[debian-edu-commits] r82004 - in trunk/src/debian-edu-config: debian etc/samba

sunweaver at alioth.debian.org sunweaver at alioth.debian.org
Fri Aug 9 06:29:36 UTC 2013 

Author: sunweaver
Date: 2013-08-09 06:29:36 +0000 (Fri, 09 Aug 2013)
New Revision: 82004

Modified:
   trunk/src/debian-edu-config/debian/changelog
   trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf
Log:
Adopt from d-e-c (wheezy):
Fix passwd sync in Samba. (Closes: #656296). (by Mike Gabriel)

Modified: trunk/src/debian-edu-config/debian/changelog
===================================================================
--- trunk/src/debian-edu-config/debian/changelog	2013-08-09 06:21:24 UTC (rev 82003)
+++ trunk/src/debian-edu-config/debian/changelog	2013-08-09 06:29:36 UTC (rev 82004)
@@ -13,6 +13,8 @@
     ErrorLog, FontPath, PageLog, Printcap, PrintcapFormat,
     RequestRoot, RemoteRoot, ServerBin, ServerRoot, ServerCertificate,
     ServerKey, User, Group and TempDir). (by Petter Reinholdtsen)
+  * Adopt from d-e-c (wheezy):
+    Fix passwd sync in Samba. (Closes: #656296). (by Mike Gabriel)
 
  -- Mike Gabriel <sunweaver at debian.org>  Tue, 06 Aug 2013 09:25:40 +0200
 

Modified: trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf
===================================================================
--- trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf	2013-08-09 06:21:24 UTC (rev 82003)
+++ trunk/src/debian-edu-config/etc/samba/smb-debian-edu.conf	2013-08-09 06:29:36 UTC (rev 82004)
@@ -95,6 +95,18 @@
 # PAM setup
    obey pam restrictions = no 
 
+# passwd sync
+
+   # sync LDAP password
+   ldap passwd sync = yes 
+
+   # sync Kerberos password via kadmin.local
+   unix password sync = yes
+   passwd program = /usr/sbin/kadmin.local -q 'cpw %u'
+   passwd chat = "Authenticating as principal*"\n"Enter password for principal *"%u"*:*" %n\n \n"Re-enter password for principal *"%u"*:*" %n\n \n"Password for *"%u"@* changed."\n
+   # dangerous: if you set the below parameter 'passwd chat debug' to yes, Samba will reveal clear text password in Samba log files...
+   passwd chat debug = no
+
 # Printer settings
 
    load printers = yes
@@ -182,10 +194,6 @@
    read raw = yes
    write raw = yes
 
-   # make sure samba password changes reach NT+LM hashes, userPassword and Kerberos 
-   pam password change = yes
-   unix password sync = no
-
    # no offline cache of shares
    csc policy = disable

More information about the debian-edu-commits mailing list