Differences between revisions 2 and 5 (spanning 3 versions)
Revision 2 as of 2006-09-19 23:58:30
Size: 1799
Editor: JessicaMayo
Comment:
Revision 5 as of 2007-03-12 01:29:01
Size: 2253
Editor: DannyCheung
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
''''' Note: this is still not perfect. Configuration on Caesars is ongoing. stay tuned. '''''

== Note: The addusr and ccpass script will now update the Linux and SAMBA password for you in one go. ==


For more information on pam_smbpass see http://www.samba.org/samba/docs/man/Samba3-HOWTO/pam.html
Line 5: Line 11:
The changes required to update samba passwords are in /etc/pam.d/system-auth-ac The changes required to update samba passwords are in /etc/pam.d/system-auth (system-auth-ac under FC5)
Line 16: Line 22:
Line 20: Line 25:
Line 24: Line 28:
Line 28: Line 31:
=== We need to add the following line into the file BEFORE pam_unix.so ===
Make sure you match any style differences with the original. (e.g. FC3 prepends /lib/security/$ISA/)
Line 29: Line 34:
=== We need to add the following line into the file BEFORE pam_unix.so ===
Line 33: Line 37:

=== The password section of the file should then appear as below: ===		 === The password section of the file should then appear similar to below: ===
Line 41: Line 44:

If enabling users to set stupid passwords is desired ('''STRONGLY discouraged''' or the machine could be hacked) then the pam_cracklib line can be commented out.		 If enabling users to set stupid passwords is desired '''('''this is '''''STRONGLY discouraged''''' or the machine could be hacked''')''' then the pam_cracklib line can be commented out.

This page describes how to "fix" Fedora core installations so samba passwords are correctly updated at the same time as system passwords.

Note: this is still not perfect. Configuration on Caesars is ongoing. stay tuned.

Note: The addusr and ccpass script will now update the Linux and SAMBA password for you in one go.

For more information on pam_smbpass see http://www.samba.org/samba/docs/man/Samba3-HOWTO/pam.html

The configuration files controlling unix authentication and password updates reside under /etc/pam.d/

The changes required to update samba passwords are in /etc/pam.d/system-auth (system-auth-ac under FC5)

Before changes, this file will look like:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so
account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so
password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so
session     required      pam_limits.so
session     required      pam_unix.so

We need to add the following line into the file BEFORE pam_unix.so

Make sure you match any style differences with the original. (e.g. FC3 prepends /lib/security/$ISA/) 

password    sufficient    pam_smbpass.so nullok use_authtok try_first_pass

The password section of the file should then appear similar to below:

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_smbpass.so nullok use_authtok try_first_pass
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

If enabling users to set stupid passwords is desired (this is STRONGLY discouraged or the machine could be hacked) then the pam_cracklib line can be commented out.

SambaPasswordSync (last edited 2013-09-18 06:09:34 by localhost)