This bug is an old one in the Debian BTS. I have no precise opinion on the suggestion as this part of the code is not something I use myself. The bug submitter proposed a patch which does not apply completely cleanly on current sources, but seens easy to adapt. I personnally classify this as a feature request. The bug submitter said: The auth component of libpam-smbpass contains an option, 'migrate', which adds users who authenticated in a prior module to the smbpasswd file, in order to ease migration to smbpasswd. However, this means that new users must log in at least once to be added to the smbpasswd file, making it still partially difficult to keep the passwd and smbpasswd file synchronized. This patch adds migrate functionality to the password component of libpam_smbpass. This means that, if the migrate option is set, libpam_smbpass will add the username and new password to the smbpasswd file if they are not already in it; if they are, it will change their smbpasswd. If migrate is not enabled, the module will function as before. If migrate is enabled, but the user is already in the smbpasswd file, it will function as before. Though there is the slight security risk that any user's password will be blindly changed by this module, and the risk that new users will be happily added by this module, neither is possible if the module is used properly. If the modules is preceded by pam_unix in requisite mode, pam_smbpass will not be excecuted if pam_unix fails- which it does in both cases mentioned above: an unknown user, and an invalid old password. This is a security issue because it enables keeping the two different password databases synchronized, allowing for better system management. If a password is changed from within Samba, enabling the 'pam password change' option in smb.conf will keep the UNIX password database current. If a password is changed via PAM, pam_smbpass will ensure that smbpasswd is updated. If a new user is added, the first time their password is changed, when their password is first set, probably by adduser, they will be automaticly added to smbpasswd. Care must be taken to remove users from smbpasswd when they are removed from passwd, but this is not new to pam_smbpass or this module.
I'm having trouble making head or tail of this, but it seems to me that it requests no change over running an automatic 'make all passwd users smbpasswd users' script (which would set deliberatly invalid passwords).
It is unclear this is a worthwhile feature, the patch is old and may well work against the administrator's expectation. Closing.