[Samba] smbpasswd vs passwd to change

Adam Tauno Williams awilliam at whitemice.org
Thu Feb 4 09:19:19 MST 2010

On Thu, 2010-02-04 at 10:11 -0600, Adam wrote:
> so what's you're question?
> Nickolas Gray wrote:
> > Not sure if someone here can answer this for me. The OpenLDAP guys 
> > have blown me off on this one.

Don't feel bad;  providing opportunities to blow people off is the
primarily purpose of their listserv.

> > I have a standalone server which is using ldap as the passdb backend. 
> > I can ssh into an account.  I can show that "smbclient works  -L 
> > localhost -U ldaptestuser" works. If I change the password using 
> > smbpasswd both still work with new password. If i change the password 
> > using /usr/bin/passwd I can login interactively with the new password 
> > but samba still uses the old password.

Of course. passwd does not update the SAM password attributes.  With a
Samba 3.x SAM you have [at least] two passwords in your LDAP object -
userpassword and sambantpassword.  Samba may know to update all the
password entries, and potentially other meta-data, but passwd certainly
does not.  Unless you've been successful at configuring the smbk5pwd
module and are performing password changes via the password change
extended operation.

This is covered in the official documentation somwhere.

OpenGroupware developer: awilliam at whitemice.org
OpenGroupare & Cyrus IMAPd documenation @

More information about the samba mailing list