[Samba] ldapsam:editposix: Which samba.schema attributes are modified when using "smbpasswd -a"?

Holger Rauch holger.rauch at empic.de
Mon Oct 26 05:33:09 MDT 2009


I'm using Samba 3.2.5 on Debian Lenny in conjunction with MIT
Kerberos. LDAP user accounts have already been added prior to the
Samba installation using the ldapscripts package (also included in

I understand that I have to run "smbpasswd -a" as root on the Samba
server for each user that's supposed to be visible to (and usable by)
Samba as well (a whole bunch of SambaSam* attributes gets added to a
user's attribute set).

What's not obvious to me is whether the userPassword attribute is
changed after one has provided the passwd to the smbpasswd utility.
(In conjunction with Kerberos, the value for the userPassword
attribute always has a fixed notation like


and thus that value should remain unmodified). In cases where the
Kerberos database is also stored in LDAP, a different attribute is
modified when changing a user's password (starting with krb5 in the
attribute name).

Is this taken into account by smbpasswd? Or is the passwd specified
upon smbpasswd invocation just useless for kerberized Samba setups?

Does a "smbpasswd -a" invocation modify the value of the userPassword
attribute of a particular user's LDAP entry?

Thanks for clarifying this & kind regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20091026/c9fc1ff4/attachment.pgp>

More information about the samba mailing list