smbpasswd mortal user

Jeremy Chadwick koitsu at FreeBSD.org
Thu Oct 9 15:33:23 UTC 2008 

On Thu, Oct 09, 2008 at 10:53:32AM -0400, Scott MacCallum wrote:
> I would like my users to be able to change their Samba password using the
> smbpasswd command. As of right now only root is allowed to do this. I set
> the smbpasswd command with the same permissions as the passwd command and I
> still cannot run it as a mortal user. I read the FreeBSD handbook and
> understand that smbpasswd is no longer the preferred tool to do what I want
> with version of Samba I am running, however it too cannot be run as a mortal
> user. In any case, I would like to continue using the smbpasswd command.
> 
> Does someone have a solution they can share?

Users editing their own passwords -- I have no idea how to solve that.
I don't think it's possible because the commands also allow you (or a
user) to edit many different fields in their account, including
disabling password expiry, changing their unique ID, all that jazz.  It
sounds like you might have to write a program/utility to do this, acting
as a wrapper around pdbedit(8).

smbpasswd(8) isn't recommend any more, true.  If you're like me and do
not care for things like LDAP and prefer flat-files, use the "tdbsam"
password database method, and the pdbedit(8) command to edit passwords
and do things to accounts.  All I use in smb.conf is:

private dir = /conf/ME/samba
passdb backend = tdbsam

Thus passdb.tdb and secrets.tdb will end up going into /conf/ME/samba.

You can also say "passdb backend = tdbsam:/some/place" which will store
passdb.tdb in /some/place; secrets.tdb will still end up in "private
dir"

> FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008
> root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

Consider upgrading (world/kernel) soon, as you're susceptible to some
security issues.  Just a comment in passing; not the focus of this mail.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-questions mailing list