[Samba] Samba3 + smbldap-tools & smbpasswd

rruegner robert at ruegner.org
Wed Sep 15 15:26:27 GMT 2004


I sometimes noticed in former versions of samba 3
that usrmgr must be started from
a win machine which is in the domain,
but for sure it has to be run as a user account in  role of Domain Admin
to have permission to change anything
Regards


Dan Slatford schrieb:

> On Wed, 2004-09-15 at 15:14, rruegner wrote:
> 
>>Hi Dan,
>>passwd program = /usr/local/sbin/smbldap-passwd.pl "%u"
>>should do the job ( password change )
> 
> 
> Ahh. This is what I thought, so tried that too. However, it seems
> 'passwd program' is only for changing the unix password, not the windows
> passwords. It has no effect if 'unix password sync' is disabled, which
> I'm not using since 'ldap passwd sync = Yes' does the same thing with
> ldap.
> 
> If I enable unix password sync along with your suggestion, I can't
> change passwords at all then. Windows moans that "You do not have
> permission to change your password". I don't know why, samba calls as
> root the smbldap-passwd script as root just fine yet the password isn't
> updated. If I run it manually in just the same way it works! I presume
> it has something to do with samba also trying to change the windows
> passwords in ldap it's own way in addition to the script it runs.
> 
> Anyway, it seems password program wasn't intended to be used in his way,
> but for changing unix passwords only.
> 
> 
>>i am not sure if
>>sambaPwdMustChange works , but if it does it works only with ldap
>>this value can be changed by usrmgr, which writes
>>to the ldap attribute in the directory.
> 
> 
> This gets interesting too.
> 
> If I set the password to not expire, I see the X appear in that users
> record:
> 
> sambaAcctFlags: [UX         ]
> 
> Yet Windows (XP SP2) still prompts for a password change in one day when
> I log in. If I set the account expiration date in usermgr.exe then
> sambaPwdMustChange is not updated. (But I don't know if that's suppose
> to work).
> 
> It all seems so horribly broken :(
> 


More information about the samba mailing list