[Samba] pdbedit password policy - not updating ldapsam

jamurph tony_murphy at yahoo.com
Mon Feb 19 14:30:29 GMT 2007 

I removed version 3.0.22 and installed 3.0.24 (I removed samba files from
/etc/samba, /var/lib/samba, /var/cache/samba), but afraid I still
experiencing the same problem when I run 

 pdbedit -y -i tdbsam -e ldapsam

 Found pdb backend guest
 pdb backend guest has a valid init
 called with username="(null)"
 tdb(unnamed): tdb_open_ex: could not open file /etc/samba/passdb.tdb: No
such file or directory
 Unable to open/create TDB passwd
 Can't sampwent!

I manually updated the password policy settings in
sambaDomain=BLAHDEV,dc=example,dc=org
ldapmodify -x -D "..." -W
 dn: sambaDomainName=BLAHDEV,dc=roke,dc=co,dc=uk
 changeType: modify
 sambaMinPwdAge: 0
 sambaMaxPwdAge: 2592000
 sambaPwdHistoryLength: 5
 sambaLockoutThreshold: 3
 sambaMinPwdLength: 8
 sambaLockoutDuration: -1

Samba doesn't appear to recognise these changes. How can I get samba to just
look in the ldapsam and not worry about what's in other backends. Any ideas
on how to diagnose this problem would also be helpful

 [global]
   workgroup = BLAHDEV
   netbios name = BLAHDEV-PDC
   security = user
   server string = Samba Server
   log level = 2
   syslog = 0
   log file = /var/log/samba/%m.log
   max log size = 100000
   time server = Yes
   logon home = ""
   logon path = ""
   domain logons = Yes
   domain master = Yes
   os level = 65
   preferred master = Yes
   wins support = yes
   encrypt passwords = Yes
   # unix password sync = Yes
   passwd program = /usr/sbin/ldap_userPassword_change %u
   passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n
*Result**Success****
   # Crackcheck settings to allow NT style password complexity checks
   check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict
   passdb backend = ldapsam:"ldap://ldap-1"
   ldap admin dn = cn=Manager,dc=example,dc=org
   ldap suffix = dc=example,dc=org
   ldap group suffix = ou=Groups
   ldap user suffix = ou=Users
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Idmap
   # idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2"
   idmap backend = ldap:"ldap://ldap-1"
   add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
   delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
   add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w "%u"
   add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
   add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u"
"%g"
   set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = no

I'm running on centos 4.3. Is there a Linux file or PAM setting or something
that I need to change to make this work?

-- 
View this message in context: http://www.nabble.com/pdbedit-password-policy---not-updating-ldapsam-tf3239423.html#a9043068
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list