Re: [Samba] changing password on samba bdc
Byla godzina 02:34:09 w Thursday 09 March, gdy do autobusu wsiadl kanar i wrzasnal:"Pavan!!! Bilecik do kontroli!!!" A on(a) na to: > Lukasz Stelmach wrote: > > Machine1: Pdc Samba + OpenLDAP(master) > > Machine2: Bdc Samba + OpenLDAP(slave) > > LDAP stores Samba and POSIX information for each user. > > > > Case1: I login to Machine1 and invoke smbpasswd. I change > > my passwords (samba and posix without any problem). In next > > few seconds they get propagated to Machin2 wher I can login > > with new credentials. [...] > > # > > #it seems to be here where the modifications start > > # > > conn=327 op=8 MOD dn="cn=John Doe,ou=People,o=example,c=xx" > > conn=327 op=8 MOD attr=sambaPwdCanChange sambaPwdCanChange sambaLMPassword > > sambaLMPassword sambaNTPassword sambaNTPassword sambaPwdLastSet > > sambaPwdLastSet > > conn=327 op=8 RESULT tag=103 err=0 text= > > conn=327 op=9 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" > > conn=327 op=9 SRCH attr=supportedExtension > > conn=327 op=9 SEARCH RESULT tag=101 err=0 nentries=1 text= > > conn=327 op=10 PASSMOD id="cn=John Doe,ou=People,o=example,c=xx" new > > conn=327 op=10 RESULT oid= err=0 text= > > conn=327 fd=26 closed (connection lost) > > conn=328 fd=27 closed (connection lost) > > Case2: I login to Machine2 and invoke smbpasswd. However I get > > "Password changed for user jdoe", but quite havy problems emerge. > > From now on I can't login to Machine1 and Machine2 neither with > > smbclient nor with ssh (which uses POSIX data). [...] > > conn=314 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" method=128 > > conn=314 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" mech=SIMPLE ssf=0 > > conn=314 op=0 RESULT tag=97 err=0 text= > > # > > # why it happens so that there is no id=... like above > > # > > conn=314 op=1 PASSMOD > > # > > conn=314 op=1 RESULT oid= err=0 text= > > conn=314 op=2 UNBIND > > conn=314 fd=26 closed > I am not a Samba Guru, But I have done a similar purpose for testing > before, as the problem is caused when you are changing the password on > the Machine 2, which is a slave, it is READ ONLY and the changes what > you do will not be updated or reflected on the original copy. And the > ldap credentials of the slave will not be written to the database.All > the changes have to be passed on from the Master database. I am not certain what you mean. I know that slave LDAP servers are readonly but unlike ordinary readonly server on an update attempt they send a client a URL of a master server the client should conntact to make changes. The client switches to the master server, samba does it properly, and repeats actions, this however fails as you may see in the logs because after switching samba doesn't do what it would if there were no switch. Now, as the changes has been made to the master database they get propagated down to the slave(s) (yes they get, and Sambaroot's password is wrong on all BDCs). Pease do the CC. -- Miłego dnia >Łukasz< - End forwarded message - -- Miłego dnia >Łukasz< -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] changing password on samba bdc
I am not a Samba Guru, But I have done a similar purpose for testing before, as the problem is caused when you are changing the password on the Machine 2, which is a slave, it is READ ONLY and the changes what you do will not be updated or reflected on the original copy. And the ldap credentials of the slave will not be written to the database.All the changes have to be passed on from the Master database. Lukasz Stelmach wrote: Greetings All. First let me introduce my situation Machine1: Pdc Samba + OpenLDAP(master) Machine2: Bdc Samba + OpenLDAP(slave) LDAP stores Samba and POSIX information for each user. Case1: I login to Machine1 and invoke smbpasswd. I change my passwords (samba and posix without any problem). In next few seconds they get propagated to Machin2 wher I can login with new credentials. ldap log says conn=327 fd=26 ACCEPT from PATH=/var//run/ldapi (PATH=/var//run/ldapi) conn=327 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" method=128 conn=327 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" mech=SIMPLE ssf=0 conn=327 op=0 RESULT tag=97 err=0 text= conn=327 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=327 op=1 SRCH attr=supportedControl conn=327 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=327 op=2 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(uid=jdoe)(objectClass=sambaSamAccount))" conn=327 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=327 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= # #conn=328 is made via nss_ldap # conn=328 fd=27 ACCEPT from PATH=/var//run/ldapi (PATH=/var//run/ldapi) conn=328 op=0 BIND dn="cn=Authenticate,o=example,c=xx" method=128 conn=328 op=0 BIND dn="cn=Authenticate,o=example,c=xx" mech=SIMPLE ssf=0 conn=328 op=0 RESULT tag=97 err=0 text= conn=328 op=1 SRCH base="ou=People,o=example,c=xx" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=jdoe))" conn=328 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass conn=328 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=328 op=2 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=jdoe))" conn=328 op=2 SRCH attr=gidNumber conn=328 op=2 SEARCH RESULT tag=101 err=0 nentries=2 text= conn=328 op=3 ABANDON msg=3 conn=327 op=3 SRCH base="ou=Groups,o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=1000))" conn=327 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=327 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=327 op=5 SRCH base="ou=Groups,o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=1001))" conn=327 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=327 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=327 op=6 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(uid=jdoe)(objectClass=sambaSamAccount))" conn=327 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=327 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=328 op=4 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=jdoe))" conn=328 op=4 SRCH attr=gidNumber conn=328 op=4 SEARCH RESULT tag=101 err=0 nentries=2 text= conn=328 op=5 ABANDON msg=5 conn=327 op=7 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(uid=jdoe)(objectClass=sambaSamAccount))" conn=327 op=7 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=327 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text= # #it seems to be here where the modi
[Samba] changing password on samba bdc
Greetings All. First let me introduce my situation Machine1: Pdc Samba + OpenLDAP(master) Machine2: Bdc Samba + OpenLDAP(slave) LDAP stores Samba and POSIX information for each user. Case1: I login to Machine1 and invoke smbpasswd. I change my passwords (samba and posix without any problem). In next few seconds they get propagated to Machin2 wher I can login with new credentials. ldap log says conn=327 fd=26 ACCEPT from PATH=/var//run/ldapi (PATH=/var//run/ldapi) conn=327 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" method=128 conn=327 op=0 BIND dn="cn=Sambaroot,o=example,c=xx" mech=SIMPLE ssf=0 conn=327 op=0 RESULT tag=97 err=0 text= conn=327 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=327 op=1 SRCH attr=supportedControl conn=327 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=327 op=2 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(uid=jdoe)(objectClass=sambaSamAccount))" conn=327 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=327 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= # #conn=328 is made via nss_ldap # conn=328 fd=27 ACCEPT from PATH=/var//run/ldapi (PATH=/var//run/ldapi) conn=328 op=0 BIND dn="cn=Authenticate,o=example,c=xx" method=128 conn=328 op=0 BIND dn="cn=Authenticate,o=example,c=xx" mech=SIMPLE ssf=0 conn=328 op=0 RESULT tag=97 err=0 text= conn=328 op=1 SRCH base="ou=People,o=example,c=xx" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=jdoe))" conn=328 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass conn=328 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=328 op=2 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=jdoe))" conn=328 op=2 SRCH attr=gidNumber conn=328 op=2 SEARCH RESULT tag=101 err=0 nentries=2 text= conn=328 op=3 ABANDON msg=3 conn=327 op=3 SRCH base="ou=Groups,o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=1000))" conn=327 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=327 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=327 op=5 SRCH base="ou=Groups,o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=1001))" conn=327 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass conn=327 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=327 op=6 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(uid=jdoe)(objectClass=sambaSamAccount))" conn=327 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=327 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=328 op=4 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=jdoe))" conn=328 op=4 SRCH attr=gidNumber conn=328 op=4 SEARCH RESULT tag=101 err=0 nentries=2 text= conn=328 op=5 ABANDON msg=5 conn=327 op=7 SRCH base="o=example,c=xx" scope=2 deref=0 filter="(&(uid=jdoe)(objectClass=sambaSamAccount))" conn=327 op=7 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=327 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text= # #it seems to be here where the modifications start # conn=327 op=8 MOD dn="cn=John Doe,ou=People,o=example,c=xx" conn=327 op=8 MOD attr=sambaPwdCanChange sambaPwdCanChange sambaLMPassword sambaLMPassword sambaNTPassword sambaNTPassword sambaPwdLastSet sambaPwdLastSet conn=327 op=8 RESULT tag=103 err=0 text= conn=327 op=9 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=327 op=9 SRCH attr=supportedExtension conn=327 op=9 SEARCH RES
