Sounds like to me he still needs some help. Syncing passwords with Linux isn't difficult, just add to smb.conf (usually in /etc or /etc/samba or /etc/smb):

; in \[global\] section
unix password sync = true
; some machines may need the following
passwd program = /usr/bin/passwd
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .


With this, if you set up Linux to expire passwords, then the Samba passwords should (in theory, please correct me if I'm wrong) be forced to change as well.

------------------
Too much Sun can give you cancer. Windows break too easily.
Apples/Macintoshes can rot. BSD... sounds too much like LSD.
Penguins are the only animals sophisticated enough to wear a
tuxedo.


Linux, the only one with the Penguin.


http://ndogg.n3.net

He already said he didn't want to expire passwords because people forced to change passwords on a regular basis chose badly.

Otherwise, good point.

Can't you use NIS on Linux to function like an NT PDC and/or BDC?

I understand that he doesn't want expireable passwords, but I put it here just in case he changes his mind.

------------------
Too much Sun can give you cancer. Windows break too easily.
Apples/Macintoshes can rot. BSD... sounds too much like LSD.
Penguins are the only animals sophisticated enough to wear a
tuxedo.


Linux, the only one with the Penguin.


http://ndogg.n3.net

Thought I'd just point out that the method proposed by ndogg will sync unix passwords if samba (i.e. windows) passwords are changed, but not the other way round. There are several soloutions to the remaining problem:


There is a PAM module which many people use. I don't use it (it was going to be too complicated to set it up on a network with Solaris and IRIX as well) and can't remember too much about it. I think it either works by allowing your UNIX stations to authenticate to the smbpasswd database, or helps to do the reverse syncing.
If everyone on the system has a samba account then you can make sure UNIX/Linux passwords are always changed with the smbpasswd program (shift "passwd" to another name and create a wrapper script). This makes sure passwords are always changed through the samba server.
If some people on your network are UNIX/Linux users only (like ours), then the wrapper script must decide whether the user has a samba account or not, then invoke either smbpasswd or the real passwd program (or yppasswd in our case) as appropriate. This means the script must be able to query whether a user has a samba account. To avoid making the smbpasswd file readable, we chose to have a seperate (readable) file with just the samba account names which is built from the smbpasswd file.
[/list=a]

As another, samba related, point. If you ever do want to add UNIX/Linux users to samba in a relatively painless way here's an outline of how I did it:

[list]
Create a UNIX program/script called "addme" which checks the validity of the UNIX account, then checks if that user has a samba account already.
If not, then run a modified version of smbpasswd. The modified smbpasswd has been hacked to ask for a user's UNIX passwd, authenticate them in the local UNIX style (PAM in this case since the samba server is a Sun) and allow that user to add themselves to the smbpasswd file - even though they are not root.


I realise the modification of smbpasswd may be beyond many people, but if you can do it then you will have a handy way to capture people's passwords as they wish to join the windows domain.


------------------
God may or may not play dice, but the Universe does.

That module is called pam_smb, I think. It can be gotten at http://www.csn.ul.ie/~airlied .

[This message has been edited by fsvara (edited 17 January 2001).]