[Samba] changing ldap passwords?

Tim Tyler tyler at beloit.edu
Mon Jan 24 22:57:58 GMT 2005

Ok, but I seem to get this error when using smbpasswd
   # smbpasswd goliath
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to modify user dn= 
uid=goliath,ou=People,dc=lincon,dc=beloit,dc=edu with: Insufficient access

ldapsam_update_sam_account: failed to modify user with uid = goliath, 
error:  (Success)
Failed to modify entry for user goliath.
Failed to modify password entry for user goliath

I am not sure what I am doing wrong in my setups.    Does this acl in 
ldap's slapd.conf look ok?
access to attr=sambaLMPassword,sambaNTPassword
dn.exact="uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu" read
         by * none

What about this as the account for samba password administration (ldif format)?
# samba_servers, People, lincon.beloit.edu
dn: uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu
objectClass: person
objectClass: uidObject
uid: samba_servers
description: Account used by Samba servers to access user passwords
cn: samba_servers
sn: samba_servers

Any idea why I might be getting the error above?

At 04:05 PM 1/24/2005, you wrote:

>smbpassword should work fine for modifying the LM/NT passwords.
>Also, if your using Fedora or Redhat Enterprise server you might wish
>to check out a program we have written: www.Essay-Software.com
>Scott Alcock
>Essay Software, LLC
>Rockford, Illinois
>Tim Tyler wrote:
>>   Samba experts,
>>   I am using Samba 3.0.8 on an AIX 5.1 system with ldap 
>> authentication.  I have ldap working so that users can authenticate in 
>> their samba account via ldap.   However, I am trying to figure out the 
>> best method for allowing users to change their ldap samba account password.
>>    What is the best method to allow end users to change their LM/NT 
>> passwords for Samba via LDAP?
>>Should I be using smbpasswd?  Or should I be using the smbldap-tools and 
>>use smbldap-passwd.pl? Or is there another option?
>>Also, what do I need to set for privileges (ACL's) on the ldap server 
>>side to allow users to change their samba password (if any)?
>>  Any recommendations and hints about implementing it are much appreciated!
>>  Tim
>>Tim Tyler
>>Network Engineer - Beloit College
>>tyler at beloit.edu

Tim Tyler
Network Engineer - Beloit College
tyler at beloit.edu 

More information about the samba mailing list