[Samba] Re: Samba does not change UNIX password after OpenLDAP server upgraded

John Du jjohndu at gmail.com
Thu Apr 30 23:45:46 GMT 2009


David Markey wrote:
> John Du wrote:
>   
>> David Markey wrote:
>>     
>>> I would imagine that you'll need to re-jig your ACLs in slapd.conf,
>>>
>>> Please supply logs.
>>>
>>>   
>>>       
>> Thank you very much.
>>
>> I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
>> and UNIX password.  If the problem is ACL related, wouldn't I have the
>> same problem with this tool?
>>
>> When samba changes passwords, does the process run as root or as the
>> user making the passwords change?
>>     
>
> If you're using smbldap-passwd and unix password sync, it's done as
> root. ldap passwd sync is done as the LDAP dn that you've configured in
> smb.conf. It's much preferable to use ldap passwd sync.
>
>   
I did not make myself clear. When I say I can use  smbldap-passwd to 
change password, I mean I can run the tool from the command line as 
root.  If I use smbldap-passwd  and unix passwd sync in smb.conf, I get 
a "you do not have permission to change password" message when 
attempting to change password.

So at this time I am still using ldap passwd sync in smb.conf and that 
is when it only changes the Windows password.

Does the userPassword attribute require different ACL than 
sambaNTPassword?  Also the dn I put in smb.conf is the root DN of the 
LDAP database.

Thanks!

>  
>   
>> Thanks again.
>>     
>>> John Du wrote:
>>>  
>>>       
>>>> John Du wrote:
>>>>    
>>>>         
>>>>> Hi,
>>>>>
>>>>> I have been running Samba with OpenLDAP for a few years.  We recently
>>>>> upgrade the OpenLDAP server from 2.2.13 to 2.4.11.
>>>>>
>>>>> When users change their passwords now, only the Windows password is
>>>>> changed the UNIX password is not changed anymore.  Samba server does
>>>>> not log any errors   The samba configuration file did not change when
>>>>> the LDAP server was upgraded.
>>>>>
>>>>> I do have "ldap passwd sync =Yes" in smb.conf and it used to work
>>>>> fine.
>>>>>
>>>>> Has anyone seen this?
>>>>>
>>>>> If I use
>>>>>
>>>>> unix password sync = Yes
>>>>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>>>>> passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
>>>>> new password*" %n\n"
>>>>>
>>>>> instead of "ldappasswd sync", what access control do I have to add to
>>>>> the slapd.conf file?
>>>>>
>>>>> Thank you very much for your help!
>>>>>
>>>>> John
>>>>>
>>>>>
>>>>>
>>>>>       
>>>>>           
>>>> I forgot to mention that the Samba version is 3.0.28 on EHEL4 kernel
>>>> 2.6.9-42.0.2.
>>>>     
>>>>         
>>>   
>>>       
>
>
>   



More information about the samba mailing list