[Samba] old password in passwordchat empty

Andrew Bartlett abartlet at samba.org
Sat Jun 22 17:04:02 GMT 2002


Hans-Peter Bernhard wrote:
> 
> Hi,
> 
> I am having a problem synchronizing user passwords with an LDAP server.
> The samba password works fine but synchronizing the LDAP unixpassword fails.
> Samba server and LDAP server are not identically and therefore I need
> the old an the new password for whatever passwd chat.
> But %o is an empty string.
> I browse through the source code and found:
> 
>        /*
>        * At this point we have the new case-sensitive plaintext
>        * password in the fstring new_passwd. If we wanted to synchronise
>        * with UNIX passwords we would call a UNIX password changing
>        * function here. However it would have to be done as root
>        * as the plaintext of the old users password is not
>        * available. JRA.
>        */
> 
> can anybody help me out ???

It is a limitation of the protocol, and there isn't much that can be
done.

One way around it is to use a HTTPS server and a script like the one I
use (http://hawkerc.net/staff/abartlet/sign-on.pl) to change them both
via PAM.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba mailing list