 2.2.1a here. Patch against 2.2.8a here. Patch against 3.0.10 here. Last modified
20030716 |
