[Samba] Using OID as Samba3 backend
Adam Tauno Williams
awilliam at whitemice.org
Sat Jul 2 12:23:25 GMT 2005
> > I'm running samba3 Using OID (Oracle Internet Directory) as backend, almost works ok, but the final trick that doesn't work is the change of the passwords from windows dialog box, this change the samba passwords but don't change the userpassword, i have found this line on samba logs files:
> > ldap password change requested, but LDAP server does not support it -- ignoring.
> windows "password change dialog" modifies LM and NT hashes (probably, just
> NT one), changing of "user password" can be achived in two ways:
> 1) modifying UserPassword attribute (ldapmodify request, which is standard
> one)
> 2) some special request sich as "extended operation" in OpenLDAP, non
> standard requests.
"extended operations" are not "non-standard", although they may or may
not be implemented by a particular DSA. You can determine the 'exops'
supported by your DSA by looking at the rootDSA.
Samba should be able to sync the password and lm and ht hashes by
itself. Just set the "ldap passwd sync = yes" directive, see the
smb.conf for he possible settings (yes, no, and only ?). This will work
with or without exop password change support.
> > And i found in samba.org fourum that this problem is solved with this ACL:
> > access to dn.base="" by * read.
> > Already i have put them, but doesn't works, Anybody help me?
What does you root DSE look like?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050702/a051bc7b/attachment.bin
More information about the samba
mailing list