[Samba] Samba 3.0.9 PDC and ldap sync
Paolo Negri
p_negri at modiano.com
Thu Jan 13 16:16:14 GMT 2005
Hi all
I had a fully working samba + ldap PDC. After upgrading from 3.0.7 to
3.0.9 I have lost synchronization of samba password and ldap password.
Each time a Windows Client do a password change the server samba produce
the error
[2005/01/13 16:26:06, 2] passdb/pdb_ldap.c:ldapsam_modify_entry(1572)
ldap password change requested, but LDAP server does not support it
-- ignoring
I have checked permissions on attribute userPassword for ldap user used
by samba for ldap binding.
Is's all right, (infact with 3.0.7 the entire system worked perfectly).
I've already checked the ldap's log at many differents debug levels but
i didn't find any trace of denying permission or similar.
I would know how I can simulate the ldap password changing as is done by
samba server.
Please help me.
my packages version
samba-3.0.9
samba-client-3.0.9
openldap2-2.2.6
openldap2-client-2.2.6
my smb.conf
[global]
passdb backend = ldapsam:ldap://127.0.0.1/
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap admin dn = "uid=samba,ou=LdapUsers,dc=mydomain,dc=com"
ldap ssl = start tls
ldap passwd sync = yes
# Script front end LDAP
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script =
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
workgroup = MYDOMAIN
netbios name = BUHSERVER
netbios aliases = YOUARE CLEVER
comment = Linux Samba PDC
security = user
encrypt passwords = Yes
domain master = yes
domain logons = yes
preferred master = yes
os level = 65
wins support = yes
log level = 2 auth:5
max log size = 0
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
printer admin = @ntadmin, root, administrator
map to guest = Bad User
logon script = logon.bat
logon path =
logon drive = F:
logon home = \\%L\%U\.9xprofile
public = no
browseable = no
writeable = no
min password length = 8
More information about the samba
mailing list