[Samba] Problem with samba+openldap with regard changing passwords
lists at goodmanemail.com
Wed Feb 20 10:19:15 GMT 2008
Edmundo Valle Neto wrote:
> Alan Goodman escreveu:
>> Edmundo Valle Neto wrote:
>>> Alan Goodman escreveu:
>>>> I have implemented samba with LDAP backend, domain logins and
>>>> roaming profiles and everything is great - except for one thing.
>>>> Noone can change their passwords from windows - trying to change
>>>> your password results in windows telling you your not allowed to do
>>>> I did smbldap-show alan and among other information the line:
>>>> sambaPwdCanChange: 0 appeared.
>>>> From my understanding if I do smbldap-usermod -A0 -B0 alan that
>>>> line should then be changed to have a value of 1 allowing users to
>>>> change passwords from their windows logins, however running the
>>>> above command does not appear to be changing these values at all
>>>> and thus im left with manually smbldap-passwd user to change each
>>>> persons passwords (which does work)
>>>> If someone could let me know which logs you require and how to
>>>> obtain them I would be happy to post them up here.
>>>> OS = CentOS 5.1
>>> Post your smb.conf.
>>> Edmundo Valle Neto
> netbios name = MARANATHACENTRA
> Netbios names can have a maximum of 12 characters, it will probably be
> truncated. (but this isnt related to your problem)
> You only need password options if you want that unix passwords stay in
> Then, you only need "ldap passwd sync = Yes". Its commented out, you
> already tried it? What happens?
> These three options together works too.
> unix password sync = Yes
> passwd program = /usr/local/sbin/smbldap-passwd -u %u
> passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
> new password*" %n\n"
> Theres a double quote that isn't needed at the end (its not opening
> nor closing any string), the old smbldap-tools documentation shows
> that way (wrong), I dont have sure if it is really a problem.
> If it doesn't work as you said that it works at command line, include
> a piece of log using level 3 when a client try to change its password.
> Edmundo Valle Neto
> Besides that, the configuration is right.
> "/usr/local/sbin/smbldap-passwd -u anyuser" works when executed from
> the command line?
> What samba version you use, you compile your own packages?
Here you go...
http://pastebin.com/f61c911dd - logs
In answer to your questions...
Yeah that command works as root on the CLI
Samba version is 3.0.25b-1.el5_1.4
No I used the RPM's
@(#) $OpenLDAP: slapd 2.3.27 (Nov 10 2007 09:24:08) $
mockbuild at builder6.centos.org:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Many thanks for your help. It is much appreciated.
More information about the samba