Samba-tng PDC- OpenLDAP - Password sync Working

Jody Haynes Jody.Haynes at
Tue Sep 19 16:29:04 GMT 2000

I just wanted to post this to let everyone know that I got the following working:

1)  Samba-TNG-2.6 as a PDC for Win2K, WinNT and Win98 clients
2)  Password sync with Samba using OpenLDAP
3)  Linux clients authenticating off of OpenLDAP using pam_ldap and nss_ldap.
4)  pam_ldap/nss_ldap encrypted with the use of stunnel

Here is the following configuration information:

smb.conf file:

ldap suffix = "<LDAP Suffix>"
ldap bind as = "<LDAP Bind Info>"
ldap port = 389
unix password sync = yes
passwd program = /usr/local/samba/bin/ldapsync %u
passwd chat = *New*Password* %n\n *modifying*    

My ldap sync perl script called ldapsync %u:

#!/usr/bin/perl -w
 print "New Password:  ";
 chomp $pass;
 $salt=join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
 $FILE="|ldapmodify -D '<LDAP Bind>' -w <LDAP Password>";
 open FILE or die;
 print FILE <<EOF;
 dn: uid=$user, ...ldap suffix... 
 changetype: modify
 replace: userPassword
 userPassword: {crypt}$pass
 close FILE;
 exit 0;                       

The best reference material to go by is the following URL for samba as a PDC and ldap:

          Jody Haynes
iSun Networks, Inc.
Email:    Jody.Haynes at

More information about the samba-ntdom mailing list