I'm running samba3 Using OID (Oracle Internet Directory) as backend, almost 
works ok, but the final trick that doesn't work is the change of the passwords 
from windows dialog box, this change the samba passwords but don't change the 
userpassword, i have found this line on samba logs files:
ldap password change requested, but LDAP server does not support it -- ignoring.
windows "password change dialog" modifies LM and NT hashes (probably, just
NT one), changing of "user password" can be achived in two ways:
1) modifying UserPassword attribute (ldapmodify request, which is standard
one)
2) some special request sich as "extended operation" in OpenLDAP, non
standard requests.

"extended operations" are not "non-standard",  although they may or may
not be implemented by a particular DSA.  You can determine the 'exops'
supported by your DSA by looking at the rootDSA.

where can I read more about "rootDSA" ?
Google seems to know almost nothing about it.


Samba should be able to sync the password and lm and ht hashes by
itself.  Just set the "ldap passwd sync = yes" directive,  see the
smb.conf for he possible settings (yes, no, and only ?).  This will work
with or without exop password change support.

And i found in samba.org fourum that this problem is solved with this ACL:
access to dn.base="" by * read.
Already i have put them, but doesn't works, Anybody help me?

What does you root DSE look like?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to