[Samba] Samba/Unix password sync with LDAP backend

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Mar 15 10:54:06 MDT 2010

On 03/15/2010 12:33 PM, simo wrote:
> On Mon, 2010-03-15 at 12:27 -0400, Gaiseric Vandal wrote:
>> I am using Sun Directory Server.  I believe that both the Sun
>> Directory
>> server and the RedHat/Fedora directory server are forks of the
>> earlier
>> Iplanet/Netscape directory server.    The samba servers are running
>> on
>> Solaris.   With a local (non-ldap) password, root can easily use the
>> passwd command to change a user's password, since entering the old
>> password is not required.  But with ldap accounts this doesn't work-
>> if
>> root tries to change another user's password with "passwd -r ldap",
>> the
>> old password is required.  Instead you need to use the "ldapasswd"
>> command and authenticate as a user with the appropriate ldap
>> administrative powers.
>> my smb.conf includes
>>           passwd program = /etc/samba/smbldappasswd.sh %u
>>           passwd chat =*New* %n\n *changed*
>>           unix password sync = yes
> Why don't you use "ldap passwd sync" instead ?
> Simo.

This didn't work last time I tried it.   At some point I had unix 
accounts  in NIS, and samba accounts in TDB (local database file on the 
PDC.)  I then moved unix accounts to LDAP.  Finally I migrated all the 
Windows account info out of TDB  into LDAP.  I think I tried the "ldap 
passwd sync" option when unix account info was in LDAP but samba 
passwords were still in TDB.

I will try it again now that everything is 100% in LDAP.

More information about the samba mailing list