[Samba] "ldap passwd sync" and shadow attributes

Andrew Bartlett abartlet at samba.org
Wed Nov 2 00:58:45 GMT 2005


On Mon, 2005-10-31 at 22:55 -0500, Eric A. Hall wrote:
> On 10/31/2005 4:41 PM, Andreas wrote:
> > On Mon, Oct 31, 2005 at 02:08:01PM -0500, Eric A. Hall wrote:
> > 
> >>On 10/31/2005 8:36 AM, Andreas wrote:
> >>
> >>>It seems the "ldap passwd sync" option doesn't set shadowLastChange, am
> >>>I right? Without it, unix users could be prompted to change their
> >>>password even though they have already done so via windows.
> >>
> >>This might depend on your package source. SUSE builds set all the shadow
> >>stuff, even though I would prefer not using it.
> > 
> > Is it a patch that SuSE applies to samba? I'm talking about the "ldap
> > passwd sync" option in smb.conf(5) and its hability (or not) to change
> > shadow attributes.
> 
> I just rechecked and am seeing the same thing you are: shadowLastChange
> does not get updated.

The idea (which never really got picked up properly) was that the ldap
server should do this.  It could then update any type of password it
chose, and set all the right 'changed times' etc.

So we really need to work with vendors to have good modules in their
ldap servers.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051102/a64249c8/attachment.bin


More information about the samba mailing list