I have been researching linuxshell, so I haven't updated it for a long time. Today, when someone talked to me on QQ about samba password ldap centralized authentication, I thought of a problem. The samba server is used to store user data in the intranet, and all users cannot log on to the LINUX background, how can customers modify their own passwords? To solve the problem of changing the samba password on the client, you do not need to set up ldap (high maintenance costs) or use administrative statistics.
I have been studying linux shell for a long time, so I haven't updated it for a long time. Today, when someone talked to me on QQ about samba password ldap centralized authentication, I thought of a problem. The samba server is used to store user data in the intranet, and all users cannot log on to the LINUX background, how can customers modify their own passwords?
To solve the problem of changing the samba password on the client, you do not need to set up ldap (high maintenance costs ), you do not need to use administrative techniques to calculate the client password (after all, my colleague is also embarrassed to tell you the password he is used, the changepassword tool allows common users to log on to the WEB to change their passwords, greatly improving work efficiency.
SAMBA: centos default yum source
CHANGEPASSWORD: changepassword-0.9
APACHE: httpd-2.4.4
I. environment construction:
1. disable iptables and SELINUX before configuration to avoid errors during configuration.
# Service iptables stop
# Setenforce 0
# Vi/etc/sysconfig/selinux
---------------
SELINUX = disabled
---------------
2. install the SDK
# Yum install gcc-y
3. install apache
Transport: http://showerlee.blog.51cto.com/2047005/1174141
2. configure samba:
1. install samba:
# Yum install samba-y
2. configure samba:
To use the changepassword program to change the client password, you must set the system password and samba password synchronization.
# Vi/etc/samba/smb. conf
Search for security = user and add the following content, and comment out passdb backend = tdbsam
----------------
Security = user
Pam password change = no
Passwd chat = ** NEW * UNIX * password * % n \ n * Retype * new * UNIX * password * % n \ n * successfully *
Passwd program = LANG = en_US/usr/bin/passwd % u
Unix password sync = yes
Passdb backend = smbpasswd
Smb passwd file =/etc/samba/smbpasswd
# Passdb backend = tdbsam
--------------------------
Note: The above modification actually changes the tdbsam authentication method to smbpasswd, and stores the authentication file encrypted under/etc/samba/smbpasswd.
Restart the service:
# Service smb restart
Create a samba account (close the user shell interface)
# Useradd-s/sbin/nologin user01
# Passwd user01
# Smbpasswd-a user01
Note: When creating a samba account, you must set the system account password and smb account password.
Because changepassword is used to change the password, first change the system account password and then synchronize the system account password to the/etc/samba/smbpasswd SMB password library file.
II. install and configure changepassword
1. download and decompress:
# Wget http://prdownloads.sourceforge.net/changepassword/changepassword-0.9.tar.gz
# Tar-zxvf changepassword-0.9.tar.gz
# Cd changepassword-0.9
2. install a dependency package before compiling changepassword.
# Cd smbencrypt/
# Tar-xzvf libdes-4.04b.tar.gz
# Cd des/
# Make
# Cp libdes. ../
# Cd ../..
3. Compile and install changepassword
#. /Configure-enable-cgidir =/usr/local/apache2/htdocs/samba-enable-language = Chinese-enable-smbpasswd =/etc/samba/smbpasswd-disable-squidpasswd-enable -logo = samba/logo.jpg
Note:-enable-cgidir =... # customize the apache root directory path
-Enable-language = Chinese # set the page to Simplified Chinese
-Enable-smbpasswd =/etc/samba/smbpasswd # Library File for customizing samba passwords
(Smbpasswd is not a system command for modifying the smb user password. do not confuse it)
-Disable-squidpasswd # disable squid
-Enable-logo =... # set the web root directory logo file. the relative path here corresponds to the apache root directory
# That is, samba/logo.jpg corresponds to/usr/local/apache2/htdocs/samba/logo.jpg
# Make & make install
4. set apache to support cgi module
# Vi/usr/local/apache2/conf/httpd. conf
Search for cgi and remove the following comments:
--------------
LoadModule cgid_module modules/mod_cgid.so
AddHandler cgi-script. cgi
--------------
Search for DocumentRoot, find the Options option under the/usr/local/apache2/htdocs category, and change it:
--------------
Options Indexes FollowSymLinks ExecCGI
--------------
Restart service
#/Usr/local/apache2/bin/apachectl restart
5. access the web background:
Http: // 192.168.7.74/samba/changepassword. cgi
Follow the prompts to change the password and submit it.
Note: The LOGO here is added by the blogger. if necessary, you can put the LOGO of your company in the apache web path where changepasswd compiles the logo.
Finally, you can access the samba shared folder on the windows client to check whether the password is successfully modified.
Note: this blog does not configure samba because a system account samba is created by default and the system home directory is directly pushed to the intranet as the shared directory, you can use each LINUX system account and its home directory to divide the storage space of each user in the company's intranet.
--------------- Success -----------------