Samba Ldap sync

Mark Proehl M.Proehl at science-computing.de
Thu Sep 8 15:44:52 GMT 2005


Hello,

there's a patch for Samba 3.0.10 to let Samba modify the userPassword
attribute:

  https://bugzilla.samba.org/show_bug.cgi?id=2326

This patch was made to support LDAP servers that don't implement the
password changeing extended operation (like SunOne). It only sets the
{crypt} hash.

Mark

On Wed, Sep 07, 2005 at 03:40:11PM -0700, Paul Neeley wrote:
> Hello,
> 
> I have  compiled Samba  3.0.11 on solaris 2.9 and running with start_tls 
> with  SunOne DS5.2_Patch_3.   I currently have samba clients 
> authenticating against the sun one directory server and it works.   
> Users can also log in to the solaris box and using smbpasswd can change 
> their sambantpassword and sambalmpassword. They are also able to change 
> their ldap passwd via the solaris passwd command.
> 
> I have ldap passwd sync set to yes, but the ldap password never gets 
> changed and I am unable to see any failures in the ldap access logs.
> 
> Do these 3 password get changed during the same LDAPS connection?  
> 
> Hope someone has some ideas, I have been at this for about a month or so. 
> 
> 
> Here is my smb.conf
> 
> [global]
>     security = user
>     encrypt passwords = yes
> 
>     netbios name = GSN1
>     server string = DRI Group Server #1 North
>     workgroup = NNSC
>     name resolve order = hosts bcast
>     load printers = no
>     show add printer wizard = no
> 
>     interfaces = 192.168.100.0/255.255.255.0 10.10.8.0/255.255.248.0 
> 10.10.80.0/255.255.255.0 10.10.20.0/255.255.255.0 10.10.30
> .0/255.255.255.0 127.0.0.1/255.0.0.0
> 
>     log file = /var/log/samba/log.%m
>     log level = 10
> 
>     # ldap related parameters
>     passdb backend = ldapsam:ldap://ldap-n1.dri.edu
>     ldap passwd sync = yes
>     ldap delete dn = no
>     ldap admin dn = "uid=samba_servers,ou=people,dc=dri,dc=edu"
>     ldap server = ldap-n1.dri.edu
> 
>     ldap ssl = start_tls
>     ldap port = 389
>     ldap suffix = "dc=dri,dc=edu"
>     ldap user suffix = "ou=people,dc=dri,dc=edu"
>     ldap filter = "(&(uid=%u)(objectclass=SambaSamAccount))"
> 
> 
> 
> -- 
> Paul S. Neeley
> Unix Systems Administrator
> Desert Research Institute
> 2215 Raggio Parkway 
> Reno, NV  89512
> voice: 775.673.7426
> cell:  775.691.2337
> email: paul.neeley at dri.edu
> 
> 


More information about the samba-technical mailing list