<p dir="ltr">If you're granting your local admin shell access, you could (via 'sudo' command) grant him access to the 'smbpasswd' and 'pdbedit' commands, which is how Samba manipulates users (passwords, policies, etc). That's what I do (with Samba 3.x) - still - running as a PDC to Windows PCs.</p>
<p dir="ltr">With Samba 4, manipulation from an actual Windows box is touted, but I haven't played with it in a year.</p>
<p dir="ltr">G-</p>
<br><div class="gmail_quote"><div dir="ltr">On Fri, Jan 8, 2016, 8:35 PM Gary Greene <<a href="mailto:greeneg@tolharadys.net">greeneg@tolharadys.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Swat is effectively dead from the Samba project’s perspective, so I’d really not recommend using it considering how it has broken more than a few SMB configurations from what I’ve seen.<br>
<br>
If your machines are set up correctly, syncing password changes from the host to the ADDS server (whether a MS one or one running SMBd) should just work if using the newer ADS protocols, since it uses Kerberos for password half of the authentication.<br>
<br>
--<br>
Gary L. Greene, Jr.<br>
==============================================================================<br>
Volunteer developer of the KDE F/OSS project and Project Lead for AltimatOS<br>
<a href="http://www.kde.org/" rel="noreferrer" target="_blank">http://www.kde.org/</a> <a href="http://www.altimatos.com/" rel="noreferrer" target="_blank">http://www.altimatos.com/</a><br>
Please refrain from sending me proprietary binary documents (Doc, Xls, Ppt)<br>
Use a free office suite with standards approved formats like LibreOffice.<br>
<a href="http://www.libreoffice.org/" rel="noreferrer" target="_blank">http://www.libreoffice.org/</a><br>
==============================================================================<br>
<br>
> On Jan 8, 2016, at 3:24 PM, Patrick Goupell <<a href="mailto:patrick@yoopermail.us" target="_blank">patrick@yoopermail.us</a>> wrote:<br>
><br>
> I have used webmin for samba admin.<br>
><br>
> You can set up a user in webmin with samba access only.<br>
><br>
> Haven't used samba / swat in a while so cannot say if that would be helpful or not.<br>
><br>
> On 01/08/2016 05:24 PM, L. V. Lammert wrote:<br>
>> Have a server box where I would like to give a local admin a way to manage<br>
>> users & passwords. Have a good tool to manage *system* users, but the<br>
>> question is then how to update Samba passwords?<br>
>><br>
>> Samba has unix password sync, of course, but that only works Samba -><br>
>> System; would like to do it the other way.<br>
>><br>
>> Any suggestions?<br>
>><br>
>> Thanks!<br>
>><br>
>> Lee<br>
>> _______________________________________________<br>
>> grlug mailing list<br>
>> <a href="mailto:grlug@grlug.org" target="_blank">grlug@grlug.org</a><br>
>> <a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" rel="noreferrer" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a><br>
><br>
> --<br>
> Patrick Goupell<br>
><br>
> Are you free? Find out at <a href="http://www.sedm.org/" rel="noreferrer" target="_blank">http://www.sedm.org/</a><br>
> Income taxes? Find out at <a href="http://www.whatistaxed.com" rel="noreferrer" target="_blank">http://www.whatistaxed.com</a><br>
><br>
> _______________________________________________<br>
> grlug mailing list<br>
> <a href="mailto:grlug@grlug.org" target="_blank">grlug@grlug.org</a><br>
> <a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" rel="noreferrer" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a><br>
<br>
_______________________________________________<br>
grlug mailing list<br>
<a href="mailto:grlug@grlug.org" target="_blank">grlug@grlug.org</a><br>
<a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" rel="noreferrer" target="_blank">http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug</a></blockquote></div>