[Samba] "ldap passwd sync" not working

Misty Stanley-Jones misty at borkholder.com
Mon Feb 7 14:01:10 GMT 2005

On Saturday 05 February 2005 02:17 pm, Alexander Zubkov wrote:
> In debug mode smbpasswd say this:

> ---- samba 3.0.11 ----
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap_connect_system: succesful connection to the LDAP server
> ldap_connect_system: LDAP server does not support paged results
> smbldap_check_root_dse: Expected one rootDSE, got 0
> ldap password change requested, but LDAP server does not support it --
> ignoring
> ldapsam_update_sam_account: successfully modified uid = test in the LDAP
> database
> --------
> Why samba-3.0.6 can sync password and samba-3.0.11 say that may LDAP
> server does not support it? Any ideas?
> ----
> Alexander Zubkov

I am guessing that Samba is using a different criteria/mechanism to change the 
passwords now.  Perhaps it has to do with increasing support for non-openLDAP 
implementations.  One thing I noticed is that your rootDSE is not readable.  
The rootDSE contains information about your LDAP server that some 
applications (such as addressbooks that need to automatically determine the 
baseDN) need.  Info about the rootDSE can be found at 
http://www.techgalaxy.net/Docs/Dev/LDAPv3 RootDSE Overview.htm.  

For OpenLDAP you need an ACL like this:
access to attrs=namingcontexts
        by anonymous read
	(or lock it down by IP range or some other way to make it more secure)

Correcting your LDAP config to include the above may keep Samba from being 
confused -- just a thought.


More information about the samba mailing list