[Samba] Change Password after expired
Charles-Henri Falconnet
charles-henri.falconnet at univ-fcomte.fr
Wed May 11 08:03:00 UTC 2016
Hi list,
Same wish here!
I'd like my users to change their password using LTB (great tool) but
since 4.2.10 (debian jessie) I lost the connection to samba4.
I tried using TLS and port 636 in LTB's config.inc.php with a dedicated
user and put the self signed AC from private/tls but it didn't work.
Before the upgrade, i was on samba 4.1.17 (debian jessie) and simple
bind on port 389 for LTB and it worked great.
I read https://www.samba.org/samba/history/samba-4.2.10.html and the apt
listchanges of Andrew Bartlett
I'm stuck since the upgrade. I tried to change the new parameters to
downgrade security but it didn't work (and i don't want less security).
The active directory works, users can authenticate and access a separate
member files server.
My smb.conf
[global]
workgroup = CHRONO-DOM
realm = CHRONO-DOM.LAN
netbios name = DMZ-PVE-SRV9
server role = active directory domain controller
dns forwarder = xxx.xxx.xxx.xxx
idmap_ldb:use rfc2307 = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
idmap config * : backend = tdb
idmap config * : range = 2000-2999
idmap config CHRONO-DOM : backend = ad
idmap config CHRONO-DOM : range = 10000-29999
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
acl map full control = yes
syslog = 0
log level = 7 auth:10 winbind:10
tls verify peer = ca_only
[netlogon]
path = /var/lib/samba/sysvol/chrono-dom.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
On the LAMP server with LTB Self Service Password and other web apps i
configure the ldap.conf with
TLS_CACERT /etc/ssl/ca_chrono-dom.lan.pem
TLS_REQCERT never
and the read mode bit for other
With openssl s_client -showcerts -connect dmz-pve-srv9.chrono-dom.lan:636
or openssl s_client -CAfile <path to the self signed CA> -showcerts
-connect dmz-pve-srv9.chrono-dom.lan:636
returns Verify return code: 18 (self signed certificate) but i don't
think that can be a problem.
I appreciate some help.
Charles
Le 10/05/2016 21:41, Rowland penny a écrit :
> On 10/05/16 20:11, Carlos A. P. Cunha wrote:
>> In some customer yes, but they are with LTSP (pxe boot) where another
>> use graphical interface, but would rather have a web interface to
>> change the password.
>> This tambpem would be used for windows stations off the field.
>>
>>
>>
>
> What is wrong with the 'LTB Self Service Password' program ??
>
> Did you configure 'config.inc.php' correctly ?
>
>
> Rowland
>
>
More information about the samba
mailing list