On Sun, 2003-03-16 at 06:27, Kri¨tof Petr wrote: > Hi, > > I configured samba 2.2.7a with --ldapsam. Works fine. > Pasword changes are updated on ldap server on > lmPassword and ntPassword atributes. Good. > > But I want to synchronize unix password too.
You need to either tell pam_ldap your Manger DN and password (keep that file secure!) or use the feature 'ldap passwd sync' in Samba 3.0. > Samba did not update userPassword or never > call /bin/passwd or pam to change it. > > This behavior doesnt depend on setting > unix password sync = yes > or > pam password change = yes > > > smbpasswd does: > > - bind ldap seerver > search (uid=joe)&(objectClass=sambaAccount) > > - bind ldap server > search (objectClass=posixAccount)&(uid=joe) > > - bind ldap server > modify DN: uid=joe,dc=People,dc=company,dc=com > attribute ntPassword > attribute lmPassword > > - bind ldap server > search (uid=joe)&(objectClass=sambaAccount) > search (objectClass=posixAccount)&(uid=joe) > > I think correct behavior is modify userPassword too. The attribute might not be present - we might not even have a matching posixAccount. In Samba 2.2 we don't have the codepaths to get the plaintext password to the parts doing the LDAP modifications easily. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part