[Samba] Re: Samba does not change UNIX password after OpenLDAP
server upgraded
John Du
jjohndu at gmail.com
Thu Apr 30 23:45:46 GMT 2009
David Markey wrote:
> John Du wrote:
>
>> David Markey wrote:
>>
>>> I would imagine that you'll need to re-jig your ACLs in slapd.conf,
>>>
>>> Please supply logs.
>>>
>>>
>>>
>> Thank you very much.
>>
>> I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
>> and UNIX password. If the problem is ACL related, wouldn't I have the
>> same problem with this tool?
>>
>> When samba changes passwords, does the process run as root or as the
>> user making the passwords change?
>>
>
> If you're using smbldap-passwd and unix password sync, it's done as
> root. ldap passwd sync is done as the LDAP dn that you've configured in
> smb.conf. It's much preferable to use ldap passwd sync.
>
>
I did not make myself clear. When I say I can use smbldap-passwd to
change password, I mean I can run the tool from the command line as
root. If I use smbldap-passwd and unix passwd sync in smb.conf, I get
a "you do not have permission to change password" message when
attempting to change password.
So at this time I am still using ldap passwd sync in smb.conf and that
is when it only changes the Windows password.
Does the userPassword attribute require different ACL than
sambaNTPassword? Also the dn I put in smb.conf is the root DN of the
LDAP database.
Thanks!
>
>
>> Thanks again.
>>
>>> John Du wrote:
>>>
>>>
>>>> John Du wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> I have been running Samba with OpenLDAP for a few years. We recently
>>>>> upgrade the OpenLDAP server from 2.2.13 to 2.4.11.
>>>>>
>>>>> When users change their passwords now, only the Windows password is
>>>>> changed the UNIX password is not changed anymore. Samba server does
>>>>> not log any errors The samba configuration file did not change when
>>>>> the LDAP server was upgraded.
>>>>>
>>>>> I do have "ldap passwd sync =Yes" in smb.conf and it used to work
>>>>> fine.
>>>>>
>>>>> Has anyone seen this?
>>>>>
>>>>> If I use
>>>>>
>>>>> unix password sync = Yes
>>>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>>>>> passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
>>>>> new password*" %n\n"
>>>>>
>>>>> instead of "ldappasswd sync", what access control do I have to add to
>>>>> the slapd.conf file?
>>>>>
>>>>> Thank you very much for your help!
>>>>>
>>>>> John
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel
>>>> 2.6.9-42.0.2.
>>>>
>>>>
>>>
>>>
>
>
>
More information about the samba
mailing list