[Samba] ldap passwd sync on 3.0.25a

Thierry Lacoste lacoste at miage.univ-paris12.fr
Mon Aug 13 12:44:06 GMT 2007


I have an strange issue with ldap passwd sync = only
on FreeBSD 6.1 with Samba 3.0.25a + OpenLDAP 2.3.37

I have the OpenLDAP smbk5pwd overlay which successfuly
synchronizes LM and NT passwords:

$ ldappasswd -D 'cn=sambamgr,ou=managers,o=stars' -w sambapass -s 
secret1 'uid=lacoste,ou=Users,ou=Accounts,o=stars'
Result: Success (0)

My OpenLDAP auditlog file confirms that smbk5pwd is working:

# modify 1187006837 o=stars cn=sambamgr,ou=Managers,o=stars
dn: uid=lacoste,ou=Users,ou=Accounts,o=stars
changetype: modify
replace: userPassword
userPassword:: e1NTSEF9UFZSZk1zcTNoRlFuYWhGMzRWN1BZWE5BU3U0MHNVTWo=
-
replace: sambaPwdMustChange
sambaPwdMustChange: 1218542837
-
replace: sambaPwdLastSet
sambaPwdLastSet: 1187006837
-
replace: sambaLMPassword
sambaLMPassword: 8d16f4badd1da493aad3b435b51404ee
-
replace: sambaNTPassword
sambaNTPassword: b39a61f16a4e11fa80580241f1d4aae8
-
replace: pwdChangedTime
pwdChangedTime: 20070813120717Z
-
replace: entryCSN
entryCSN: 20070813120717Z#000000#00#000000
-
replace: modifiersName
modifiersName: cn=sambamgr,ou=Managers,o=stars
-
replace: modifyTimestamp
modifyTimestamp: 20070813120717Z
-
# end replace 1187006837

Here's the auditlog when I modify the password under Windows XP
with ldap passwd sync = yes.
Note that as expected there are two modifications:
- one for the LM and NT passwords
- and one for the userPassword which triggers another "change" of
the  LM and NT passwords.

# modify 1187007048 o=stars cn=sambamgr,ou=Managers,o=stars
dn: uid=lacoste,ou=Users,ou=Accounts,o=stars
changetype: modify
delete: sambaLMPassword
sambaLMPassword: 8d16f4badd1da493aad3b435b51404ee
-
add: sambaLMPassword
sambaLMPassword: 485B60ABDAF3DCBEAAD3B435B51404EE
-
delete: sambaNTPassword
sambaNTPassword: b39a61f16a4e11fa80580241f1d4aae8
-
add: sambaNTPassword
sambaNTPassword: C2CC78BA8B1DF908F563858B3095C7C7
-
delete: sambaPwdLastSet
sambaPwdLastSet: 1187006837
-
add: sambaPwdLastSet
sambaPwdLastSet: 1187007048
-
replace: entryCSN
entryCSN: 20070813121048Z#000000#00#000000
-
replace: modifiersName
modifiersName: cn=sambamgr,ou=Managers,o=stars
-
replace: modifyTimestamp
modifyTimestamp: 20070813121048Z
-
# end replace 1187007048

# modify 1187007048 o=stars cn=sambamgr,ou=Managers,o=stars
dn: uid=lacoste,ou=Users,ou=Accounts,o=stars
changetype: modify
replace: userPassword
userPassword:: e1NTSEF9YmVKTHNIOFVaK3pkNDJ4WGhHTUdtcVk2QjZiMWVzR1Q=
-
replace: sambaPwdMustChange
sambaPwdMustChange: 1218543048
-
replace: sambaPwdLastSet
sambaPwdLastSet: 1187007048
-
replace: sambaLMPassword
sambaLMPassword: 485b60abdaf3dcbeaad3b435b51404ee
-
replace: sambaNTPassword
sambaNTPassword: c2cc78ba8b1df908f563858b3095c7c7
-
replace: pwdChangedTime
pwdChangedTime: 20070813121048Z
-
replace: entryCSN
entryCSN: 20070813121048Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=sambamgr,ou=Managers,o=stars
-
replace: modifyTimestamp
modifyTimestamp: 20070813121048Z
-
# end replace 1187007048

To avoid the double change of LM and NT passwords I set
ldap passwd sync = only in my smb.conf but when I change
the password from XP none of the passwords is changed even
though XP reports success.

This works like a charm with Samba 3.0.22 + OpenLDAP 2.3.24 under FreeBSD 6.1.

Any help to troubleshoot the problem would be appreciated.

Regards,
Thierry.




More information about the samba mailing list