[Samba] change passord sssd-client
Andrew Bartlett
abartlet at samba.org
Mon Mar 20 20:26:14 UTC 2017
On Mon, 2017-03-20 at 16:38 -0300, josé Roberto via samba wrote:
> Hi,
>
> I'm trying to migrate to samba4 and had the following issue:
> I have SSSD configured to authenticate users on linux machines that I
> get
> from a samba4 service through LDAP endpoint. Users are successfuly
> authenticated in the system, but I can't manage to change password of
> these
> users from command line. When I try to use passwd command, i got the
> following:
> Password change failed. Server message: Extended
> Operation(1.3.6.1.4.1.4203.1.11.1) not supported
> passwd: Authentication token manipulation error
> passwd: password unchanged
> I saw in another forums that it's possible to bypass this error
> changing
> permissions from the user that is authenticating on LDAP base to
> write
> other users passwords, but in this case it's a samba4 base using a
> LDAP
> interface. Is it possible to grant this kind of permission to the
> user
> authenticating through LDAP?
sssd should be able to change passwords over kpasswd or ldap (with the
AD method, which is over unicodePwd), but sadly Samba does not support
the extended operation method yet. We would love to support it, but
that requires engineering at this stage.
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list