[debian-edu-commits] r79569 - in trunk/src/debian-edu-config: debian etc/samba

mike-gabriel-guest at alioth.debian.org mike-gabriel-guest at alioth.debian.org
Mon Apr 1 12:53:32 UTC 2013 

Author: mike-gabriel-guest
Date: 2013-04-01 12:53:32 +0000 (Mon, 01 Apr 2013)
New Revision: 79569

Modified:
   trunk/src/debian-edu-config/debian/changelog
   trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf
Log:
Fix passwd sync in Samba, point users to using GOsa?\194?\178 for password changes.
(Partially resolves: #656296).

Modified: trunk/src/debian-edu-config/debian/changelog
===================================================================
--- trunk/src/debian-edu-config/debian/changelog	2013-04-01 10:42:35 UTC (rev 79568)
+++ trunk/src/debian-edu-config/debian/changelog	2013-04-01 12:53:32 UTC (rev 79569)
@@ -1,3 +1,10 @@
+debian-edu-config (1.456) UNRELEASED; urgency=low
+
+  * Fix passwd sync in Samba, point users to using GOsa² for password changes.
+    (Partially resolves: #656296).
+
+ -- Mike Gabriel <mike.gabriel at das-netzwerkteam.de>  Mon, 01 Apr 2013 14:52:07 +0200
+
 debian-edu-config (1.455) squeeze; urgency=low
 
   [ Wolfgang Schweer ]

Modified: trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf
===================================================================
--- trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf	2013-04-01 10:42:35 UTC (rev 79568)
+++ trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf	2013-04-01 12:53:32 UTC (rev 79569)
@@ -95,6 +95,18 @@
 # PAM setup
    obey pam restrictions = no 
 
+# passwd sync
+
+   # sync LDAP password
+   ldap passwd sync = yes 
+
+   # sync Kerberos password via kadmin.local
+   unix password sync = yes
+   passwd program = /usr/sbin/kadmin.local -q 'cpw %u'
+   passwd chat = "Authenticating as principal*"\n"Enter password for principal *"%u"*:*" %n\n \n"Re-enter password for principal *"%u"*:*" %n\n \n"Password for *"%u"@* changed."\n
+   # dangerous: reveals clear text password in Samba log files...
+   passwd chat debug = no
+
 # Printer settings
 
    load printers = yes
@@ -182,10 +194,6 @@
    read raw = yes
    write raw = yes
 
-   # make sure samba password changes reach NT+LM hashes, userPassword and Kerberos 
-   pam password change = yes
-   unix password sync = no
-
    # no offline cache of shares
    csc policy = disable

More information about the debian-edu-commits mailing list