[Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM
Leonardo Bruno Lopes
leonardo at cefetmg.br
Sun Apr 9 23:27:22 UTC 2017
Citando Andrew Bartlett via samba <samba at lists.samba.org>:
> On Sun, 2017-04-09 at 16:12 +0100, Rowland Penny via samba wrote:
>> On Sun, 09 Apr 2017 14:47:59 +0000
>> Leonardo Bruno Lopes via samba <samba at lists.samba.org> wrote:
>>
>>
>>
>> > Is there any chance that this could mean I only need to wipe
>> > 'supplementalCredentials' attribute -- I saw that it is possible
>> > --
>> > after set the password with 'ldbmodify'? Unfortunately I can't
>> > get
>> > this tested until tomorrow.
>> >
>>
>> try using something like this in your script:
>
> More like:
>
> ldbmodify -H /usr/local/samba/private/sam.ldb --
> controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 << EOF
> dn: CN=User,CN=Users,DC=samdom,DC=example,DC=com
> changetype: modify
> replace: unicodePwd
> unicodePwd:: xxxxxxxxxxxxxxxxxxxxxxxx
> delete: supplementalCredentials
> -
> EOF
>
> Should do it,
Thanks again, Andrew.
This -- from LDIF/LDAP docs -- will also delete the
'supplementalCredentials' attribute:
ldbmodify -H /var/lib/samba/private/sam.ldb
--controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 << EOF
dn: CN=User,CN=Users,DC=samdom,DC=example,DC=com
changetype: modify
replace: supplementalCredentials
-
EOF
Just for record,
Leonardo
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> --
> Esta mensagem foi verificada pelo sistema de antivírus e
> acredita-se estar livre de perigo.
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
More information about the samba
mailing list