How to SYNC Linux and Samba user password

In order to sync Linux user password and Samba user password, you have to configure PAM. Personally I’m using SLES9 for my testing environment and I have to configure /etc/pam.d/passwd and /etc/pam.d/sshd as following:

password required pam_smbpass.so nullok try_first_pass use_authtok

How to test?
Create a new user called testing
#useradd -m testing

Setup default password
#passwd testing

Create a new samba user
#smbpasswd -a testing
#New SMB password:
#Retype new SMB password:

Configure password expire for user testing
#passwd -e testing

Login as user testing and you should be able to enter new password.

How to check whether Linux and Samba password are sync?

Make sure both file having the same date & time
#ls -l /etc/shadow
#ls -l /etc/samba/smbpasswd

Test Linux login
#SSH to my machine with user testing and new password
Read more

Possibly Related Posts:


How to Configure SLES Linux to track and log failed login attempt records

Did you know how to lock user account after too many login failures?  Under Linux, you can enable this functionality using PAM and faillog.

To provide the account locking functionality, we need to add a PAM module called pam_tally. Basically I’ll show you ‘how to configure track and log failed login attempt records on a SLES Linux host‘ and how to prevent a potential denial of service attack from the repeated locking of user accounts. Beware!

You can use faillog command to display faillog records or set login failure limits. Faillog formats the contents of the failure log from /var/log/faillog database log file. If you don’t have /var/log/faillog, initially you can type: touch /var/log/faillog

For PAM Configuration, pam_tally.so module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail. Probably you may refer to http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_tally.html

For SuSE Linux, edit /etc/pam.d/sshd and add:


auth required pam_tally.so no_magic_root
account required pam_tally.so deny=5 no_magic_root lock_time=180 onerr=fail reset per_user

Read more

Possibly Related Posts:


Planet Malaysia

  • Follow us on Twitter


  • web www.planetmy.com