[Samba] changing ldap passwords?

Craig White craigwhite at azapple.com
Tue Jan 25 00:54:19 GMT 2005 

On Mon, 2005-01-24 at 16:57 -0600, Tim Tyler wrote:
> Ok, but I seem to get this error when using smbpasswd
>    # smbpasswd goliath
> New SMB password:
> Retype new SMB password:
> ldapsam_modify_entry: Failed to modify user dn= 
> uid=goliath,ou=People,dc=lincon,dc=beloit,dc=edu with: Insufficient access
> 
> ldapsam_update_sam_account: failed to modify user with uid = goliath, 
> error:  (Success)
> Failed to modify entry for user goliath.
> Failed to modify password entry for user goliath
> 
> I am not sure what I am doing wrong in my setups.    Does this acl in 
> ldap's slapd.conf look ok?
> access to attr=sambaLMPassword,sambaNTPassword
>          by 
> dn.exact="uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu" read
>          by * none
----
access to dn=".*,ou=People,o=MyDomainn,c=US"
        attr=userPassword,sambaNTPassword,sambaLMPassword
        by dn="cn=root,o=MyDomainn,c=US" write
        by dn="cn=admin,o=MyDomainn,c=US" write
        by self write
        by * auth

(my first ACL in slapd.conf)
should solve a few problems of yours...
----
> 
> What about this as the account for samba password administration (ldif format)?
> # samba_servers, People, lincon.beloit.edu
> dn: uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu
> objectClass: person
> objectClass: uidObject
> uid: samba_servers
> description: Account used by Samba servers to access user passwords
> cn: samba_servers
> sn: samba_servers
> 
> Any idea why I might be getting the error above?
>   Tim
----
is this your setting in smb.conf?
ldap admin dn = uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu

if so, did you do 'smbpasswd -w' to set the password for access to ldap
by the above ldap admin dn?

if so, I don't see any password attributes for that dn that you had in
your question...
userPassword:
sambaNTPassword:
sambaLMPassword: (not sure that this one is gonna matter)

but how is this user gonna authenticate if he doesn't have a password
and if it isn't set to be the ldap admin dn in smb.conf and if the
password isn't set via smbpasswd -w command?

Craig

More information about the samba mailing list