[Samba] changing ldap passwords?
Craig White
craigwhite at azapple.com
Tue Jan 25 00:54:19 GMT 2005
On Mon, 2005-01-24 at 16:57 -0600, Tim Tyler wrote:
> Ok, but I seem to get this error when using smbpasswd
> # smbpasswd goliath
> New SMB password:
> Retype new SMB password:
> ldapsam_modify_entry: Failed to modify user dn=
> uid=goliath,ou=People,dc=lincon,dc=beloit,dc=edu with: Insufficient access
>
> ldapsam_update_sam_account: failed to modify user with uid = goliath,
> error: (Success)
> Failed to modify entry for user goliath.
> Failed to modify password entry for user goliath
>
> I am not sure what I am doing wrong in my setups. Does this acl in
> ldap's slapd.conf look ok?
> access to attr=sambaLMPassword,sambaNTPassword
> by
> dn.exact="uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu" read
> by * none
----
access to dn=".*,ou=People,o=MyDomainn,c=US"
attr=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=root,o=MyDomainn,c=US" write
by dn="cn=admin,o=MyDomainn,c=US" write
by self write
by * auth
(my first ACL in slapd.conf)
should solve a few problems of yours...
----
>
> What about this as the account for samba password administration (ldif format)?
> # samba_servers, People, lincon.beloit.edu
> dn: uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu
> objectClass: person
> objectClass: uidObject
> uid: samba_servers
> description: Account used by Samba servers to access user passwords
> cn: samba_servers
> sn: samba_servers
>
> Any idea why I might be getting the error above?
> Tim
----
is this your setting in smb.conf?
ldap admin dn = uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu
if so, did you do 'smbpasswd -w' to set the password for access to ldap
by the above ldap admin dn?
if so, I don't see any password attributes for that dn that you had in
your question...
userPassword:
sambaNTPassword:
sambaLMPassword: (not sure that this one is gonna matter)
but how is this user gonna authenticate if he doesn't have a password
and if it isn't set to be the ldap admin dn in smb.conf and if the
password isn't set via smbpasswd -w command?
Craig
More information about the samba
mailing list