[Samba] changing ldap passwords?
Tim Tyler
tyler at beloit.edu
Mon Jan 24 22:57:58 GMT 2005
Ok, but I seem to get this error when using smbpasswd
# smbpasswd goliath
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to modify user dn=
uid=goliath,ou=People,dc=lincon,dc=beloit,dc=edu with: Insufficient access
ldapsam_update_sam_account: failed to modify user with uid = goliath,
error: (Success)
Failed to modify entry for user goliath.
Failed to modify password entry for user goliath
I am not sure what I am doing wrong in my setups. Does this acl in
ldap's slapd.conf look ok?
access to attr=sambaLMPassword,sambaNTPassword
by
dn.exact="uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu" read
by * none
What about this as the account for samba password administration (ldif format)?
# samba_servers, People, lincon.beloit.edu
dn: uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu
objectClass: person
objectClass: uidObject
uid: samba_servers
description: Account used by Samba servers to access user passwords
cn: samba_servers
sn: samba_servers
Any idea why I might be getting the error above?
Tim
At 04:05 PM 1/24/2005, you wrote:
>Tim,
>
>smbpassword should work fine for modifying the LM/NT passwords.
>
>Also, if your using Fedora or Redhat Enterprise server you might wish
>to check out a program we have written: www.Essay-Software.com
>
>Sincerely,
>
>Scott Alcock
>Essay Software, LLC
>www.Essay-Software.com
>Rockford, Illinois
>
>
>
>Tim Tyler wrote:
>
>> Samba experts,
>> I am using Samba 3.0.8 on an AIX 5.1 system with ldap
>> authentication. I have ldap working so that users can authenticate in
>> their samba account via ldap. However, I am trying to figure out the
>> best method for allowing users to change their ldap samba account password.
>> What is the best method to allow end users to change their LM/NT
>> passwords for Samba via LDAP?
>>Should I be using smbpasswd? Or should I be using the smbldap-tools and
>>use smbldap-passwd.pl? Or is there another option?
>>
>>Also, what do I need to set for privileges (ACL's) on the ldap server
>>side to allow users to change their samba password (if any)?
>>
>> Any recommendations and hints about implementing it are much appreciated!
>>thanks!
>> Tim
>>
>>
>>
>>Tim Tyler
>>Network Engineer - Beloit College
>>tyler at beloit.edu
>
Tim Tyler
Network Engineer - Beloit College
tyler at beloit.edu
More information about the samba
mailing list