Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Oct 2008 08:33:20 -0700
From:      Jeremy Chadwick <koitsu@FreeBSD.org>
To:        Scott MacCallum <scottmaccal@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: smbpasswd mortal user
Message-ID:  <20081009153320.GA7611@icarus.home.lan>
In-Reply-To: <28f0982f0810090753xd7ecc32wd1aee956b5bb0304@mail.gmail.com>
References:  <28f0982f0810090753xd7ecc32wd1aee956b5bb0304@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 09, 2008 at 10:53:32AM -0400, Scott MacCallum wrote:
> I would like my users to be able to change their Samba password using the
> smbpasswd command. As of right now only root is allowed to do this. I set
> the smbpasswd command with the same permissions as the passwd command and I
> still cannot run it as a mortal user. I read the FreeBSD handbook and
> understand that smbpasswd is no longer the preferred tool to do what I want
> with version of Samba I am running, however it too cannot be run as a mortal
> user. In any case, I would like to continue using the smbpasswd command.
> 
> Does someone have a solution they can share?

Users editing their own passwords -- I have no idea how to solve that.
I don't think it's possible because the commands also allow you (or a
user) to edit many different fields in their account, including
disabling password expiry, changing their unique ID, all that jazz.  It
sounds like you might have to write a program/utility to do this, acting
as a wrapper around pdbedit(8).

smbpasswd(8) isn't recommend any more, true.  If you're like me and do
not care for things like LDAP and prefer flat-files, use the "tdbsam"
password database method, and the pdbedit(8) command to edit passwords
and do things to accounts.  All I use in smb.conf is:

private dir = /conf/ME/samba
passdb backend = tdbsam

Thus passdb.tdb and secrets.tdb will end up going into /conf/ME/samba.

You can also say "passdb backend = tdbsam:/some/place" which will store
passdb.tdb in /some/place; secrets.tdb will still end up in "private
dir"

> FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008
> root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

Consider upgrading (world/kernel) soon, as you're susceptible to some
security issues.  Just a comment in passing; not the focus of this mail.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081009153320.GA7611>