[Samba] Samba/Unix password sync with LDAP backend
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Mar 15 10:54:06 MDT 2010
On 03/15/2010 12:33 PM, simo wrote:
> On Mon, 2010-03-15 at 12:27 -0400, Gaiseric Vandal wrote:
>
>> I am using Sun Directory Server. I believe that both the Sun
>> Directory
>> server and the RedHat/Fedora directory server are forks of the
>> earlier
>> Iplanet/Netscape directory server. The samba servers are running
>> on
>> Solaris. With a local (non-ldap) password, root can easily use the
>> passwd command to change a user's password, since entering the old
>> password is not required. But with ldap accounts this doesn't work-
>> if
>> root tries to change another user's password with "passwd -r ldap",
>> the
>> old password is required. Instead you need to use the "ldapasswd"
>> command and authenticate as a user with the appropriate ldap
>> administrative powers.
>>
>> my smb.conf includes
>>
>> passwd program = /etc/samba/smbldappasswd.sh %u
>> passwd chat =*New* %n\n *changed*
>> unix password sync = yes
>>
>>
> Why don't you use "ldap passwd sync" instead ?
>
> Simo.
>
>
This didn't work last time I tried it. At some point I had unix
accounts in NIS, and samba accounts in TDB (local database file on the
PDC.) I then moved unix accounts to LDAP. Finally I migrated all the
Windows account info out of TDB into LDAP. I think I tried the "ldap
passwd sync" option when unix account info was in LDAP but samba
passwords were still in TDB.
I will try it again now that everything is 100% in LDAP.
More information about the samba
mailing list