SAMBA and LDAP and objectClass: shadowAccount and password
aging
Bartlomiej Solarz-Niesluchowski
Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
Wed Mar 29 08:47:18 GMT 2006
Good Morning!
I have problem with samba and password changing.
I want to have both windows and unix password aging + synchronizing.
Unix and windows passwords I have in LDAP, samba is PDC.
I have setup PAM to change passwords (and passwords aging) when user
uses passwd:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_smbpass.so
try_first_pass use_aut
htok smbconf=/etc/samba/smb.conf
and I setup samba to changing password from windows side:
passdb backend = ldapsam:ldap://zzzz/
pam password change = Yes
ldap admin dn = cn=Manager,dc=zzzz
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=zzzz
BUT
when I change password thru passwd there is changed:
shadowLastChange
sambaPwdCanChange
sambaLMPassword
sambaNTPassword
sambaPwdLastSet
userPassword
If I choose password changing thru windows i have:
sambaPwdCanChange
sambaPwdMustChange
sambaLMPassword
sambaNTPassword
sambaPwdLastSet
userPassword
SO:
1. from unix (passwd) password changing program there not correctly
work setting WINDOWS password aging (it is not set
sambaPwdMustChange)
2. from Windows side there not working setting shadowLastChange
How setup system where works both Windows and Unix password aging?
Best Regards
--
Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ
e-mail: Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
More information about the samba-technical
mailing list