[Samba] Changing passwords from Windows
Thierry Lacoste
lacoste at u-pec.fr
Fri Jan 28 01:47:12 MST 2011
On 27 janv. 11, at 16:55, TAKAHASHI Motonobu wrote:
> 2011/1/26 Joe Tseng <joe_tseng at hotmail.com>:
>>
>> Is it possible for a user to change his/her password from Windows?
>> I tried it
>> out last night as a test user against my PDC and it only changed
>> for Samba; I
>> was still able to log into the PDC via SSH using the previous
>> password. (I
>> changed it for the test user as root and it took for both SSH and
>> Windows.)
>
> Set "ldap password sync = yes" in LDAP environment or set "unix
> password sync = yes"
> and "pam password change = yes" in normal environment with PAM
> enabled.
>
>> I tried to use smbldap-passwd as the test user, but I got a message
>> back saying
>> I had insufficient privileges:
>
> Have you set "by self write" to both sambaLMPassword and
> sambaNTPassword?
AFAICT this is not needed. The user never accesses theses hashes for
himself.
The samba "ldap admin dn" and the smbldap-tools "masterDN" need write
access to them.
I believe the smbldap-tools "masterDN" (and probably the samba "ldap
admin dn") also needs write access to :
- sambaPwdLastSet
- sambaPwdCanChange
- sambaPwdMustChange
- sambaAcctFlags
Regards,
Thierry
More information about the samba
mailing list