Hi List,
I have FDS configured in the server. There are windows and Linux client in our network. Windows users also have Linux.
Linux clients are authenticating to fds. Samba server is running in a different server and refers to the fds server(ldapbackend). For windows i had to create a separate password with smbpasswd -a username for each user which means samba password can be different from Linux password. Also the password policy doesn't apply to the smbpasswd i create.
Is there a way to use one password for both windows and linux logins?
TIA, SK
Saravana Kumar wrote:
Hi List,
I have FDS configured in the server. There are windows and Linux client in our network. Windows users also have Linux.
Linux clients are authenticating to fds. Samba server is running in a different server and refers to the fds server(ldapbackend). For windows i had to create a separate password with smbpasswd -a username for each user which means samba password can be different from Linux password. Also the password policy doesn't apply to the smbpasswd i create.
Is there a way to use one password for both windows and linux logins?
No. This has been on our wishlist for some time now. http://directory.fedora.redhat.com/wiki/Wishlist#Passwords
TIA, SK
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
El mar, 21-11-2006 a las 10:19 -0700, Richard Megginson escribió:
Saravana Kumar wrote:
Is there a way to use one password for both windows and linux logins?
No. This has been on our wishlist for some time now. http://directory.fedora.redhat.com/wiki/Wishlist#Passwords
Could the Perl Crypt-SmbHash module be useful?
http://search.cpan.org/~bjkuit/Crypt-SmbHash-0.12/SmbHash.pm
I'm experimenting with it to create ldif files with NT and LanMan passwords.
Oscar A. Valdez wrote:
El mar, 21-11-2006 a las 10:19 -0700, Richard Megginson escribió:
Saravana Kumar wrote:
Is there a way to use one password for both windows and linux logins?
No. This has been on our wishlist for some time now. http://directory.fedora.redhat.com/wiki/Wishlist#Passwords
Could the Perl Crypt-SmbHash module be useful?
Could be useful for generating the initial passwords, but not for keeping them in sync on the server side.
http://search.cpan.org/~bjkuit/Crypt-SmbHash-0.12/SmbHash.pm
I'm experimenting with it to create ldif files with NT and LanMan passwords.
Richard Megginson wrote:
Oscar A. Valdez wrote:
El mar, 21-11-2006 a las 10:19 -0700, Richard Megginson escribió:
Saravana Kumar wrote:
Is there a way to use one password for both windows and linux logins?
No. This has been on our wishlist for some time now. http://directory.fedora.redhat.com/wiki/Wishlist#Passwords
Could the Perl Crypt-SmbHash module be useful?
Could be useful for generating the initial passwords, but not for keeping them in sync on the server side.
http://search.cpan.org/~bjkuit/Crypt-SmbHash-0.12/SmbHash.pm
I'm experimenting with it to create ldif files with NT and LanMan passwords.
Thanks for the info
Regds, SK
I have a brand-new Samba 3.x domain working with LDAP/FDS backend; this is just for my small (university) department of ~350 users. The university operates an overarching Kerberos realm. My best possible case would be to use that Kerberos realm for authentication/password but continue to maintain department LDAP for actual user/group authorization/rights. If I can get everything to use people's existing university password, that would be very sweet; failing that, I have to give out about 300 passwords in the next month :(
I see the FDS Kerberos Howto, and it seems to make Kerberos integration pretty simple, but what is not clear to me is whether it is possible to pass this Kerberos authentication through to Samba clients. The few references I see to Samba-Kerberos integration modify the smb.conf with direct references to kerberos realm and keytab that would seem to result in:
Samba ----> Kerberos _____ <---- ________
where what I think I want is more like:
Samba ----> LDAP ----> Kerberos _____ <---- ____ <---- ________
(sorry for the awful ASCII!) where I retain "passdb backend = ldapsam:ldap://x.x.x.x" as the user/group store, but where LDAP refers to Kerberos for authn/passwd.
I was going to pose this question to the Samba users list, but I thought there might be more value to ask first whether anyone has worked on this in a FDS context. Not to say anything bad about other LDAP servers, but I can sometimes find it hard to map integration discussions that use OpenLDAP examples to my situation.
So, anyone on the list running a completely integrated Samba/FDS/Kerberos setup that references an overarching Kerberos realm?
Thanks,
Jim
Richard Megginson wrote:
Saravana Kumar wrote:
Hi List,
I have FDS configured in the server. There are windows and Linux client in our network. Windows users also have Linux. Linux clients are authenticating to fds. Samba server is running in a different server and refers to the fds server(ldapbackend). For windows i had to create a separate password with smbpasswd -a username for each user which means samba password can be different from Linux password. Also the password policy doesn't apply to the smbpasswd i create.
Is there a way to use one password for both windows and linux logins?
No. This has been on our wishlist for some time now. http://directory.fedora.redhat.com/wiki/Wishlist#Passwords
TIA, SK
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Saravana Kumar wrote:
Hi List,
I have FDS configured in the server. There are windows and Linux client in our network. Windows users also have Linux.
Linux clients are authenticating to fds. Samba server is running in a different server and refers to the fds server(ldapbackend). For windows i had to create a separate password with smbpasswd -a username for each user which means samba password can be different from Linux password. Also the password policy doesn't apply to the smbpasswd i create.
Is there a way to use one password for both windows and linux logins?
it seems imposible. btw on my system (postfix+dovecot+squirrelmail+FDS+samba) i'm having the same problem.
on sysadmin side that should be no problem at all because by using webmin the userPassword and sambaNTPassword+sambaLMPassword is always syncronized.
the problem was on user side (windows user), when they change their password it only change sambaNTPassword and sambaLMPassword. this problem should be solved too by using option "unix password sync"+"passwd program"+"passwd chat" on samba so that userPassword can be sync. but i'm having error message "you do not have permission to change password".
on samba guidance when "unix password sync" set to "yes" the "passwd program" must be run as root. but i can not find any guidance on how to run it with root permission.
does anyone know how to solve this problem?
thanks sigid
On 11/22/06, sigid@JINLab sigidwu@gmail.com wrote:
on sysadmin side that should be no problem at all because by using webmin the userPassword and sambaNTPassword+sambaLMPassword is always syncronized.
the problem was on user side (windows user), when they change their password it only change sambaNTPassword and sambaLMPassword. this problem should be solved too by using option "unix password sync"+"passwd program"+"passwd chat" on samba so that userPassword can be sync. but i'm having error message "you do not have permission to change password".
Try using Samba's "ldap password sync" option rather than the "unix password sync" option.
Josh Kelley
389-users@lists.fedoraproject.org