On Mon, 2009-02-23 at 09:21 +0100, François Legal wrote: > Well, you usually have some specific acl in ldap for the userPassword > attribute, that restrict access to only the owner of the entry and an > administrator. You should make sure that the dn used by samba to bind the > directory (ldap admin dn) has access to the userPassword attribute.
This is exactly what the second example below proves. > Also, you should check that ldap is not setup with smbpasswd overlay, in > which case you should change the ldap sync parameter to only. The module is commented out: #moduleload smbk5pwd > On Sun, 22 Feb 2009 14:02:15 -0500, Adam Tauno Williams > <adamtaunowilli...@gmail.com> wrote: > > openldap-2.3.27-8.el5_2.4,samba3-3.2.8-38 > > An smbpasswd by root to change a user's password fails with: > > [r...@littleboy samba]# smbpasswd adam > > New SMB password: > > Retype new SMB password: > > ldapsam_modify_entry: LDAP Password could not be changed for user adam: > > Internal (implementation specific) error > > password hash failed > > Failed to modify entry for user adam. > > Failed to modify password entry for user adam > > This changes the Samba password but fails to change the user's > > userPassword (LDAP sync) password. But I can "manually" change the > > password using the DC's bind DN and password: > > # ldappasswd -S -H ldapi://%2fvar%2frun%2fldap2.4%2fldapi -vvvvvvvvv -x > > -W -D "uid=CIFSDC,ou=System,ou=Entities,ou=SAM,o=Morrison > > Industries,c=US" "cn=Adam > > Williams,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US" > > New password: > > Re-enter new password: > > Enter LDAP Password: > > ldap_initialize( ldapi://%2fvar%2frun%2fldap2.4%2fldapi ) > > Result: Success (0) > > Samba LDAP configuration: > > passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldap2.4%2fldapi > > ldap ssl = no > > ldap admin dn = uid=CIFSDC,ou=System,ou=Entities,ou=SAM,o=Morrison > > Industries,c=US > > ldap suffix = o=Morrison Industries,c=US > > ldapsam:trusted = yes > > ldap passwd sync = Yes > > Oddly, attempting to change the password AS THE USER fails with a > > different error message, either via smbpasswd or via the password change > > dialog on a Win32 workstation: > > bash-3.2$ smbpasswd -U adam > > Old SMB password: > > New SMB password: > > Retype new SMB password: > > machine 127.0.0.1 rejected the (anonymous) password change: Error was : > > Wrong Password. > > Failed to change password for adam > > It always just says the user's password is wrong, although the user can > > login, navigate, etc... > > Is this https://bugzilla.samba.org/show_bug.cgi?id=5886 ? -- OpenGroupware developer: awill...@whitemice.org <http://whitemiceconsulting.blogspot.com/> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba