[Samba] Using OID as Samba3 backend

[Geert Stappers]

On Fri, Jul 01, 2005 at 12:08:38PM -0500, Alex Canizales wrote:
> 
> Well, first, already the domain it's working, the schema was created, and 
> other problems was solved, i can join machines to domain, log in to them, 
> and assign privileges using ldap groups into OID. Right now the problem is 
> only when i change the password from windows dialog box, even when i change 
> the password from smbladp-password command it's works fine.
> 
> >This will not help you for two reasons: 1: it's an OpenLDAP server ACL
> >and is only applicable to the server configuration; 2: it only gives
> >read access anyway.
> 
> At the second point, the OID have the way to put ACL's  at the rootDSE 
> level too, not in way of the OpenLDAP, on text plain file, it's trough the 
> oidadmin console or using ldapmodify command and i'd have put this exactly.
> 
> I need to know which is the difference between the passwod change from 
> smbldap-password and the password change from windows dialog box in order 
> to put the privileges in the correct place. I believe that the problem is 
> because it's trying to access at some attribute in other level when is 
> execute from windows.


I have

access to attrs=sambaLMPassword,sambaNTPassword
        by self ssf=128 write
        by anonymous ssf=128 auth
        by dn="cn=smbadmin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write
        by dn="cn=admin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write
        by * none


smbldap-password probably uses  smbadmin  ( has write accces on OID )
Windows probably uses "self"  ( has no write access on OID )


Cheers
Geert Stappers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba/attachments/20050701/e2b12897/attachment.bin