[Samba] Error setting initial password for a user when using LDAP as backend and trying to set Samba and Unix password to the same value

Charlie medievalist at gmail.com
Mon Jul 21 15:44:31 GMT 2008

Herr Spilker, you need to change this part

>access to attrs=userPassword,userPKCS12
>       by self write
>       by * auth

to allow your samba daemon to write the unix password, which is stored
in the userPassword attribute.  For example, this should work:

access to attrs=userPassword,userPKCS12
       by self write
       by dn="cn=samba,dc=jetsys,dc=de" write
       by * auth

I personally would not use these permissions (I don't let samba
daemons write passwords to accounts that do not have the
sambaSamAccount objectclass) but many people do.

You have allowed samba to write your root DSE in this stanza:

> access to dn.base=""
>        by dn="cn=samba,dc=jetsys,dc=de" write
>        by * read

I have never heard of anyone doing this before; is there a reason?


More information about the samba mailing list