Re: [Samba] Samba 3 ldap password sync
Thanks for the feedback! This is exactly what I needed! This totally explains what I was trying to figure out and I can move on from here. Thank you again for the feedback Kevin > > > Well, I seem to have gotten past the most difficult parts as far as Samba and > LDAP > > are concerned. I'm able to have a user log in to the domain, and get > authenticated > > via LDAP. The user can also change the LDAP password from the Windows screen > > (control-alt-delete->change password). So most stuff as far as the windows > domain > > login appears. > > > > My problem is this. Linux and other users need to be able to change their ldap > > password. If they log into the box, or change it via a web interface it changes > > their ldap password, but samba doesn't seem to recognize it. For example as root > I > > changed a users password via the command line and it said it was changing the > LDAP > > password. I confirmed the password was changed by accessing a web page that > > authenticates using ldap and the new password worked. I then tried to access via > > samba and the new password did no work. > > > > Am I doing something wrong or missing something obvious? Does samba cache > passwords > > somewhere? I've got ldap sync set to on but that doesn't appear to be working. > > Windows encodes the password differently to the unix side, and as a > result, the password is stored in the ldap database twice. When you > change the password from Samba, it updates the two encoded password > versions both for windows and for unix. When you change the password for > unix, it only changes the unix password and not the windows encoded > version - thus your problem. > > There is an extention available for the newer versions of openldap (not > sure if it is openldap specific) that will allow openldap to handle the > encoding of passwords for you in the various formats - this means that > it will "just work" no matter what software changed the password, even > if the software had no idea about windows. I haven't used it before > though - try and read up on openldap for more details. > __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 ldap password sync
On Tue, 2004-05-04 at 05:32, Graham Leggett wrote: > There is an extention available for the newer versions of openldap (not > sure if it is openldap specific) that will allow openldap to handle the > encoding of passwords for you in the various formats - this means that > it will "just work" no matter what software changed the password, even > if the software had no idea about windows. I haven't used it before > though - try and read up on openldap for more details. In OpenLDAP CVS, there is a contributed password set module called smbk5pwd. The purpose of this module is to do exactly this. Now, I was meant to be testing it out, and checking it worked - I've not done that, but if somebody wants to beat me to it, I'll be most pleased :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 ldap password sync
Kevin Metz wrote: Well, I seem to have gotten past the most difficult parts as far as Samba and LDAP are concerned. I'm able to have a user log in to the domain, and get authenticated via LDAP. The user can also change the LDAP password from the Windows screen (control-alt-delete->change password). So most stuff as far as the windows domain login appears. My problem is this. Linux and other users need to be able to change their ldap password. If they log into the box, or change it via a web interface it changes their ldap password, but samba doesn't seem to recognize it. For example as root I changed a users password via the command line and it said it was changing the LDAP password. I confirmed the password was changed by accessing a web page that authenticates using ldap and the new password worked. I then tried to access via samba and the new password did no work. Am I doing something wrong or missing something obvious? Does samba cache passwords somewhere? I've got ldap sync set to on but that doesn't appear to be working. Windows encodes the password differently to the unix side, and as a result, the password is stored in the ldap database twice. When you change the password from Samba, it updates the two encoded password versions both for windows and for unix. When you change the password for unix, it only changes the unix password and not the windows encoded version - thus your problem. There is an extention available for the newer versions of openldap (not sure if it is openldap specific) that will allow openldap to handle the encoding of passwords for you in the various formats - this means that it will "just work" no matter what software changed the password, even if the software had no idea about windows. I haven't used it before though - try and read up on openldap for more details. Regards, Graham -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 ldap password sync
> Well, I seem to have gotten past the most difficult parts as far as Samba and LDAP > are concerned. I'm able to have a user log in to the domain, and get authenticated > via LDAP. The user can also change the LDAP password from the Windows screen > (control-alt-delete->change password). So most stuff as far as the windows domain > login appears. > My problem is this. Linux and other users need to be able to change their ldap > password. If they log into the box, or change it via a web interface it changes > their ldap password, but samba doesn't seem to recognize it. For example as root I > changed a users password via the command line and it said it was changing the LDAP > password. I confirmed the password was changed by accessing a web page that > authenticates using ldap and the new password worked. I then tried to access via > samba and the new password did no work. > Am I doing something wrong or missing something obvious? Does samba cache passwords > somewhere? I've got ldap sync set to on but that doesn't appear to be working. Are you using smbpasswd to change the users password? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 ldap password sync
Well, I seem to have gotten past the most difficult parts as far as Samba and LDAP are concerned. I'm able to have a user log in to the domain, and get authenticated via LDAP. The user can also change the LDAP password from the Windows screen (control-alt-delete->change password). So most stuff as far as the windows domain login appears. My problem is this. Linux and other users need to be able to change their ldap password. If they log into the box, or change it via a web interface it changes their ldap password, but samba doesn't seem to recognize it. For example as root I changed a users password via the command line and it said it was changing the LDAP password. I confirmed the password was changed by accessing a web page that authenticates using ldap and the new password worked. I then tried to access via samba and the new password did no work. Am I doing something wrong or missing something obvious? Does samba cache passwords somewhere? I've got ldap sync set to on but that doesn't appear to be working. Any help would be greatly appreciated Kevin [EMAIL PROTECTED] __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba