[Samba] ldapsam:editposix: Which samba.schema attributes are modified when using "smbpasswd -a"?
Holger Rauch
holger.rauch at empic.de
Mon Oct 26 05:33:09 MDT 2009
Hi,
I'm using Samba 3.2.5 on Debian Lenny in conjunction with MIT
Kerberos. LDAP user accounts have already been added prior to the
Samba installation using the ldapscripts package (also included in
Debian).
I understand that I have to run "smbpasswd -a" as root on the Samba
server for each user that's supposed to be visible to (and usable by)
Samba as well (a whole bunch of SambaSam* attributes gets added to a
user's attribute set).
What's not obvious to me is whether the userPassword attribute is
changed after one has provided the passwd to the smbpasswd utility.
(In conjunction with Kerberos, the value for the userPassword
attribute always has a fixed notation like
{KERBEROS}<name-of-principal>@<kerberos-realm>
and thus that value should remain unmodified). In cases where the
Kerberos database is also stored in LDAP, a different attribute is
modified when changing a user's password (starting with krb5 in the
attribute name).
Is this taken into account by smbpasswd? Or is the passwd specified
upon smbpasswd invocation just useless for kerberized Samba setups?
Does a "smbpasswd -a" invocation modify the value of the userPassword
attribute of a particular user's LDAP entry?
Thanks for clarifying this & kind regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20091026/c9fc1ff4/attachment.pgp>
More information about the samba
mailing list