From owner-freebsd-questions@FreeBSD.ORG Thu Oct 9 15:33:23 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20E85106568B for ; Thu, 9 Oct 2008 15:33:23 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA09.westchester.pa.mail.comcast.net (qmta09.westchester.pa.mail.comcast.net [76.96.62.96]) by mx1.freebsd.org (Postfix) with ESMTP id C0C8F8FC18 for ; Thu, 9 Oct 2008 15:33:22 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA13.westchester.pa.mail.comcast.net ([76.96.62.52]) by QMTA09.westchester.pa.mail.comcast.net with comcast id QfPu1a00A17dt5G59fZMlR; Thu, 09 Oct 2008 15:33:21 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA13.westchester.pa.mail.comcast.net with comcast id QfZL1a0082P6wsM3ZfZL1A; Thu, 09 Oct 2008 15:33:21 +0000 X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=ap2ALCM1BhQw9Q0-DHEA:9 a=l7pN0iMxyL5nz4aErBEA:7 a=JblPi88ktLtUj13YEev9CF3VeQcA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 18874C9419; Thu, 9 Oct 2008 08:33:20 -0700 (PDT) Date: Thu, 9 Oct 2008 08:33:20 -0700 From: Jeremy Chadwick To: Scott MacCallum Message-ID: <20081009153320.GA7611@icarus.home.lan> References: <28f0982f0810090753xd7ecc32wd1aee956b5bb0304@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <28f0982f0810090753xd7ecc32wd1aee956b5bb0304@mail.gmail.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: smbpasswd mortal user X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2008 15:33:23 -0000 On Thu, Oct 09, 2008 at 10:53:32AM -0400, Scott MacCallum wrote: > I would like my users to be able to change their Samba password using the > smbpasswd command. As of right now only root is allowed to do this. I set > the smbpasswd command with the same permissions as the passwd command and I > still cannot run it as a mortal user. I read the FreeBSD handbook and > understand that smbpasswd is no longer the preferred tool to do what I want > with version of Samba I am running, however it too cannot be run as a mortal > user. In any case, I would like to continue using the smbpasswd command. > > Does someone have a solution they can share? Users editing their own passwords -- I have no idea how to solve that. I don't think it's possible because the commands also allow you (or a user) to edit many different fields in their account, including disabling password expiry, changing their unique ID, all that jazz. It sounds like you might have to write a program/utility to do this, acting as a wrapper around pdbedit(8). smbpasswd(8) isn't recommend any more, true. If you're like me and do not care for things like LDAP and prefer flat-files, use the "tdbsam" password database method, and the pdbedit(8) command to edit passwords and do things to accounts. All I use in smb.conf is: private dir = /conf/ME/samba passdb backend = tdbsam Thus passdb.tdb and secrets.tdb will end up going into /conf/ME/samba. You can also say "passdb backend = tdbsam:/some/place" which will store passdb.tdb in /some/place; secrets.tdb will still end up in "private dir" > FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 > root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 Consider upgrading (world/kernel) soon, as you're susceptible to some security issues. Just a comment in passing; not the focus of this mail. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |