[Samba] Samba 3 ldap password sync

Kevin Metz kbmetz at yahoo.com
Mon May 3 22:04:11 GMT 2004

Thanks for the feedback! This is exactly what I needed! This totally explains what I
was trying to figure out and I can move on from here.

Thank you again for the feedback


> > Well, I seem to have gotten past the most difficult parts as far as Samba and
> > are concerned. I'm able to have a user log in to the domain, and get
> authenticated
> > via LDAP. The user can also change the LDAP password from the Windows screen
> > (control-alt-delete->change password). So most stuff as far as the windows
> domain
> > login appears.
> >  
> > My problem is this. Linux and other users need to be able to change their ldap
> > password. If they log into the box, or change it via a web interface it changes
> > their ldap password, but samba doesn't seem to recognize it. For example as root
> I
> > changed a users password via the command line and it said it was changing the
> > password. I confirmed the password was changed by accessing a web page that
> > authenticates using ldap and the new password worked. I then tried to access via
> > samba and the new password did no work.
> > 
> > Am I doing something wrong or missing something obvious? Does samba cache
> passwords
> > somewhere? I've got ldap sync set to on but that doesn't appear to be working. 
> Windows encodes the password differently to the unix side, and as a 
> result, the password is stored in the ldap database twice. When you 
> change the password from Samba, it updates the two encoded password 
> versions both for windows and for unix. When you change the password for 
> unix, it only changes the unix password and not the windows encoded 
> version - thus your problem.
> There is an extention available for the newer versions of openldap (not 
> sure if it is openldap specific) that will allow openldap to handle the 
> encoding of passwords for you in the various formats - this means that 
> it will "just work" no matter what software changed the password, even 
> if the software had no idea about windows. I haven't used it before 
> though - try and read up on openldap for more details.

Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  

More information about the samba mailing list