Samba, acting as PDC (Primary Domain Controller) provides a way to synchronize Windows Domain passwords with Unix passwords. To achieve this two options must be set in then global section on smb.conf:
unix password sync = yes passwd program = full_path_to_program %u
With these options set, each time a user asks windows to change his domain password, before changing the domain password, Samba PDC will call the program specified in "passwd program", passing the username as first argument. Samba will then expect a double prompt for the new password and finally a success string, if this does not happen the operation will abort and the domain password isnīt changed. This dialog can be configured, but the default is normaly sufficient.
When encrypted password are used (required for PDC operation) there is a minor problem:
Because the "passwd program" is called as root this is not a problem when you use the normal passwd command to change the files /etc/passwd and/or /etc/shadow. On the other hand if you are using NIS this may be a big problem.
To change the NIS password the yppasswd must be used, however yppasswd always requires (even when called by root) either the user current password or, if compiled with that option, the root password. The user's old password is not available and the root password is not the kind of thing you would like to put in a script.
If your NIS source files are in /etc, you can build a script to call passwd, and then pwupdate, in this case you don't need smb2nis. Using /etc files as NIS source means local users information (root, ...) will be available on the network, some administrators don't like that.
To solve this problem I wrote this little program to directly change the password in the NIS source files and then call pwupdate command to update the passwords in the NIS database. It works the same way as the yppasswdd daemon which is used by the yppasswd command.
THIS SOLUTION IS ONLY VALID IF THE PDC CONTROLLER AND THE NIS SERVER ARE ON THE SAME MACHINE
BEFORE TESTING IS WISE TO BACKUP THE NIS SOURCE FILES