I run a small Samba 4.4 server, and I would like to keep the Samba password database in sync with the Unix password database. I would like the Samba password to be updated when a user changes their password with the traditional Unix passwd program. I do not think I want to go through the complexity of configuring the machine to use winbind.
It appears you used to be able to use this using the pam_smbpass module, and most of the documentation I find refers to this. However, it appears this was removed in Samba 4.4 with this commit message:
pam_smbpass: REMOVE this PAM module
This pam module causes GPLv3, thread-unsafe Samba code to be directly
loaded into the address space of many system services. The code in
question was not expected to run in this context, and while using the
Samba, rather than the system password file is a admirable goal, this
needs to be done over inter-process communication, such as is done by
pam_winbind.pam_winbind is not a total replacement, as the migrate functionality
used to keep the Samba password up to date with the system password is
not present, but otherwise can provide essentially the same services.Andrew Bartlett
Signed-off-by: Andrew Bartlett Reviewed-by:
Jeremy Allison
I believe the functionality I want is the "migrate functionality used to keep the Samba password up to date with the system password" which is the one thing that pam_winbind apparently doesn't provide. What other simple options do I have to manage Samba passwords with the normal Unix utilities?
This server runs FreeBSD 10.3 and Samba 4.4, however I welcome any suggestion, even those that aren't FreeBSD specific.
Best Answer
Maybe you can get something working with pam_script