[Samba] NT/LM Samba passwords and userPassword sync
giedz at arise.pl
Mon May 7 06:17:14 GMT 2007
Perhaps this post is not directly connected with Samba itself but after
I saw that Samba uses EXOP for LDAP password changing I decided to write
it to this list as well. Here is what I'd like to do:
1) I use openldap-2.3.35 for Samba auth mechanism
2) additionally I use openldap for any other auths I have in my subnet -
exim, imap, svn, linux-login, etc...
In case of Samba the NT/LM passwords play major role, for others I use
userPassword. However userPassword (posixAccount) shows up in different
places not only once:
ldapsearch -x -LLL uid=giedz
dn: mail=giedz at xxxx.com,ou=domains,dc=xxxx,dc=pl
mail: giedz at xxxx.com
dn: mail=giedz at xxxxx.com.pl,ou=domains,dc=xxxxx,dc=pl
I want to give my users ability to change their passwords by themselfs.
But I need to sync all passwords for particular user. I mean when user
changes his/her password from windows via Samba (ldap passwd sync = yes)
the LM/NT and all userPassword are being changed respectively (regarding
the particular dn=giedz,ou=people,dc=xxx,dc=pl), right?
The same when "passwd" command is involved - when user uses it, this
means all passwords are changed (windows + all userPassword).
I heard about smb5kpwd but I don't use Kerberos and I don't think it's
suitable for my need, isn't it?
So in this case do you have any idea what should I do? Of course I could
you external script to change userPassword everywhere, but since EXOP
exists I thought it's much wiser to use native feature rather than
ARISE M.Giedz, T.Żebruń Sp.j.
mail: giedz at arise.pl
tel: +48 502 537 157
More information about the samba