[Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script

Yannick Tousignant ytousignant at oka-info.com
Tue May 21 13:24:02 GMT 2002

Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working
with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX
which i fixed myself to fit my needs. Everything work very fine
when running the scripts in shell mode... but!

In smb.conf :

    add user script = /usr/local/sbin/smbldap-useradd.pl -w %u

This line don't work and it should, because when running it
in a shell, everything works fine.

Again in smb.conf :

    unix password sync = yes
    passwd program = /usr/local/sbin/passwd.sh %u
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n

I made my own bash script to sync ldap (posix) password while samba
seems to handle samba (LANMAN AND NTHASH) password itself.

The password change works very fine, but when i try to update the
pwdMustChange to reset his value when a user changed his password,
the pwdMustChange isn't modified like it should be. Again everything
works very fine when running my script in shell mode.

Here it is :

echo -n "New password : "
read PASS1
echo -n "Retype new password : "
read PASS2

if [ "$PASS1" = "$PASS2" ]

    echo "dn: uid=$1,ou=Users,dc=OKA" > /tmp/ldap.mod
    echo "changetype: modify" >> /tmp/ldap.mod
    echo "replace: pwdMustChange" >> /tmp/ldap.mod
    echo "pwdMustChange: 2147483647" >> /tmp/ldap.mod
    echo "" >> /tmp/ldap.mod

    # NOT WORKING...!!!
    /usr/local/bin/ldapmodify -v -x -h -D 'cn=ADMIN,dc=OKA' -w
'secret' -r -f /tmp/ldap.mod
    rm -f /tmp/ldap.mod

    # WORKING!
    /usr/local/bin/ldappasswd -x -h -D 'cn=ADMIN,dc=OKA' \
    -w 'secret' uid=$1,ou=Users,dc=OKA -s $PASS1 > /dev/null

    echo "all authentication tokens updated successfully"

    echo "Passwords do not match"


There is something i don't get, first i though maybe samba wasn't
interpreting perl, but when my second script failed.. and after
many hour trying to understand, i'm pretty lost right now!

Btw, thanks to the samba team, openldap team and idealx
for all the great developpement you've been doing!

Hope i can find a way to make things work.

Yannick Tousignant
Gestion Informatique OKA ltée.

More information about the samba mailing list