[Samba] ldap passwd sync not working
Gary Dale
garydale at torfree.net
Tue Feb 12 12:13:05 GMT 2008
The question may not be related to LDAP since your domain passwords are
changed. You should be looking at why the Unix password isn't being
changed.
- Are you using LDAP for Unix authentication?
- Can you change the Unix password using passwd?
- is your password chat in smb.conf correct for your system?
Fabiano Caixeta Duarte wrote:
> Hi, there!
>
> When my XP users try to change passwords, they get a message saying that
> password has been changed. That's not true!
>
> NT and LM passwords are changed but unixPassword isn't.
>
> Look at this openldap.log lines:
>
> Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD
> dn="uid=teste,ou=Users,dc=domain"
> Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD
> attr=sambaLMPassword sambaLMPassword sambaNTPassword sambaNTPassword
> sambaPwdLastSet sambaPwdLastSet
>
> See?
>
> My smb.conf have this ldap related options:
>
> passdb backend = ldapsam:ldap://apolo.domain
> idmap backend = ldapsam:ldap://apolo.domain
> ldap suffix = dc=domain
> ldap admin dn = cn=root,dc=domain
> ldap ssl = start_tls
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> ldap passwd sync = yes
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
>
More information about the samba
mailing list