[Samba] Samba 3 ldap password sync
Kevin Metz
kbmetz at yahoo.com
Mon May 3 22:04:11 GMT 2004
Thanks for the feedback! This is exactly what I needed! This totally explains what I
was trying to figure out and I can move on from here.
Thank you again for the feedback
Kevin
>
> > Well, I seem to have gotten past the most difficult parts as far as Samba and
> LDAP
> > are concerned. I'm able to have a user log in to the domain, and get
> authenticated
> > via LDAP. The user can also change the LDAP password from the Windows screen
> > (control-alt-delete->change password). So most stuff as far as the windows
> domain
> > login appears.
> >
> > My problem is this. Linux and other users need to be able to change their ldap
> > password. If they log into the box, or change it via a web interface it changes
> > their ldap password, but samba doesn't seem to recognize it. For example as root
> I
> > changed a users password via the command line and it said it was changing the
> LDAP
> > password. I confirmed the password was changed by accessing a web page that
> > authenticates using ldap and the new password worked. I then tried to access via
> > samba and the new password did no work.
> >
> > Am I doing something wrong or missing something obvious? Does samba cache
> passwords
> > somewhere? I've got ldap sync set to on but that doesn't appear to be working.
>
> Windows encodes the password differently to the unix side, and as a
> result, the password is stored in the ldap database twice. When you
> change the password from Samba, it updates the two encoded password
> versions both for windows and for unix. When you change the password for
> unix, it only changes the unix password and not the windows encoded
> version - thus your problem.
>
> There is an extention available for the newer versions of openldap (not
> sure if it is openldap specific) that will allow openldap to handle the
> encoding of passwords for you in the various formats - this means that
> it will "just work" no matter what software changed the password, even
> if the software had no idea about windows. I haven't used it before
> though - try and read up on openldap for more details.
>
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
More information about the samba
mailing list