Well, if this can help anybody, i found a workaround that is not perfect, but works fine.
http://lists.fedoraproject.org/pipermail/389-users/2010-June/011685.html Regards. El 28 de junio de 2010 12:40, Juan Asensio Sánchez <oke...@gmail.com>escribió: > Hi > > We have some Samba servers using LDAP (389 DS) as backend. In the LDAP > server, we have defined some policies to make the passwords stronger. When a > user tries to change his password (Control-Alt-Del), this message appears in > the LOGs: > > ==> /var/log/samba/xptest <== > [2010/06/28 12:26:26, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [10000001S] -> [10000001S] > -> [10000001S] succeeded > [2010/06/28 12:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) > init_sam_from_ldap: Entry found for user: 10000001S > [2010/06/28 12:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167) > init_group_from_ldap: Entry found for group: 10001 > [2010/06/28 12:26:37, 2] passdb/pdb_ldap.c:init_group_from_ldap(2167) > init_group_from_ldap: Entry found for group: 10001 > [2010/06/28 12:26:38, 2] passdb/pdb_ldap.c:init_ldap_from_sam(972) > init_ldap_from_sam: Setting entry for user: 10000001S > [2010/06/28 12:26:38, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1651) > ldapsam_modify_entry: LDAP Password could not be changed for user > 10000001S: Constraint violation > Failed to update password > > > ==> /var/log/dirsrv/slapd-pruebas/audit <== > time: 20100628122637 > dn: uid=10000001s,XXXXXXXXXXXXX > changetype: modify > delete: sambaLMPassword > sambaLMPassword: 0182BD0BD4444BF836077A718CCDF409 > - > add: sambaLMPassword > sambaLMPassword: 39EAD569B79C7EA2C2265B23734E0DAC > - > delete: sambaNTPassword > sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52 > - > add: sambaNTPassword > sambaNTPassword: 8EC60ADEA316D957D1CF532C5841758D > - > delete: sambaPwdLastSet > sambaPwdLastSet: 1277720109 > - > add: sambaPwdLastSet > sambaPwdLastSet: 1277720798 > - > replace: modifiersname > modifiersname: uid=adminsamba,XXXXXXXXXXX > - > replace: modifytimestamp > modifytimestamp: 20100628102637Z > - > > So, the Samba passwords are changed, but the unix password is not changed > because the LDAP rejects it because it is not as string as required. Is > there any way to avoid this? Shouldn't the unix password be changed before > the samba passwords to check if the LDAP server accepts it? > > Regards. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba