Hi Brian!
You won't be able to use the same password-attributes for Windows and
other systems. Samba stores its data in two attributes (lmPassword and
ntPassword or similar). These are hashes of the user-password which
aren't compatible with - let's say - crypt or MD5 which are used by a
lot of Unix-flavors.
The only way is to store these passwords in different attributes and
synchronize them. Samba supports calling a script on password change
(see man smb.conf, search for "passwd program" and "passwd chat").
Linux can synchronize the windows-passwords via PAM. The
password-change script which would be called by Samba could check the
quality of the password.
This ain't nice but with a bit luck it should work...
BTW: The Windows-hashes are not very secure and should be protected by
good ACLs.
Chris
Brian Johnson wrote:
I set up a test server about a year ago to try this and gave up since
it didn't seem
that the processes were quite yet in place to do it ..
I am evaluating the potential for Samba and Linux accounts (including
postfix email
accounts) to share the same passwords (between software) and have a
process in place
to encourage users to change their passwords and try to prevent esay
to crack passwords
Could someone please confirm whether they have such a system working
and how
difficult it was to set up?
When I looked at it before, it seemed that although Samba could use
LDAP, it used a
different schema from the standard system accounts and therefore
there was not
really any sharing of password data
If it matters, my server I'd like to do this on is a Redhat 7.3 system