[KLUG Members] At odds with Samba

members@kalamazoolinux.org members@kalamazoolinux.org
Wed, 11 Dec 2002 08:48:07 -0500 

>A note to all those who took a shot at helping me with SAMBA; it now
>works.  Seems that the password program was directed to the wrong place.
>It was as follows:

>passwd program = /usr/bin/passwd %u

execute the command "which passwd" from a terminal.  On both my RH7.2
and 
RH8.0 systems passwd is located in the /usr/bin/ path.

If you remove the line entirely does it work.

>this did not allow the user in, but

>passwd program = /bin/passwd

>did. Hurrah!!! 

This option is intended for synchronizing the unix passwd to the windows
passwd
when the windows passwd is changed.  My guess is that you pointed this
option
to no program.  On my

passwd program from the man page:

The  name of a program that can be used to set UNIX user passwords.  Any
occur­
rences of %u will be replaced with the user name. The user name is
checked  for
existence before calling the password changing program.

Also note that many passwd programs insist in "reasonable" passwords,
such as a
minimum length, or the inclusion of mixed case chars and digits. This
can  pose
a  problem as some clients (such as Windows for Workgroups) uppercase
the pass­
word before sending it.

Note that if the "unix password sync" parameter is set to "True" then
this pro­
gram  is  called  *AS  ROOT*  before  the SMB password in the smbpasswd
file is
changed. If this UNIX password change fails, then smbd will fail to
change  the
SMB password also (this is by design).

If  the  "unix password sync" parameter is set this parameter MUST USE
ABSOLUTE
PATHS for ALL programs called, and must be examined for security 
implications.
Note that by default "unix password sync" is set to "False".

See also "unix password sync".
Default:      passwd program = /bin/passwd
Example:      passwd program = /sbin/passwd %u


>Now so I don't feel to good, is there any reason this should not be left
>this way?

>Again thanks for all the help getting Win98 to see Linux, now I need the
>other direction as well.
-- 
Jon Smitley <lunitix@earthlink.net>