[Samba] sambar4: user creation with ldap and initial password
Andrew Bartlett
abartlet at samba.org
Sun Nov 4 20:31:35 MST 2012
On Thu, 2012-11-01 at 12:44 +0000, Thomas Mueller wrote:
> hi
>
> trying to create a user with ldap from a remote server. The user is
> created successfully. I'm failing setting the initial password.
>
> Setting the unicodePwd with kerberos administrator credentials with
> ldbmodify and the ldif below results in "00002035: setup_io: it's not
> allowed to set the NT hash password directly".
>
> searching the web I've found s4 mailinglist entries telling "do not set
> unicodePwd with ldap". this KB article tells in AD it's possible to set
> it: http://support.microsoft.com/kb/263991/en-us
>
> Is there a supported method to supply the initial user password with s4
> and ldap?
>
> - Thomas
>
> LDIF:
> dn: CN=Thomas Mueller,OU=Users,DC=test,DC=testing
> changetype: modify
> replace: unicodePwd
> unicodePwd:: $IlRlc3QxMjMtLSIK
To set it via unicodePwd, you need to have it as UTF16, not ascii/utf8.
See however the userPassword, which is a normal, utf8 unquoted string
(ie, sane :-)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list