[Samba] ldap password sync

David Pinkerton David.Pinkerton at planaustralia.com.au
Wed Apr 11 11:20:22 GMT 2007

Thank you to everyone who replied.

   workgroup = HOME
   netbios name = DHP

   security = user
   encrypt passwords = yes
   enable privileges = yes

   passdb backend = ldapsam:ldap://

   log file = /var/log/samba/%m.log
   utmp = yes
   max log size = 50
   log level = 1
   syslog = 0

   add user script = /usr/local/sbin/smbldap-useradd -m "%u"
   add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

   domain logons = yes
   domain master = yes
   os level = 65
   preferred master = yes
   wins support = yes

   ldap admin dn = cn=admin,o=dhp
   ldap passwd sync = yes
   ldap delete dn = yes
   ldap suffix = o=dhp
   ldap machine suffix = ou=machine
   ldap user suffix = ou=staff
   ldap group suffix = ou=group
   ldap idmap suffix = ou=idmap

   idmap uid = 10000-20000
   idmap gid = 10000-20000

I removed the unix password syn and passwd program directive - no luck  :-(
It will still not sync the users password change to the userPassword attribute.

Again packet traces show NO modify request for userPassword, only the samba  attributes.

A little more background.
LDAP directory is Novell eDirectory.  cn=admin,o=dhp is a "god" user.  R/W rights to every object.  The reason I need to sync the password is for the rollout of Zenworks.  It uses the userPassword to authenticate the zen client.

The /usr/local/sbin/smbldap-passwd scripts works when called from command line.

Has anyone ever had this working - can't find anyone who says they have, just lots of "should" work.  I'm beginning to think it is a samba myth.


David Pinkerton

The contents of this email may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. PLAN Australia is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt.

More information about the samba mailing list