On Wed, 2005-07-06 at 23:43 +0200, Geert Stappers wrote: > On Tue, Jul 05, 2005 at 05:35:15PM -0500, Alex Canizales wrote: > <snip/> > > > > Already i had put the ldap passwd sync=yes > > > > >What does you root DSE look like? > > > > This is my root DSE access control point rules: > > > > dn: > > changetype: modify > > replace: orclaci > > orclaci: access to entry by * (browse) > > orclaci: access to attr=(*) by * (search,read,compare) > > orclentrylevelaci: access to entry by * (browse) > > > > The problems isn't here, > > > I have > > access to attrs=sambaLMPassword,sambaNTPassword > by self ssf=128 write > by anonymous ssf=128 auth > by dn="cn=smbadmin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write > by dn="cn=admin,ou=People,dc=gpm,dc=stappers,dc=nl" ssf=128 write > by * none > > > > > > > is there any samba developer that tell me what other kind of ldap operation > > make when change the password from windows? why i got the message: ldap > > password change requested, but LDAP server does not support it -- ignoring > > ? if Oracle Ldap doesn't support this, why it's changing just the samba > > password and not the userpassword, and why it is changed when i use the > > smbldap-password command? > > smbldap-password probably uses smbadmin ( has write accces on OID ) > Windows probably uses "self" ( has no write access on OID )
Windows is *not* touching ldap directly, only asking Samba to change the NT4 domain password in a SAM, which happens to be Samba on LDAP. You can see what the smbldap script is doing by reading the script, but the Samba 'ldap password sync = yes', is making the OpenLDAP password set exop call. This it hopes might set some LDAP password, in the hope of keeping everything in sync. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba