[Samba] pdbedit password policy - not updating ldapsam
jamurph
tony_murphy at yahoo.com
Fri Feb 16 13:25:08 GMT 2007
I have Samba and LDAP up and running, but I'm having problems editing the
password policy using pdbedit.
(I'm running 3.0.22)
I've had a look at the man page for pdbedit but I don't really fully
understand what it does in relation to passwd backends. Does pdbedit update
just one backend and expect a user to export the updates to other backends?
I think I've set up ldap as my default backend - but pdbedit doesn't update
it. It looks like its updating some other backend. I guess my smb.conf
(attached) isn't configured correctly? How do I find out which one it's
updating?. I can also see a reference to pdbedit backend guest in the logs,
but I don't understand why pdbedit is looking for this.
I tried the following command:
pdbedit -P "min password length" -C 7 -d 10
This is a snippet of the logs:
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
account_policy_get: min password length:7
account policy value for min password length was 7
account_policy_set: min password length:7
account policy value for min password length is now 7
I'm guessing it's taking these values from
/var/lib/samba/account_policy.tdb, it's not taking them from ldap - because
it doesn't change sambaMinPwdLength
I can see a search happening in the ldap logs, but I don't see any updates -
is this expected behaviour?
I believe I need to run the following command to update LDAP?
pdbedit -y -i tdbsam -e ldapsam -d 10
However, when I do this, I get the following error message (more of log
attached - but this is part I think is failing)
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
called with username="(null)"
tdb(unnamed): tdb_open_ex: could not open file /etc/samba/passdb.tdb: No
such file or directory
Unable to open/create TDB passwd
Can't sampwent!
When configuring Samba initially, I had some problems, so I followed some
instructions and deleted the following
rm /etc/samba/*tdb
rm /var/lib/samba/*tdb
rm /var/lib/samba/*dat
rm /var/log/samba/*
as a result passdb.tdb is no longer, and didn't get re-created. Is there any
way I can recreate this file? Is this the cause of my problems?
Any help much appreciated, I've attached more details in case they are
needed
-------------- LDAP Entry ------------------------------------
dn: sambaDomainName=BLAHDEV,dc=example,dc=org
sambaDomainName: BLAHDEV
sambaMinPwdAge: 0
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaPwdHistoryLength: 0
sambaNextGroupRid: 67109863
uidNumber: 1005
sambaLogonToChgPwd: 0
sambaLockoutDuration: 30
sambaMaxPwdAge: -1
sambaForceLogoff: -1
sambaLockoutThreshold: 0
gidNumber: 1000
sambaSID: S-1-5-21-317703500-4181503002-770181164
sambaNextUserRid: 67109862
sambaMinPwdLength: 5
sambaRefuseMachinePwdChange: 0
sambaAlgorithmicRidBase: 1000
sambaLockoutObservationWindow: 30
---------------- SMB.CONF -----------------------------------
[global]
workgroup = BLAHDEV
netbios name = BLAHDEV-PDC
security = user
server string = Samba Server
log level = 2
syslog = 0
log file = /var/log/samba/%m.log
max log size = 100000
time server = Yes
logon home = ""
logon path = ""
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
encrypt passwords = Yes
# unix password sync = Yes
passwd program = /usr/sbin/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
*Result**Success****
# Crackcheck settings to allow NT style password complexity checks
check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict
passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2"
ldap admin dn = cn=Manager,dc=example,dc=org
ldap suffix = dc=dc=example,dc=org
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2"
add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
------------ FULL LOG FILE FOR PDBEDIT --------------------
[root at devpc-tm1 samba]# pdbedit -y -i tdbsam -e ldapsam -d 10
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = BLAHDEV
doing parameter netbios name = BLAHDEV-PDC
handle_netbios_name: set global_myname to: BLAHDEV-PDC
doing parameter security = user
doing parameter server string = Samba Server
doing parameter log level = 2
doing parameter syslog = 0
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 100000
doing parameter time server = Yes
doing parameter logon home = ""
doing parameter logon path = ""
doing parameter domain logons = Yes
doing parameter domain master = Yes
doing parameter os level = 65
doing parameter preferred master = Yes
doing parameter wins support = yes
doing parameter encrypt passwords = Yes
doing parameter passwd program = /usr/sbin/ldap_userPassword_change %u
doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password*
%n\n *Result**Success****
doing parameter check password script = /sbin/crackcheck -c -d
/usr/lib/cracklib_dict
doing parameter passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2"
doing parameter ldap admin dn = cn=Manager,dc=example,dc=org
doing parameter ldap suffix = dc=example,dc=org
doing parameter ldap group suffix = ou=Groups
doing parameter ldap user suffix = ou=Users
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap idmap suffix = ou=Idmap
doing parameter idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2"
doing parameter add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
doing parameter delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
doing parameter add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1
-w "%u"
doing parameter add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
doing parameter add user to group script = /opt/IDEALX/sbin/smbldap-groupmod
-m "%u" "%g"
doing parameter delete user from group script =
/opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
doing parameter set primary group script = /opt/IDEALX/sbin/smbldap-usermod
-g '%g' '%u'
doing parameter idmap uid = 16777216-33554431
doing parameter idmap gid = 16777216-33554431
doing parameter template shell = /bin/false
doing parameter winbind use default domain = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Trying to load: ldapsam:ldap://ldap-1 ldap://ldap-2
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://ldap-1
ldap://ldap-2 (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))]
smbldap_search: base => [dc=example,dc=org], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2]
smbldap_open_connection: ldap://ldap-1 ldap://ldap-2
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://ldap-1 ldap://ldap-2 as
"cn=Manager,dc=example,dc=org"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Netbios name list:-
my_netbios_names[0]="BLAHDEV-PDC"
Trying to load: ldapsam:ldap://ldap-1 ldap://ldap-2
Attempting to find an passdb backend to match ldapsam:ldap://ldap-1
ldap://ldap-2 (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))]
smbldap_search: base => [dc=example,dc=org], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2]
smbldap_open_connection: ldap://ldap-1 ldap://ldap-2
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://ldap-1 ldap://ldap-2 as
"cn=Manager,dc=example,dc=org"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Trying to load: tdbsam
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Trying to load: ldapsam
Attempting to find an passdb backend to match ldapsam (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))]
smbldap_search: base => [dc=example,dc=org], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as
"cn=Manager,dc=example,dc=org"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
pdb backend ldapsam has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
called with username="(null)"
tdb(unnamed): tdb_open_ex: could not open file /etc/samba/passdb.tdb: No
such file or directory
Unable to open/create TDB passwd
Can't sampwent!
--
View this message in context: http://www.nabble.com/pdbedit-password-policy---not-updating-ldapsam-tf3239423.html#a9004138
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list