[Samba] changing password on samba bdc

Lukasz Stelmach lukasz.stelmach at telmark.waw.pl
Fri Mar 10 14:13:01 GMT 2006

 Byla godzina 02:34:09 w Thursday 09 March, gdy do autobusu wsiadl kanar
i wrzasnal:"Pavan!!! Bilecik do kontroli!!!" A on(a) na to:

> Lukasz Stelmach wrote:

> > Machine1: Pdc Samba + OpenLDAP(master)
> > Machine2: Bdc Samba + OpenLDAP(slave)
> > LDAP stores Samba and POSIX information for each user.
> >
> > Case1: I login to Machine1 and invoke smbpasswd. I change
> > my passwords (samba and posix without any problem). In next
> > few seconds they get propagated to Machin2 wher I can login
> > with new credentials.
> > #
> > #it seems to be here where the modifications start
> > #
> > conn=327 op=8 MOD dn="cn=John Doe,ou=People,o=example,c=xx" 
> > conn=327 op=8 MOD attr=sambaPwdCanChange sambaPwdCanChange sambaLMPassword sambaLMPassword sambaNTPassword sambaNTPassword sambaPwdLastSet sambaPwdLastSet 
> > conn=327 op=8 RESULT tag=103 err=0 text= 
> > conn=327 op=9 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" 
> > conn=327 op=9 SRCH attr=supportedExtension 
> > conn=327 op=9 SEARCH RESULT tag=101 err=0 nentries=1 text= 
> > conn=327 op=10 PASSMOD id="cn=John Doe,ou=People,o=example,c=xx" new 
> > conn=327 op=10 RESULT oid= err=0 text= 
> > conn=327 fd=26 closed (connection lost) 
> > conn=328 fd=27 closed (connection lost) 

> > Case2: I login to Machine2 and invoke smbpasswd. However I get
> > "Password changed for user jdoe", but quite havy problems emerge.
> >  From now on I can't login to Machine1 and Machine2 neither with
> > smbclient nor with ssh (which uses POSIX data).
> > conn=314 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" method=128
> > conn=314 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" mech=SIMPLE ssf=0
> > conn=314 op=0 RESULT tag=97 err=0 text=
> > #
> > # why it happens so that there is no id=... like above
> > #
> > conn=314 op=1 PASSMOD
> > #
> > conn=314 op=1 RESULT oid= err=0 text=
> > conn=314 op=2 UNBIND
> > conn=314 fd=26 closed

> I am not a Samba Guru, But I have done a similar purpose for testing 
> before, as the problem is caused when you are changing the password on 
> the Machine 2, which is a slave, it is READ ONLY and the changes what 
> you do will not be updated or reflected on the original copy. And the 
> ldap credentials of the slave will not be written to the  database.All 
> the changes have to be  passed on  from the Master database.

I am not certain what you mean. I know that slave LDAP servers are readonly
but unlike ordinary readonly server on an update attempt they send
a client a URL of a master server the client should conntact to make
changes. The client switches to the master server, samba does it properly,
and repeats actions, this however fails as you may see in the logs
because after switching samba doesn't do what it would if there were
no switch.

Now, as the changes has been made to the master database they get
propagated down to the slave(s) (yes they get, and Sambaroot's password
is wrong on all BDCs).

Pease do the CC.
Miłego dnia

----- End forwarded message -----

Miłego dnia

More information about the samba mailing list