[Samba] kind of ldap operation changing password from windows

Andrew Bartlett abartlet at samba.org
Wed Jul 6 22:11:33 GMT 2005 

On Wed, 2005-07-06 at 23:43 +0200, Geert Stappers wrote:
> On Tue, Jul 05, 2005 at 05:35:15PM -0500, Alex Canizales wrote:
>  <snip/>
> > 
> > Already i had  put the ldap passwd sync=yes
> > 
> > >What does you root DSE look like?
> > 
> > This is my root DSE access control point rules:
> > 
> > dn:
> > changetype: modify
> > replace: orclaci
> > orclaci: access to entry by * (browse)
> > orclaci: access to attr=(*) by * (search,read,compare)
> > orclentrylevelaci: access to entry by * (browse)
> > 
> > The problems isn't here,
> 
> 
> I have
> 
> access to attrs=sambaLMPassword,sambaNTPassword
>         by self ssf=128 write
>         by anonymous ssf=128 auth
>         by dn="cn=smbadmin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write
>         by dn="cn=admin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write
>         by * none
> 
> 
> 
> > 
> > is there any samba developer that tell me what other kind of ldap operation 
> > make when change the password from windows? why i got the message: ldap 
> > password change requested, but LDAP server does not support it -- ignoring 
> > ? if Oracle Ldap  doesn't support this, why it's changing  just the samba 
> > password and not the userpassword, and why it is  changed when i use the 
> > smbldap-password command?
> 
> smbldap-password probably uses  smbadmin  ( has write accces on OID )
> Windows probably uses "self"  ( has no write access on OID )

Windows is *not* touching ldap directly, only asking Samba to change the
NT4 domain password in a SAM, which happens to be Samba on LDAP.  You
can see what the smbldap script is doing by reading the script, but the
Samba 'ldap password sync = yes', is making the OpenLDAP password set
exop call.  This it hopes might set some LDAP password, in the hope of
keeping everything in sync.

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050707/712c67e0/attachment.bin

More information about the samba mailing list