On Wed, 2012-10-10 at 17:11 +0200, Marc Grimme wrote:
> Hello together,
> we are running IPA on RHEL6.3 for quite some time.
> We are also using IPA to provide the LDAP backend for our samba
> configuration.
> Normally everything is running quite ok.
> 
> But from time to time some people inform me that their samba password is
> not in sync with their password in IPA.
> Mostly this is working but a few different people are informing me about
> that.
> So is there a way to "resync" the password to the ones in LDAP
> (userPassword, sambaNTPassword)?

We do not have code to do that now (although we have some code in 3.0
that is capable of doing that so it is technically possible), but this
shouldn't happen in the first place.

Do you have any information about how the password was changed by these
users ?

Are you allowing samba to change the password ?

If so are you using the option 'ldap sync only = Only' ? If you do not
use this setting that is most likely the problem.
If you do then it may be a bug in samba.

Have you given samba access for writing to the sambaNTPassword
attribute ?
(you shouldn't samba should be allowed only to read).

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to