revo1059
asked on
User passwords domain/samba
We have setup a domain in our network and we want the user passwords to expire every X days, however we do not want to have to manually change the samba share passwords for our linux file server.
Is there a way that when a users Windows (domain) password is changed that the new password can be sent to samba so they can still access the file server?
Is there a way that when a users Windows (domain) password is changed that the new password can be sent to samba so they can still access the file server?
Samba with windows can be configured in two ways.
1. standalone server (Act as main DC)
2. As a domain member (Samba can authenticate users based on main DC in the domain)
However in your scenario the first option will not help, because I assume you have windows as main DC.
In the second option, you can join samba server to domain network, and samba can authenticate users based on windows DC. Whenever Samba try to authenticate, it will contact main DC for username/password match.
(I think you want to setup both windows and samba as domain controllers?)
1. standalone server (Act as main DC)
2. As a domain member (Samba can authenticate users based on main DC in the domain)
However in your scenario the first option will not help, because I assume you have windows as main DC.
In the second option, you can join samba server to domain network, and samba can authenticate users based on windows DC. Whenever Samba try to authenticate, it will contact main DC for username/password match.
(I think you want to setup both windows and samba as domain controllers?)
ASKER
Option #2 sounds like a winner, I just need direction on how to implement it.
Are you using command based samba or GUI?
ASKER
I can use either.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm no *nix specialist but you should look into Windows and SAMBA integration.
That way your SAMBA will use AD for authentication and can query AD directly.
I think they discuss it in this post.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/0d5620db-8130-4b9b-90c2-2ee4ae367893/