Samba user passwords not auto synced with Linux user passwords #1188
Description
As noted in a related issue this behaviour is caused by the missing package libpam-smbpass (the tool which synced Linux pam passwords with Samba passwords). It was removed in Samba 4.4 (upstream). My reading suggests that it was due to security concerns and/or buggy behaviour.
As per the commit message, pam_winbind is a partial replacement. However, further reading suggests that the functionality we'd want isn't attainable via this module:
pam_winbind is not a total replacement, as the migrate functionality used
to keep the Samba password up to date with the system password is not
present, but otherwise can provide essentially the same services.
Unfortunately this means that Linux and Samba user passwords won't automagically be synced within the Fileserver (and Fileserver based apps) as they were in previous releases. However, I did read (somewhere) that it is possible to hook into useradd to set the Samba password at the same time the user is created. I have tested this and it currently DOES NOT work OOTB. So either what I read was mistaken, or it needs to be configured somehow (or perhaps I completely misunderstood?!).
[edit] I'm pretty sure I misunderstood! If you run smbpasswd -a <username> then a new Linux user named <username> is created, with a home directory etc!
Another option would be to create a copy of /usr/sbin/adduser (perhaps /usr/local/sbin/adduser?) and add smbpasswd -a "$username" (or something like that) in the right place to auto-set Samba user passwords at user creation time. However, I'm not too keen to do that. Essentially we'd need to maintain that moving forward and it may lull users into thinking that the old functionality still exists and cause further confusion when that doesn't happen.
At this point, the only options appear to either be hacks (e.g. one suggested above), or rely on a remote Samba user database (e.g. completely joining to AD domain). Here are a few other links I found that may (or may not) be relevant:
https://serverfault.com/questions/871608/synchronise-samba-4-4-passwords-with-the-unix-password-database
https://gist.github.com/justinjahn/1323721
https://forums.gentoo.org/viewtopic-t-1047390-start-0.html
https://askubuntu.com/questions/536977/create-a-user-for-samba-only-cli