[Samba] Changing active directory user password via LDAP
Tadas
tadas at ring.lt
Wed Apr 30 12:30:48 MDT 2014
Hmm, you are right. This script works. Now I just have to reverse-engineer
it and find out, why my command-line does not work :)
Thank you for pointing this out.
-----Original Message-----
From: IñigoMartinez Lasala
Sent: Wednesday, April 30, 2014 7:14 PM
To: tadas at ring.lt
Cc: samba at lists.samba.org
Subject: Re: [Samba] Changing active directory user password via LDAP
Try this:
https://code.google.com/p/ad-change-pass/
It worked for us.
----- Mensaje original -----
De: "Tadas" <tadas at ring.lt>
Para: samba at lists.samba.org
Enviados: Miércoles, 30 de Abril 2014 13:33:46
Asunto: [Samba] Changing active directory user password via LDAP
Hello, lists.
I'm struggling to find out, how one can change password of an active
directory (based on samba4) user via LDAP.
The problem is that if I try to use userPassword parameter:
dn: CN=John Smith,cn=Users,DC=domain,DC=com
changetype: modify
replace: userPassword
userPassword: newPassword
ldapmodify -v -c -a -f filename.ldif -H ldaps://server.domain.com -D\
administrator at domain.com -W \
ldap_initialize( ldaps://server.domain.com:636/??base )
Enter LDAP Password:
replace userPassword:
newPassword
modifying entry "CN=John Smith,cn=Users,DC=domain,DC=com"
modify complete
This seems to work, but does not affect user in any matter. As far as I
managed to find out, is that userPassword is not native Active Directory
attribute.
You must use unicodePwd attribute instead.
But then I get to another problem:
dn: CN=John Smith,cn=Users,DC=domain,DC=com
changetype: modify
replace: unicodePwd
unicodePwd: newPassword
ldapmodify -v -c -a -f filename.ldif -H\ ldaps://server.domain.com -D\
administrator at domain.com -W
ldap_initialize( ldaps://server.domain.com:636/??base )
Enter LDAP Password:
replace unicodePwd:
newPassword
modifying entry "CN=John Smith,cn=Users,DC=domain,DC=com"
ldap_modify: Server is unwilling to perform (53)
additional info: 00002035: setup_io: it's not allowed to set the
NT hash password directly'
It seems, that samba4 does not allow to change this attribute directly.
So the question would be: is it possible to change AD user password via
LDAP, or this can only be done via samba tools and windows client?
Thank you.
--
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list