Differences between revisions 4 and 5
Revision 4 as of 2006-09-21 07:17:30
Size: 2157
Editor: JessicaMayo
Comment:
Revision 5 as of 2007-03-12 01:29:01
Size: 2253
Editor: DannyCheung
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
Line 5: Line 4:
For more information on pam_smbpass see [http://www.samba.org/samba/docs/man/Samba3-HOWTO/pam.html] == Note: The addusr and ccpass script will now update the Linux and SAMBA password for you in one go. ==


For more information on pam_smbpass see http://www.samba.org/samba/docs/man/Samba3-HOWTO/pam.html
Line 20: Line 22:
Line 24: Line 25:
Line 28: Line 28:
Line 32: Line 31:
Line 35: Line 33:
Line 38: Line 37:
Line 46: Line 44:

This page describes how to "fix" Fedora core installations so samba passwords are correctly updated at the same time as system passwords.

Note: this is still not perfect. Configuration on Caesars is ongoing. stay tuned.

Note: The addusr and ccpass script will now update the Linux and SAMBA password for you in one go.

For more information on pam_smbpass see http://www.samba.org/samba/docs/man/Samba3-HOWTO/pam.html

The configuration files controlling unix authentication and password updates reside under /etc/pam.d/

The changes required to update samba passwords are in /etc/pam.d/system-auth (system-auth-ac under FC5)

Before changes, this file will look like:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so
account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so
password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so
session     required      pam_limits.so
session     required      pam_unix.so

We need to add the following line into the file BEFORE pam_unix.so

Make sure you match any style differences with the original. (e.g. FC3 prepends /lib/security/$ISA/) 

password    sufficient    pam_smbpass.so nullok use_authtok try_first_pass

The password section of the file should then appear similar to below:

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_smbpass.so nullok use_authtok try_first_pass
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

If enabling users to set stupid passwords is desired (this is STRONGLY discouraged or the machine could be hacked) then the pam_cracklib line can be commented out.

SambaPasswordSync (last edited 2013-09-18 06:09:34 by localhost)