Continuing the discussion from Add webserver "apache" user to other groups - #15 by stephdl
Isn’t this default behaviour? It is the same as having some samba accounts, then enable PAM on a server and create more samba accounts. Only the new accounts will have PAM access (local accounts)
Hi Robb
Indeed, it is probably an explanation, but with the esmith layer you have the concept of migrate fragment, (script launched to modify the databases) and it should be used for this case. I must admit I have not tried to reproduce what I saw, I need to take a new VM, but with my conception of KISS, the end user must do nothing, the developer is here for this purpose.
I think users created before the nethserver-samba
installation should be enabled manually to Samba from the Users
page.
Moreover, their password must be set again, because Samba has its own password field in LDAP. This applies also to the admin
user, and a yellow banner remind us to do it.
I’m reading the manual but cannot find a sentence about this. Where do you think we need to add a note?
I did it manually, obviously here we cannot have a migrate fragment, the sysadmin must choose which users will use a samba share.
Does it is possible to have an action here…for few users we can imagine it, but for a company it is more difficult. I suppose that the password is crypted somewhere and we cannot retrieve it ?
I would propose these two chapters, even if I would prefer a patch to solve this issue.
Yes, we cannot convert the encrypted Unix password field to NTLM. I see no way other than accepting this limitation
Hi @davidep , maybe it is better to store all user passwords in ldap from every beggining , almoust all apps have ldap support.
All Unix passwords (except for root user) are in LDAP from the beginning. If nethserver-samba
is installed from the beginning this limitation does not apply.