Samba4: Changing a user's passwd via LDAP

Michael Wood esiotrot at
Fri Aug 20 10:01:16 MDT 2010

Hi Luk

On 20 August 2010 16:32, Michael Wood <esiotrot at> wrote:
> Hi Lukasz
> On 20 August 2010 15:42, Lukasz Zalewski <lukas at> wrote:
>> On 08/20/2010 12:57 PM, Michael Wood wrote:
>>> I need to provide a web-based interface for users to change their
>>> passwords in Samba4.  Is LDAP the best option?
> [...]
>>> I would appreciate any suggestions for how to do this, preferably from
>>> Python, or if LDAP is not the best way, then I would appreciate it if
>>> you could let me know what the best way is.
> [...]
>> I have managed to set the password using ldap interface as an admin user and
>> as normal user. Attached is proof-of-concept python script that allows you
>> to do the password change as an admin (--set_password_asadmin) or as a user
>> (--set_password_asuser)
>> the script assumes that you have got the appropriate krb ticket before its
>> run
> Thanks.  I'll have a look at it now.

OK, I figured out what was wrong.

I was trying it over a non-secure connection to localhost, and since
it worked for an admin user, I did not suspect that that was the

Once I used gssapi it started working for the normal user too.

Thanks again, Luk, your script was useful for seeing how to do the
SASL authentication.  Not I just need to figure out how best to do
that from a CGI script or something along those lines :)

P.S.  It seems that if Samba is going to block password changes over
insecure connections for non-admin users, it should probably do so for
admin users too, shouldn't it?

Michael Wood <esiotrot at>

More information about the samba-technical mailing list