On Fri, 2009-02-06 at 16:38 -0600, Michael Cronenworth wrote: > I have a Samba server acting as a PDC with Fedora Directory Server > running as the LDAP server, which holds all the users and passwords of > the domain. Everything is properly configured and running great. > Changing passwords from within a Windows machine changes both NT and > UNIX passwords. > > However, I can't seem to find out how to sync NT and UNIX passwords from > a Linux client. I can set my Linux client to use LDAP auth, but it only > changes the UNIX password. I occasionally login to a Windows VM and > would like to use /one/ set of username and password credentials. I > /cannot/ have two passwords (please, don't ask why). Right now I'm > having to manually sync NT and UNIX passwords since my Linux client is > my main machine. > > Yes, I know about smbldap-tools and that's what I have the PDC using, > but I'm looking for a solution that uses the system "passwd" command to > change passwords. If there is no other way, fine, just tell me and I'll > use smbldap-tools on my Linux client. > > > P.S. The Samba programmer who thought it would be awesome to have > separate password keeping should be shot. ---- why is it necessary for you to conclude with a statement that demonstrates your ignorance as if it somehow insults someone other than yourself? Samba schema is based on methodologies that Microsoft employs which are not compatible with Posix attributes. Therefore, you get sambaNTPassword and sambaLMPassword attributes that are Microsoft compatible hashed passwords but the userPassword (Posix) could be a variety of different encryption schemes depending upon your implementation but none of them being compatible with the simple hash Microsoft uses. Yes, samba has an option to sync unix passwords so that a Windows client can change a password and it will change all 3 above attributes when configured properly and no, I don't know of a configuration switch that will do it the opposite way, where you change userPassword and it simultaneously changes the other samba attributes. I use horde/imp/etc. and there is a module called password that allows users to change their passwords. There probably are other programs that can do much the same. You can probably roll your own program to do that as well. In the end though...samba performs all of its functions as intended and the problem isn't samba at all, it's the passwd command itself because it is entirely oblivious to the concept that another password methodology exists...perhaps you should be shooting a Unix/Linux programmer or two... Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
