[Samba] LDAP password/group problems when upgrading to Samba 3.0.7 (previously 3.0.4)

Nathan Benson nathan.benson at sourcefire.com
Tue Sep 28 21:47:44 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just upgraded samba to samba-3.0.7-1.3E, and am now having trouble
with my groups.  I used to be able to log into a windows machine and
request a share that I didn't have access to.  It would then ask me
for a username/password to connect to the share (as it should).

I would then add myself (or whatever user) to the proper LDAP group
entry that was responsible for that share.  I would then try the share
again and it would either let me right in, or prompt me for the username
and password.  If I got prompted, I entered my username/password, and I
was given access to the share.

Now my problem is that since upgrading to 3.0.7, this is no longer the
case.  I have to log out and log back in for me to gain access to the
share.  So, it seems that samba is caching the groups I belong to when
I log in, and not querying the LDAP server again when I provide
credentials when prompted.

I am sure that is is probably something trivial that I am missing, but
I am indeed missing it.  I would appreciate any input on this, as it is
more than mildly annoying.


On a totally different subject, I also had a problem when changing a
password from a windows machine (or smbpasswd), it told me that I do not
have permission to change my password.  So, I thought I would include
what I had to do to fix it, just in case someone else runs into the same
problem (I didn't really find anything when I looked).

After some sifting through the logs and such it became apparent that
the schema had changed.  Samba was trying to set the
sambaPasswordHistory attribute, and my early 3.0 schema didn't even
have that (and a few other) attributes.  Once I updated my schema to the
correct one (http://us1.samba.org/samba/ftp/samba.schema), updated my
LDAP ACL's to give samba read/write access to the attribute, and
restarted the LDAP server, it was working again.

Regards,
Nathan

- --
Nathan Benson
http://sourcefire.com/

1C1A F2C1 82AD F75F 9B6B  E501 0D73 DC9B E96B DD96
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD4DBQFBWdwADXPcm+lr3ZYRAkpoAJj6Jnu4Xkh9GWaAOSKkYASmSwCFAJ9HSGI8
RXTDcm74HsT1voCeJb0JcQ==
=TRS3
-----END PGP SIGNATURE-----


More information about the samba mailing list