[OpenIndiana-discuss] passwd command not update smbpasswd file in 151a9

Udo Grabowski (IMK) udo.grabowski at kit.edu
Thu Sep 4 09:21:45 UTC 2014 

On 04/09/2014 11:15, Dang Zhiqiang wrote:
> thank you.
> I used smb share by "zfs set sharesmb=on tank/test", not want to modify samba configure file.
> only add "other password required pam_smb_passwd.so.1 nowarn" is OK?
>
> currently, I not found other questions.

Yes, but you need to enable users with 'smbadm enable-user <username>'
to activate that passwords are taken from /etc/shadow. Note, no Samba is
involved here at all, so none of its configs and passwrd files are active,
nor should there be any samba program running, only the Solaris smb daemons
activated via svcadm for smb/server, smb/client; samba DISABLED.

>
>
> At 2014-09-04 04:18:45, "Udo Grabowski (IMK)" <udo.grabowski at kit.edu> wrote:
>> Too early in the morning... smbpasswd file is Samba, but the
>> funtionality that the /etc/shadow file is used as password
>> basis with this entry is valid for Solaris own CIFS service, see
>> 'man smbadm' under 'enable-user' .
>>
>> For Samba (>3.0.0, if compiled with --with-pam --with-smb_passwd ),
>> you seemingly can use additional entries like this in /etc/pam.conf
>> (note the difference: pam_smbpass versus pam_smb_passwd)
>>
>> other password required pam_smbpass.so use_authtok
>>
>> samba password required pam_dhkeys.so.1
>> samba password requisite pam_authtok_get.so.1
>> samba password requisite pam_authtok_check.so.1
>> samba password required pam_authtok_store.so.1
>> samba password required pam_smbpass.so use_authtok
>> samba session required pam_unix_session.so.1
>>
>> and in smb.conf file:
>>
>>    preferred master = yes
>>    domain master = yes
>>    local master = yes
>>    domain logons = yes
>>    security = user
>>    obey pam restrictions = yes
>>
>> You need to set the password after reboot again since
>> the password hash format changes.
>>
>> But I don't know if this really works.
>>
>> Otherwise, you can write a small 'expect' script to
>> synchronize that users call when changing their password.
>>
>> On 04/09/2014 09:13, Dang Zhiqiang wrote:
>>> thank you very much.
>>>
>>>
>>> I'm sorry, passwd command not update smbpasswd file in 151a8 too, fix it like 151a9.
>>>
>>> At 2014-09-04 01:37:38, "Udo Grabowski (IMK)" <udo.grabowski at kit.edu> wrote:
>>>> On 04/09/2014 05:31, Dang Zhiqiang wrote:
>>>>> passwd command update smbpasswd file in 151a8, but update OS to 151a9 is not, how to fix it?
>>>>
>>>> You need this line in /etc/pam.conf:
>>>> other   password required       pam_smb_passwd.so.1     nowarn
>>>>
>> --
>> Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
>> http://www.imk-asf.kit.edu/english/sat.php
>> KIT - Karlsruhe Institute of Technology           http://www.kit.edu
>> Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>


-- 
Dr.Udo Grabowski   Inst.f.Meteorology & Climate Research IMK-ASF-SAT
http://www.imk-asf.kit.edu/english/sat.php
KIT - Karlsruhe Institute of Technology           http://www.kit.edu
Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026

More information about the openindiana-discuss mailing list