On 4/10/07 9:29 PM, "Edmundo Valle Neto" <[EMAIL PROTECTED]> wrote:
> David. > > You appears to have two conflicting options setted, I saw that you > enabled the "ldap passwd sync", this is the right way to do this, samba > will sync the password directly in ldap without any external command (at > least I think it does that way). > Heh, I never even noticed that he had that option enabled in the first place. Oops . . . > But when you set "unix password sync" to yes, samba will try to use the > specified "passwd program" using the specified "passwd chat" as root. I > dont know exactly what happens in the samba code when the two are setted > to yes, in my tests (with the other options (unix pass sync, passwd > program and chat) setted as yours) windows clients refuses to change the > password saying that they doesnt have right to do that (heh, a very nice > error message to someone say to me that I need to fix my LDAP acls to > solve that :) ). > I would think that one *COULD* use just the unix password sync and passwd program parameters to change all the passwords, assuming the passwd program had access to a DN with ACLs to change those parameters. BUT, LDAP passwd sync is definitely the easiest/best option . . . > If I remember right "unix password sync" is no by default (you can check > this with "testparm -v | grep sync" when the option is not setted), in > this case, passwd program and chat are simply ignored, doesnt make > difference what you put there. > > Just dont set "unix password sync" to yes at the same time with "ldap > passwd sync". Good advice - Wish I had noticed that in David's original post. > > Regards. > > Edmundo Valle Neto > > > David Pinkerton escreveu: >> I'm trying to get ldap/unix password sync working. >> >> Using this config, packet traces show no requests to update userPassword >> (only the samba passwords) >> >> Can someone see what I've done wrong? >> >> >> >> [global] >> workgroup = HOME >> netbios name = DHP >> >> security = user >> encrypt passwords = yes >> enable privileges = yes >> >> passdb backend = ldapsam:ldap://127.0.0.1 >> passwd program = /usr/local/sbin/smbldap-passwd -u %u >> unix password sync = yes >> >> log file = /var/log/samba/%m.log >> utmp = yes >> max log size = 50 >> log level = 1 >> syslog = 0 >> >> add user script = /usr/local/sbin/smbldap-useradd -m "%u" >> add machine script = /usr/local/sbin/smbldap-useradd -w "%u" >> >> add group script = /usr/local/sbin/smbldap-groupadd -p "%g" >> >> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" >> delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" >> "%g" >> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" >> >> domain logons = yes >> domain master = yes >> os level = 65 >> preferred master = yes >> wins support = yes >> >> ldap admin dn = cn=admin,o=dhp >> ldap passwd sync = yes >> ldap delete dn = yes >> ldap suffix = o=dhp >> ldap machine suffix = ou=machine >> ldap user suffix = ou=staff >> ldap group suffix = ou=group >> ldap idmap suffix = ou=idmap >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> >> >> >> >> >> The contents of this email may be privileged and confidential, any >> unauthorised use of the contents is expressly prohibited. If you are not the >> intended recipient, any disclosure, copying, distribution or any action taken >> or omitted to be taken in reliance on it, is prohibited and may be unlawful. >> PLAN Australia is not liable for the proper and complete transmission of the >> information contained in this communication, nor for any delay in its >> receipt. >> >> >> -- +-------------------------------------------------+ | Sean Elble | | Virginia Tech, Class of 2008 | | Vice President, VTLUUG | | E-Mail: [EMAIL PROTECTED] | | Web: http://www.sessys.com/~elbles/ | | Cell: 860.946.9477 | +-------------------------------------------------+
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba