[Samba] pam_ldap and Samba password change
ilia at paramon.ru
Mon Sep 19 04:14:02 GMT 2005
> On Sat, Sep 17, 2005 at 11:36:17PM +0200, Roger Eisenecher wrote:
>> Christian Anton schrieb:
>>> yes, smbldap-passwd does the job, but only as root and only on the
>>> machine the samba-server is on. But what to do as a Linux-User that
>>> wants to be able to log in to any windows machine in the network too?
>>> how does he change his password? when he types 'passwd' on the shell of
>>> his Linux machine, the ldap-password on the server is changed, but not
>>> the samba-password and this is my problem.
> From the manual page of smbldap-passwd:
> | SMBLDAP-PASSWD(8) User Contributed Perl Documentation SMBLDAP-PASSWD(8)
> | NAME
> | smbldap-passwd - change user password
> | SYNOPSIS
> | smbldap-passwd [name]
> | DESCRIPTION
> | smbldap-passwd changes passwords for user accounts. A normal user may
> | only change the password for their own account, the super user may
> | change the password for any account.
> So the "root-only" problem is gone ...
> For the "only the machine the samba-server is on" problem,
> you have to install (only) smbldap-passwd on other system.
> ( not verified over here, please report your milage)
>> Hmm... OpenLDAP has an option to maintain password fields himself... but
>> I do not remember the required configuration steps for that...
>> perhaps another one on this list could help...
> It is the tools ldappasswd and AFAIK it only updates
> the POSIX password ( not the SAMBA password )
what it actually does, it performs EXOP (extended operation) on password
change, not just ldapmodify, and there is a way for OpenLDAP to catch
those requests, look at smbk5pwd.
More information about the samba