[Samba] ldap password sync
David.Pinkerton at planaustralia.com.au
Wed Apr 11 11:20:22 GMT 2007
Thank you to everyone who replied.
workgroup = HOME
netbios name = DHP
security = user
encrypt passwords = yes
enable privileges = yes
passdb backend = ldapsam:ldap://127.0.0.1
log file = /var/log/samba/%m.log
utmp = yes
max log size = 50
log level = 1
syslog = 0
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
domain master = yes
os level = 65
preferred master = yes
wins support = yes
ldap admin dn = cn=admin,o=dhp
ldap passwd sync = yes
ldap delete dn = yes
ldap suffix = o=dhp
ldap machine suffix = ou=machine
ldap user suffix = ou=staff
ldap group suffix = ou=group
ldap idmap suffix = ou=idmap
idmap uid = 10000-20000
idmap gid = 10000-20000
I removed the unix password syn and passwd program directive - no luck :-(
It will still not sync the users password change to the userPassword attribute.
Again packet traces show NO modify request for userPassword, only the samba attributes.
A little more background.
LDAP directory is Novell eDirectory. cn=admin,o=dhp is a "god" user. R/W rights to every object. The reason I need to sync the password is for the rollout of Zenworks. It uses the userPassword to authenticate the zen client.
The /usr/local/sbin/smbldap-passwd scripts works when called from command line.
Has anyone ever had this working - can't find anyone who says they have, just lots of "should" work. I'm beginning to think it is a samba myth.
The contents of this email may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. PLAN Australia is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt.
More information about the samba