[Samba] Problem with samba+openldap with regard changing passwords
from windows
Alan Goodman
lists at goodmanemail.com
Wed Feb 20 10:19:15 GMT 2008
Edmundo Valle Neto wrote:
> Alan Goodman escreveu:
>> Edmundo Valle Neto wrote:
>>> Alan Goodman escreveu:
>>>> I have implemented samba with LDAP backend, domain logins and
>>>> roaming profiles and everything is great - except for one thing.
>>>>
>>>> Noone can change their passwords from windows - trying to change
>>>> your password results in windows telling you your not allowed to do
>>>> that!
>>>>
>>>> I did smbldap-show alan and among other information the line:
>>>> sambaPwdCanChange: 0 appeared.
>>>>
>>>> From my understanding if I do smbldap-usermod -A0 -B0 alan that
>>>> line should then be changed to have a value of 1 allowing users to
>>>> change passwords from their windows logins, however running the
>>>> above command does not appear to be changing these values at all
>>>> and thus im left with manually smbldap-passwd user to change each
>>>> persons passwords (which does work)
>>>>
>>>> If someone could let me know which logs you require and how to
>>>> obtain them I would be happy to post them up here.
>>>>
>>>> OS = CentOS 5.1
>>>>
>>>> Alan
>>>
>>> Post your smb.conf.
>>>
>>> Edmundo Valle Neto
>> http://pastebin.com/f5fba0114
>>
>> Alan
>
> netbios name = MARANATHACENTRA
>
> Netbios names can have a maximum of 12 characters, it will probably be
> truncated. (but this isnt related to your problem)
>
> You only need password options if you want that unix passwords stay in
> sync.
>
> Then, you only need "ldap passwd sync = Yes". Its commented out, you
> already tried it? What happens?
>
> These three options together works too.
> unix password sync = Yes
> passwd program = /usr/local/sbin/smbldap-passwd -u %u
> passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
> new password*" %n\n"
>
> Theres a double quote that isn't needed at the end (its not opening
> nor closing any string), the old smbldap-tools documentation shows
> that way (wrong), I dont have sure if it is really a problem.
>
> If it doesn't work as you said that it works at command line, include
> a piece of log using level 3 when a client try to change its password.
>
> Regards.
>
> Edmundo Valle Neto
>
> Besides that, the configuration is right.
>
> "/usr/local/sbin/smbldap-passwd -u anyuser" works when executed from
> the command line?
> What samba version you use, you compile your own packages?
Here you go...
http://pastebin.com/f61c911dd - logs
In answer to your questions...
Yeah that command works as root on the CLI
Samba version is 3.0.25b-1.el5_1.4
No I used the RPM's
OpenLDAP version...
slapd -V
@(#) $OpenLDAP: slapd 2.3.27 (Nov 10 2007 09:24:08) $
mockbuild at builder6.centos.org:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Many thanks for your help. It is much appreciated.
Alan
More information about the samba
mailing list