[Samba] pam_ldap and Samba password change

[Ilia Chipitsine]

> On Sat, Sep 17, 2005 at 11:36:17PM +0200, Roger Eisenecher wrote:
>> Christian Anton schrieb:
>  <snip/>
>>> yes, smbldap-passwd does the job, but only as root and only on the
>>> machine the samba-server is on. But what to do as a Linux-User that
>>> wants to be able to log in to any windows machine in the network too?
>>> how does he change his password? when he types 'passwd' on the shell of
>>> his Linux machine, the ldap-password on the server is changed, but not
>>> the samba-password and this is my problem.
>
> From the manual page of smbldap-passwd:
> | SMBLDAP-PASSWD(8)    User Contributed Perl Documentation SMBLDAP-PASSWD(8)
> |
> | NAME
> |        smbldap-passwd - change user password
> |
> | SYNOPSIS
> |        smbldap-passwd [name]
> |
> | DESCRIPTION
> |        smbldap-passwd changes passwords for user accounts. A normal user may
> |        only change the password for their own account, the super user may
> |        change the password for any account.
>
> So the "root-only" problem is gone ...
> For the "only the machine the samba-server is on" problem,
> you have to install (only) smbldap-passwd on other system.
> ( not verified over here, please report your milage)
>
>> Hmm... OpenLDAP has an option to maintain password fields himself... but
>> I do not remember the required configuration steps for that...
>>
>> perhaps another one on this list could help...
>
> It is the tools ldappasswd and AFAIK it only updates
> the POSIX password  ( not the SAMBA  password )

what it actually does, it performs EXOP (extended operation) on password 
change, not just ldapmodify, and there is a way for OpenLDAP to catch 
those requests, look at smbk5pwd.

>
>
> St
>
>