[Samba] Allow self password change using LDAP(s) with Samba4

Roel van Meer roel at 1afa.com
Thu Jan 7 09:12:03 UTC 2016


Hi Juan,

you can use the 'kpasswd' utility:

  kpasswd user at YOUR.REALM

It can be run as unprivileged user.
It first prompts you for your old password and the twice for the new  
password.

Cheers,

Roel



Juan Asensio Sánchez writes:

> Hi all
>
> I am trying to create a webapp to allow users to change their own passwords
> in Samba4 (perhaps, also in AD), using LDAP(s). But when I try to modify
> the user password using this code:
>
> dn: ........
> changetype: modify
> replace: unicodePwd
> unicodePwd: "Temporal2"
>
> I get this error:
>
> 0x32 (Insufficient access; error in module acl: insufficient access rights
> during LDB_MODIFY (50))
>
> If I change the code, deleting the old password, and adding the new one:
>
> dn: ........
> changetype: modify
> delete: unicodePwd
> unicodePwd: "Temporal1"
> -
> add: unicodePwd
> unicodePwd: "Temporal2"
>
> Then I get this error:
>
> #!ERROR [LDAP: error code 53 - 00002035: setup_io: it's not allowed to set
> the NT hash password directly']
>
> The ldapmodify are executed using the self user credentials, i wouldn't
> like to use the administrator account. Is this possible? Do I have to
> change some settings in Samba4?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list