Does libpam-smbpass mean no manual smbpasswd?

Asked by Shahar Or on 2009-05-05

Dear friends,

I've installed the libpam-smbpass package and restarted samba. I find that for users to be able to log in, I must type in their passwords manually with smbpasswd.

Is something broken? Does it make a difference that I've installed libpam-smbpass only after installing and configuring samba?

Many blessings.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu samba Edit question
Assignee:
No assignee Edit question
Solved by:
ian.d.lacy
Solved:
2010-09-25
Last query:
2010-09-25
Last reply:
2010-09-24

Not sure, you should set a password for each account connecting. I always set the same password as the users account for ease

sudo smbpasswd -a $USER

then type your password to authorise sudo, then set the samba password twice to verify. You can then use this to restrict / enable access to folders in /etc/samba/smb.conf

When a user access the share it will be asked for authentication.

Is this what you are after?

Shahar Or (mightyiam) said : #2

On ג', 2009-05-05 at 23:51 +0000, actionparsnip wrote:
> Is this what you are after?

Dear actionparsnip,

libpam-smbpass synchronizes between the UNIX user accounts and the Samba
passwords.

The problem is that the UNIX passwords are not migrated into the Samba
passwords all at once. From comments in the configuration files I've
found that password synchs are done at specific triggers like changing a
user's password with passwd.

What I'm asking is if this is indeed true and whether there's a built-in
method to synch all the passwords at once.

Many blessings.
--
שחר אור | 050-7966664 | http://www.shahar-or.co.il
   *** שיעורים פרטיים בלינוקס ותכנה חופשית ***

Not sure, I've never done it like that. Mainly due to me only having 2 sambda accounts, One for read only and the other for full access.

I can see the avantage of the massed sync in large user base situations but its something i've never done

Sorry

Shahar Or (mightyiam) said : #4

Thanks, actionparsnip.

Can anyone answer this question, please?

Many blessings.

Launchpad Janitor (janitor) said : #5

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Shahar Or (mightyiam) said : #6

Answer, please?

Instead of banging your head trying to get this to fly, why not just administer the passwords yourself until you can research a solution.

Shahar Or (mightyiam) said : #8

I've worked around it by issueing the passwd command for each user
manually and typing in the same passwords. This way they migrated to
Samba.

I still prefer to understand this.

Many blessings.

I also am trying to make work libpam with Samba to define the passwords only once.
At the moment, it works if I do so (I hope that a better method exists):
1) Create <user>
2) Asign a password to the <user>
3) su <user>
"Added user <user>. " will appear the first time we do step 3. This message comes from Samba.

Shahar Or (mightyiam) said : #10

Dear Auryn,

Thank you.

I'd still like to know how to migrate all the existing passwords - is there a built-in way to do that?

I'm sure a little script will be easy, though.

Many blessings.

Note: "In my case, I am using Ubuntu 9.04".

At the moment, I have done two scripts: one to delete and other to create users.

Both take the name as argument and need to be root.
Check the scripts carefully before use them!

# begin my_delete_user.sh
 #!/bin/bash

 echo "Delete Samba user."
 smbpasswd -x $1

 echo "Delete system user."
 userdel $1

 # echo "Delete home (if you want)."
 # rm -rf /home/$1

# end my_delete_user.sh

# begin my_create_user.sh
 #!/bin/bash

 read -sp "Enter new password: " my_pass
 echo

 echo "Add new system user."
 useradd -m -s /bin/bash -p `mkpasswd $my_pass` $1

 echo "Login with new system user to activate Samba user."
 su -c "su -c echo ${1}" NON_ROOT_USER_NAME

# end my_create_user.sh

I hope it helps and again, BE CAREFUL with this script.

NOTE:
Executing only "su -c echo ${1}" as root doesn't generate the Samba user.
If we execute "su -c echo ${1}" as an other user, it asks for password and creates Samba user.
Inside the script, we are root. The, I had to execute first a su -c "..." NON_ROOT_USER_NAME.

"su -c echo ${1}" only executes "echo" as user defined in the variable $1.

NOTE 2:
Without "-p `mkpasswd $my_pass`" we have to enter twice the new password for the user.

In Kubuntu, the command "mkpasswd" is included with the package "whois".

Maybe there is no need to delete users.
We can use this simpler script:
 password $1
 su -c "su -c echo ${1}" NON_ROOT_USER_NAME

Perhaps it can migrate the existing passwords.

Best ian.d.lacy (ian-d-lacy) said : #15

Hey I figured it out.

Apparently, as Auryn said. You have to log into a user in order for it to be added to the samba users.

Also,

I feel like it would be extremely easy to make a script to add all users to the samba users, BUT...

If you're dealing with a large amount of users [school, company, etc] when a user goes to log themself in, it's automatically updated. Therefore, you don't really have to worry about doing it for them.

-Ian

ian.d.lacy (ian-d-lacy) said : #16

Hey I figured it out.

Apparently, as Auryn said. You have to log into a user in order for it to be added to the samba users.

Also,

I feel like it would be extremely easy to make a script to add all users to the samba users, BUT...

If you're dealing with a large amount of users [school, company, etc] when a user goes to log themself in, it's automatically updated. Therefore, you don't really have to worry about doing it for them.

-Ian

Shahar Or (mightyiam) said : #17

Thanks ian.d.lacy, that solved my question.