[CentOS] How best to allow users to change Samba passwords?

Wed Jul 1 13:29:12 UTC 2009
Jason Pyeron <jpyeron at pdinc.us>

 

> -----Original Message-----
> From: Kevin Thorpe
> Sent: Wednesday, July 01, 2009 5:43
> 
> I was wondering if anyone could advise me on this.

We allow users th change their passwords via ctrl-alt-del, and via the web using
the password change tool that comes with exchange.

> 
> I've got two Samba servers, each using passdb.tdb for authentication. 
> All works well, but I've now been asked to let users change 
> their own passwords (a requirement of data secuity). What's 
> the best way of arranging this, preferably updating both 
> servers at the same time?
> 
> thanks
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

On CentOS release 4.7:

/etc/samba/smb.conf (redacted)

[global]

#log level = 10

encrypt passwords = yes

        workgroup = xxxxxxxxxxxxxxxxxxxxxxxx
        server string = Logon Server
        pam password change = Yes
        unix password sync = Yes
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/sbin/useradd -m '%u'
        delete user script = /usr/sbin/userdel -r '%u'
        add group script = /usr/sbin/groupadd '%g'
        delete group script = /usr/sbin/groupdel '%g'
        add user to group script = /usr/sbin/usermod -G '%g' '%u'
        add machine script = /usr/sbin/useradd -s /sbin/nologin -d /tmp '%u'
        domain logons = Yes
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap ssl = no
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        map acl inherit = Yes
        cups options = raw
        csc policy = disable

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/netlogon
        guest ok = Yes
        share modes = No

[print$]
        comment = All Printers
        path = /var/lib/samba/drivers
        guest ok = Yes
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.