[debian-edu-commits] r79576 - in branches/wheezy/debian-edu-config: debian etc/samba

sunweaver at alioth.debian.org sunweaver at alioth.debian.org
Mon Apr 1 13:51:31 UTC 2013 

Author: sunweaver
Date: 2013-04-01 13:51:31 +0000 (Mon, 01 Apr 2013)
New Revision: 79576

Modified:
   branches/wheezy/debian-edu-config/debian/changelog
   branches/wheezy/debian-edu-config/etc/samba/smb-debian-edu.conf
Log:
Fix passwd sync in Samba, point users to using GOsa?\194?\178 for password changes.
(Partially resolves: #656296).

Modified: branches/wheezy/debian-edu-config/debian/changelog
===================================================================
--- branches/wheezy/debian-edu-config/debian/changelog	2013-04-01 13:43:22 UTC (rev 79575)
+++ branches/wheezy/debian-edu-config/debian/changelog	2013-04-01 13:51:31 UTC (rev 79576)
@@ -3,6 +3,8 @@
   * Mount /var/lib/udisks rw on diskless workstations. (Closes: #629054,
     #629055).
   * Use my @debian.org mail address in Uploaders: field.
+  * Fix passwd sync in Samba, point users to using GOsa² for password changes.
+    (Partially resolves: #656296).
 
  -- Mike Gabriel <sunweaver at debian.org>  Mon, 01 Apr 2013 15:26:19 +0200
 

Modified: branches/wheezy/debian-edu-config/etc/samba/smb-debian-edu.conf
===================================================================
--- branches/wheezy/debian-edu-config/etc/samba/smb-debian-edu.conf	2013-04-01 13:43:22 UTC (rev 79575)
+++ branches/wheezy/debian-edu-config/etc/samba/smb-debian-edu.conf	2013-04-01 13:51:31 UTC (rev 79576)
@@ -95,6 +95,18 @@
 # PAM setup
    obey pam restrictions = no 
 
+# passwd sync
+
+   # sync LDAP password
+   ldap passwd sync = yes 
+
+   # sync Kerberos password via kadmin.local
+   unix password sync = yes
+   passwd program = /usr/sbin/kadmin.local -q 'cpw %u'
+   passwd chat = "Authenticating as principal*"\n"Enter password for principal *"%u"*:*" %n\n \n"Re-enter password for principal *"%u"*:*" %n\n \n"Password for *"%u"@* changed."\n
+   # dangerous: if you set the below parameter to yes, Samba will reveal clear text password in Samba log files...
+   passwd chat debug = no
+
 # Printer settings
 
    load printers = yes
@@ -182,10 +194,6 @@
    read raw = yes
    write raw = yes
 
-   # make sure samba password changes reach NT+LM hashes, userPassword and Kerberos 
-   pam password change = yes
-   unix password sync = no
-
    # no offline cache of shares
    csc policy = disable

More information about the debian-edu-commits mailing list