Need advice on smbldap-passwd "I/O Error" when normal user want
to change passwd
Suhaimi Jamalludin
suhaimi at niser.org.my
Mon Apr 12 08:23:30 GMT 2004
Hi Jerome,
I have solved the problem. After I study the slapd.log.... I found out
that it is regarding the ACL on slapd.conf. I have change it as below
and the smbldap-passwd work fine.
access to attr=userPassword
by self write
by dn="cn=Manager,dc=test,dc=com" write
by anonymous auth
by * none
access to
attr=sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword
by self write
by dn="cn=Manager,dc=test,dc=com" write
by anonymous auth
by * none
access to dn.subtree="ou=users,dc=test,dc=com"
by dn="cn=Manager,ou=users,dc=test,dc=com" write
by dn="cn=Proxyuser,dc=test,dc=com" read
by * read
access to dn.subtree="ou=groups,dc=test,dc=com"
by dn="cn=Manager,ou=groups,dc=test,dc=com" write
by dn="cn=Proxyuser,dc=test,dc=com" read
by * read
access to *
by self write
by dn="cn=Manager,dc=test,dc=com" write
by dn="cn=Proxyuser,dc=test,dc=com" read
by * read
Regards,
Suhaimi
Suhaimi Jamalludin wrote:
> Le Fri, Apr 09, 2004 at 04:15:01PM +0800, Suhaimi Jamalludin a ecrit:
> > I manage to change normal user password when I a root. However if I'm
> > normal user I got "I/O" Error?
> > What can be wrong here?
> > >That's because you are using certificate that are read only for
> root. I didn't thought about this problem. I think i'll make a patch
> to allow connection without certificates when smbldap-passwd is
> called from a non root user.
> > >For now, give the certificates and key of the smbldap-tools read
> only for every body.
> > >--
> > >Jérôme
>
> Hi Jerome,
>
> I have make my certificate and key of the smbldap-tools read only for
> everybody. The I/O error gone but I still can not change normal user
> password using smbldap-passwd it gave me this error "
> /usr/local/sbin/smbldap-passwd: user suhaimi doesn't exist". FYI..This
> user exist in my LDAP database. See below for detail.
>
> Really appreciate your advice....
>
> Regards,
> suhaimi
>
> %smbldap-passwd
> /usr/local/sbin/smbldap-passwd: user suhaimi doesn't exist
>
> /var/log/slapd
> Apr 12 10:45:29 my-svr slapd[21295]: conn=60 fd=22 ACCEPT from
> IP=127.0.0.1:49418 (IP=0.0.0.0:389)
> Apr 12 10:45:29 my-svr slapd[21295]: conn=60 op=0 SRCH
> base="dc=test,dc=com" scope=2
> filter="(&(objectClass=posixAccount)(uid=suhaimi))"
> Apr 12 10:45:29 my-svr slapd[21295]: conn=60 op=0 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
> Apr 12 10:45:29 my-svr slapd[21295]: conn=60 op=1 UNBIND
> Apr 12 10:45:29 my-svr slapd[21295]: conn=60 fd=22 closed
>
> Login as Root:
> my-svr# smbldap-passwd suhaimi
> Changing password for suhaimi
> New password :
> Retype new password :
> my-svr#
>
> /var/log/slapd
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 fd=14 ACCEPT from
> IP=127.0.0.1:49424 (IP=0.0.0.0:389)
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 op=0 BIND
> dn="cn=Manager,dc=test,dc=com" method=128
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 op=0 BIND
> dn="cn=Manager,dc=test,dc=com" mech=SIMPLE ssf=0
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 op=0 RESULT tag=97 err=0
> text=
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 op=1 SRCH
> base="dc=test,dc=com" scope=2
> filter="(&(objectClass=posixAccount)(uid=suhaimi))"
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 op=1 SEARCH RESULT
> tag=101 err=0 nentries=1 text=
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 op=2 UNBIND
> Apr 12 10:49:21 my-svr slapd[21295]: conn=71 fd=14 closed
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 fd=14 ACCEPT from
> IP=127.0.0.1:49425 (IP=0.0.0.0:389)
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 op=0 BIND
> dn="cn=Manager,dc=test,dc=com" method=128
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 op=0 BIND
> dn="cn=Manager,dc=test,dc=com" mech=SIMPLE ssf=0
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 op=0 RESULT tag=97 err=0
> text=
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 op=1 SRCH
> base="dc=test,dc=com" scope=2
> filter="(&(objectClass=sambaSamAccount)(uid=suhaimi))"
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 op=1 SEARCH RESULT
> tag=101 err=0 nentries=1 text=
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 op=2 UNBIND
> Apr 12 10:49:21 my-svr slapd[21295]: conn=72 fd=14 closed
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 fd=14 ACCEPT from
> IP=10.1.6.111:49426 (IP=0.0.0.0:389)
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=0 BIND
> dn="cn=Manager,dc=test,dc=com" method=128
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=0 BIND
> dn="cn=Manager,dc=test,dc=com" mech=SIMPLE ssf=0
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=0 RESULT tag=97 err=0
> text=
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=1 MOD
> dn="uid=suhaimi,ou=users,dc=test,dc=com"
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=1 MOD
> attr=sambaPwdMustChange sambaLMPassword sambaPwdLastSet sambaAcctFlags
> sambaNTPassword
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=1 RESULT tag=103 err=0
> text=
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=1 RESULT tag=103 err=0
> text=
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=2 MOD
> dn="uid=suhaimi,ou=users,dc=test,dc=com"
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=2 MOD attr=userPassword
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=2 RESULT tag=103 err=0
> text=
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=2 RESULT tag=103 err=0
> text=
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 op=3 UNBIND
> Apr 12 10:49:29 my-svr slapd[21295]: conn=73 fd=14 closed
>
>
More information about the samba-technical
mailing list