I think don't need to enable users with 'smbadm enable-user <username>', because passwd command already do it. test it's OK. I diff "truss passwd test" and "truss -f smabadm enable-user test", looks support my result.
At 2014-09-04 05:21:45, "Udo Grabowski (IMK)" <udo.grabow...@kit.edu> wrote: >On 04/09/2014 11:15, Dang Zhiqiang wrote: >> thank you. >> I used smb share by "zfs set sharesmb=on tank/test", not want to modify >> samba configure file. >> only add "other password required pam_smb_passwd.so.1 nowarn" is OK? >> >> currently, I not found other questions. > >Yes, but you need to enable users with 'smbadm enable-user <username>' >to activate that passwords are taken from /etc/shadow. Note, no Samba is >involved here at all, so none of its configs and passwrd files are active, >nor should there be any samba program running, only the Solaris smb daemons >activated via svcadm for smb/server, smb/client; samba DISABLED. > >> >> >> At 2014-09-04 04:18:45, "Udo Grabowski (IMK)" <udo.grabow...@kit.edu> wrote: >>> Too early in the morning... smbpasswd file is Samba, but the >>> funtionality that the /etc/shadow file is used as password >>> basis with this entry is valid for Solaris own CIFS service, see >>> 'man smbadm' under 'enable-user' . >>> >>> For Samba (>3.0.0, if compiled with --with-pam --with-smb_passwd ), >>> you seemingly can use additional entries like this in /etc/pam.conf >>> (note the difference: pam_smbpass versus pam_smb_passwd) >>> >>> other password required pam_smbpass.so use_authtok >>> >>> samba password required pam_dhkeys.so.1 >>> samba password requisite pam_authtok_get.so.1 >>> samba password requisite pam_authtok_check.so.1 >>> samba password required pam_authtok_store.so.1 >>> samba password required pam_smbpass.so use_authtok >>> samba session required pam_unix_session.so.1 >>> >>> and in smb.conf file: >>> >>> preferred master = yes >>> domain master = yes >>> local master = yes >>> domain logons = yes >>> security = user >>> obey pam restrictions = yes >>> >>> You need to set the password after reboot again since >>> the password hash format changes. >>> >>> But I don't know if this really works. >>> >>> Otherwise, you can write a small 'expect' script to >>> synchronize that users call when changing their password. >>> >>> On 04/09/2014 09:13, Dang Zhiqiang wrote: >>>> thank you very much. >>>> >>>> >>>> I'm sorry, passwd command not update smbpasswd file in 151a8 too, fix it >>>> like 151a9. >>>> >>>> At 2014-09-04 01:37:38, "Udo Grabowski (IMK)" <udo.grabow...@kit.edu> >>>> wrote: >>>>> On 04/09/2014 05:31, Dang Zhiqiang wrote: >>>>>> passwd command update smbpasswd file in 151a8, but update OS to 151a9 is >>>>>> not, how to fix it? >>>>> >>>>> You need this line in /etc/pam.conf: >>>>> other password required pam_smb_passwd.so.1 nowarn >>>>> >>> -- >>> Dr.Udo Grabowski Inst.f.Meteorology & Climate Research IMK-ASF-SAT >>> http://www.imk-asf.kit.edu/english/sat.php >>> KIT - Karlsruhe Institute of Technology http://www.kit.edu >>> Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026 >>> >>> _______________________________________________ >>> openindiana-discuss mailing list >>> openindiana-discuss@openindiana.org >>> http://openindiana.org/mailman/listinfo/openindiana-discuss >> _______________________________________________ >> openindiana-discuss mailing list >> openindiana-discuss@openindiana.org >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> > > >-- >Dr.Udo Grabowski Inst.f.Meteorology & Climate Research IMK-ASF-SAT >http://www.imk-asf.kit.edu/english/sat.php >KIT - Karlsruhe Institute of Technology http://www.kit.edu >Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026 > >_______________________________________________ >openindiana-discuss mailing list >openindiana-discuss@openindiana.org >http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
