Have you used the -r option for smbpasswd to connect to the PDC in smb.conf? Just wondering what the password chat would be. I can test it out and see what works.
Kent N Bruno Guerreiro <[EMAIL PROTECTED]> wrote: > Hi there, > The best (only?) way to go is with a LDAP Master+slave architecture. > All changes must be done at the LDAP Master server which automatically > replicates them to all slave ldap servers. > So, yes, the BDC MUST talk to the PDC, or at least the master ldap server to > change the password. > > Best Regards. > Bruno Guerreiro > > -----Original Message----- > From: kent [mailto:[EMAIL PROTECTED] > Sent: quarta-feira, 31 de Agosto de 2005 11:15 > To: [EMAIL PROTECTED]; Samba > Subject: Re: [Samba] BDC and password change program > > > Hello, > How are you doing? I just switched this summer from RedHat 8.0 with compiled > versions of Samba, OpenLDAP and Berkeley DB to Fedora Core 4 with > precompiled > Samba, OpenLDAP and BerkeleyDB. Here is the smb.conf from one school that is > a > BDC: > [global] > workgroup = WarehamPS > encrypt passwords = Yes > time offset = 60 > time server = Yes > # log level = 5 > socket options = TCP_NODELAY TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > security = user > username map = /etc/samba/smbusers > logon script = whs1.bat > writable = Yes > interfaces = eth0 eth1 > directory mask = 02770 > preferred master = yes > netbios name = whs1 > server string = Fedora Core 4 SAMBA server > passdb backend = ldapsam:ldap://127.0.0.1 > ldap passwd sync = Yes > machine password timeout = 604800 > passwd program = /usr/bin/smbpasswd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUnix\spassword:* %n\n > log file = /var/log/samba/%m.log > debug level = 2 > max log size = 50 > add machine script = /usr/sbin/addmachine.sh "%u" > logon path = > logon drive = H: > logon home = > domain logons = Yes > os level = 64 > domain master = No > dns proxy = no > admin users = @domain_admins > wins support = no > wins server = 172.16.0.13 > wins proxy = yes > local master = yes > name resolve order = hosts wins bcast > ldap suffix = dc=tow,dc=net > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap admin dn = cn=admin,dc=tow,dc=net > ldap ssl = no > > [homes] > comment = Home Directories > read only = no > browseable = no > writable = yes > path = %H > # valid users = %S > > [netlogon] > root preexec = /accounts/netlogon/prelogon.pl %U > path = /accounts/netlogon > comment = Netlogon share > locking = no > browseable = yes > valid users = @whsstaff, @whsstudent, @whs-cafe, navinstall, kent > read only = yes > hide files = /.*/*dll/*DLL/*.bat/*.kix/*.rap/*pl/ > write list = @domain_admins > [staff] > comment = Staff directory > path = /accounts/common > create mode = 0660 > browseable = no > write list = @whsstaff > valid users = @whsstaff > [programs] > comment = Applications > path = /accounts/programs > browseable = no > create mode = 0660 > write list = @whsstaff > valid users = @whsstaff > > [cafeteria] > path = /accounts/cafeteria/data > browseable = no > valid users = @whs-cafe, dperry > force group = whs-cafe > create mode = 0660 > directory mode = 0770 > > Here is the smb.conf for the PDC: > [global] > workgroup = WarehamPS > encrypt passwords = Yes > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > security = user > writable = Yes > interfaces = eth0 eth1 > directory mask = 02770 > preferred master = yes > local master = Yes > username map = /etc/samba/smbusers > netbios name = wms1 > server string = Fedora Core 4 SAMBA Server > passdb backend = ldapsam:ldap://172.16.0.24 > ldap passwd sync = Yes > machine password timeout = 604800 > passwd program = /usr/bin/smbpasswd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUnix\spassword:* %n\n > log file = /var/log/samba/%m.log > debug level = 2 > max log size = 30 > # add machine script = /usr/bin/smbpasswd -m %u > add machine script = /usr/sbin/addmachine.sh "%u" > logon script = wms1.bat > logon path = > logon drive = H: > logon home = > domain logons = Yes > os level = 255 > domain master = Yes > dns proxy = Yes > admin users = @domain_admins > wins support = Yes > remote browse sync = 172.16.0.3 172.16.0.19 172.16.0.15 172.16.0.26 > 172.16.0.20 172.16.80.1 > name resolve order = hosts wins bcast > ldap suffix = dc=tow,dc=net > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap admin dn = cn=admin,dc=tow,dc=net > ldap ssl = no > > [homes] > comment = Home Directories > read only = no > browseable = no > writable = yes > path = %H > hide files = /.*/ > [netlogon] > comment = Netlogon share > root preexec = /accounts/netlogon/prelogon.pl %U > path = /accounts/netlogon > valid users = @wmsstaff, @wmsstudent, @domain_users, @wms-cafe, > navinstall > locking = no > browseable = no > read only = yes > write list = @domain_admins > hide files = /*.dll/*.rap/*.kix/*.bat/*.pl/ > > [cafeteria] > path = /accounts/cafeteria/data > browseable = yes > valid users = @wms-cafe, dperry > force group = wms-cafe > create mode = 0660 > directory mode = 0770 > > [staff] > path = /accounts/common > browseable = no > valid users = @wmsstaff > force group = wmsstaff > write list = @domain_admins, @wmsstaff > create mode = 0660 > directory mode = 0770 > [programs] > path = /accounts/programs > browseable = no > valid users = @wmsstaff, @techstaff > create mode = 0660 > [tech] > path = /accounts/tech > browseable = no > valid users = @techstaff > force group = techstaff > write list = @techstaff > create mode = 0660 > directory mode = 0770 > > The addmachine.sh script is my own version of an add machine. All users, > groups, > computers have corresponding posix accounts in LDAP as well as Samba > objectClass > and attributes. I don't use any Windows utilities to manipulate user group > information in LDAP, I have my own set of routines tailored to our system > that > allows individual control of LDAP info or we can batch add/delete accounts > and > user attributes by interactive shell scripts. > > My question to the Samba community is still: should the password program on > the > BDC talk to the PDC by smbpasswd -r <PDC address>? I'm having a little > password > out of sync problem. > > Kent N. > > Marcio Luciano Donada <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > kent wrote: > > > > | Hello, Just wondering what I should be using for the password > > | change program on a BDC. Should it be: passwd program = > > | /usr/bin/smbpasswd -r <PDC address> %u > > | > > | I'm having a problem with passwords not staying in sync between the > > | PDC and BDC with pass backend ldap. > > | > > | The systems are all Fedora Core 4, Samba 3.0.14a, openldap 2.2.23 > > | > > | Kent N > > | > > Ola, I am trying to configure the BDC. How voce this making to add > > them you scheme in the base ldap? Voce can supply its configures > > (smb.conf) for me to give one analyzed and smbldap.conf? > > > > thank's > > > > - -- > > Márcio Luciano Donada > > T.I. Aurora Alimentos Chapecó(SC) > > Cooperativa Central Oeste Catarinense > > mdonada at auroraalimentos dot com dot br > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.2 (FreeBSD) > > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > > > iD8DBQFDFK8uyJq2hZEymxcRAlKbAJ9zHBrhgypVI1s7U5mpm/Frsan+mgCfT+Sa > > AAQEnZuvd72KHjQU5KML1mc= > > =1iV1 > > -----END PGP SIGNATURE----- > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba