[Samba] ldap passwd sync only

Marcin Giedz giedz at arise.pl
Wed Aug 15 08:21:15 GMT 2007


Michal Bruncko napisał(a):
> Hello
>   
Hi,

In my opinion there is something wrong with "ldap password sync" and 
"unix password sync" as well. In my case I need to update NTLM passwords 
and userPassword but in several different places in LDAP tree. In 
smb.conf I've got something like this:

ldap passwd sync = No
unix password sync = Yes
passwd program = /opt/samba-3.0.23d/bin/spasswd.pl -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n

where spasswd.pl script changes userPassword in many places for 
particular user. The problem is when I have "unix password sync=Yes" I 
CAN'T join domain any Linux machines. So to join such machine I need to 
mark "unix password sync" , then add machine and change "unix password 
sync" back. This is workaround but not a solution.

The same situation is with 3.0.25b.

Regards,
Marcin
> I have exactly the same trouble as described here:
> http://www.nabble.com/ldap-passwd-sync-on-3.0.25a-tf4261008.html on
> samba-3.0.25b-2.fc7.
> When i set "ldap passwd
> sync" to "only" and I change password on some ldap samba
> user, password in attribute userPassword is never changed by samba daemon
> (to update NT and LM password I use smbk5pwd overlay). If i set pwd
> sync to "On", both attributes (NT&LM and
> userPassword) was updated successfully. (I dont would use ldap passwd sync
> to "On", because then I could not create user in usrmgr.exe with not defined
> password (access denied error))
>   
I
> Is that behaviour correct?
>
> thanks
>
> Michal Bruncko
>   


-- 
ARISE M.Giedz, T.Żebruń Sp.j.
http: www.arise.pl
mail: giedz at arise.pl
tel: +48 502 537 157



More information about the samba mailing list