[Samba] Samba 3.0.9 PDC and ldap sync

Paolo Negri p_negri at modiano.com
Thu Jan 13 16:16:14 GMT 2005

Hi all

I had a fully working samba + ldap PDC. After upgrading from 3.0.7 to 
3.0.9 I have lost synchronization of samba password and ldap password.
Each time a Windows Client do a password change the server samba produce 
the error

[2005/01/13 16:26:06, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1572)
   ldap password change requested, but LDAP server does not support it 
-- ignoring

I have checked permissions on attribute userPassword for ldap user used 
by samba for ldap binding.
Is's all right, (infact with 3.0.7 the entire system worked perfectly).
I've already checked the ldap's log at many differents debug levels but 
i didn't find any trace of denying permission or similar.

I would know how I can simulate the ldap password changing as is done by 
samba server.

Please help me.

my packages version



my smb.conf


         passdb backend = ldapsam:ldap://
         ldap suffix = dc=mydomain,dc=com
         ldap machine suffix = ou=Computers
         ldap user suffix = ou=Users
         ldap group suffix = ou=Groups
         ldap idmap suffix = ou=Users
         ldap admin dn = "uid=samba,ou=LdapUsers,dc=mydomain,dc=com"
         ldap ssl = start tls
         ldap passwd sync = yes
         # Script front end LDAP
         add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
         add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
         delete group script = /usr/local/sbin/smbldap-groupdel "%g"
         add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
         delete user from group script = 
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
         set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"

         workgroup = MYDOMAIN
         netbios name = BUHSERVER
         netbios aliases = YOUARE CLEVER
         comment = Linux Samba PDC
         security = user
         encrypt passwords = Yes
         domain master = yes
         domain logons = yes
         preferred master = yes
         os level = 65
         wins support = yes
         log level = 2 auth:5
         max log size = 0
         printing = cups
         printcap name = cups
         printcap cache time = 750
         cups options = raw
         printer admin = @ntadmin, root, administrator

         map to guest = Bad User
         logon script = logon.bat
         logon path =

         logon drive = F:
         logon home = \\%L\%U\.9xprofile
         public = no
         browseable = no
         writeable = no
         min password length = 8

More information about the samba mailing list