[Samba] Using OID as Samba3 backend

Ilia Chipitsine ilia at paramon.ru
Wed Jul 6 02:00:57 GMT 2005


>>> I'm running samba3 Using OID (Oracle Internet Directory) as backend, almost works ok, but the final trick that doesn't work is the change of the passwords from windows dialog box, this change the samba passwords but don't change the userpassword, i have found this line on samba logs files:
>>> ldap password change requested, but LDAP server does not support it -- ignoring.
>> windows "password change dialog" modifies LM and NT hashes (probably, just
>> NT one), changing of "user password" can be achived in two ways:
>> 1) modifying UserPassword attribute (ldapmodify request, which is standard
>> one)
>> 2) some special request sich as "extended operation" in OpenLDAP, non
>> standard requests.
>
> "extended operations" are not "non-standard",  although they may or may
> not be implemented by a particular DSA.  You can determine the 'exops'
> supported by your DSA by looking at the rootDSA.

where can I read more about "rootDSA" ?
Google seems to know almost nothing about it.

>
> Samba should be able to sync the password and lm and ht hashes by
> itself.  Just set the "ldap passwd sync = yes" directive,  see the
> smb.conf for he possible settings (yes, no, and only ?).  This will work
> with or without exop password change support.
>
>>> And i found in samba.org fourum that this problem is solved with this ACL:
>>> access to dn.base="" by * read.
>>> Already i have put them, but doesn't works, Anybody help me?
>
> What does you root DSE look like?
>


More information about the samba mailing list