Passwd sync on ldapsam
Andrew Bartlett
abartlet at samba.org
Mon Mar 17 03:46:51 GMT 2003
On Sun, 2003-03-16 at 06:27, Krištof Petr wrote:
> Hi,
>
> I configured samba 2.2.7a with --ldapsam. Works fine.
> Pasword changes are updated on ldap server on
> lmPassword and ntPassword atributes. Good.
>
> But I want to synchronize unix password too.
You need to either tell pam_ldap your Manger DN and password
(keep that file secure!) or use the feature 'ldap passwd sync' in
Samba 3.0.
> Samba did not update userPassword or never
> call /bin/passwd or pam to change it.
>
> This behavior doesnt depend on setting
> unix password sync = yes
> or
> pam password change = yes
>
>
> smbpasswd does:
>
> - bind ldap seerver
> search (uid=joe)&(objectClass=sambaAccount)
>
> - bind ldap server
> search (objectClass=posixAccount)&(uid=joe)
>
> - bind ldap server
> modify DN: uid=joe,dc=People,dc=company,dc=com
> attribute ntPassword
> attribute lmPassword
>
> - bind ldap server
> search (uid=joe)&(objectClass=sambaAccount)
> search (objectClass=posixAccount)&(uid=joe)
>
> I think correct behavior is modify userPassword too.
The attribute might not be present - we might not even have a matching
posixAccount. In Samba 2.2 we don't have the codepaths to get the
plaintext password to the parts doing the LDAP modifications easily.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030317/855b8e3c/attachment.bin
More information about the samba-technical
mailing list