On Wed, 2005-07-06 at 23:43 +0200, Geert Stappers wrote:
On Tue, Jul 05, 2005 at 05:35:15PM -0500, Alex Canizales wrote:
snip/
Already i had put the ldap passwd sync=yes
What does you root DSE look like?
This is my root DSE access control point rules:
dn:
changetype: modify
replace: orclaci
orclaci: access to entry by * (browse)
orclaci: access to attr=(*) by * (search,read,compare)
orclentrylevelaci: access to entry by * (browse)
The problems isn't here,
I have
access to attrs=sambaLMPassword,sambaNTPassword
by self ssf=128 write
by anonymous ssf=128 auth
by dn=cn=smbadmin,ou=People,dc=gpm,dc=stappers,dc=nl ssf=128 write
by dn=cn=admin,ou=People,dc=gpm,dc=stappers,dc=nl ssf=128 write
by * none
is there any samba developer that tell me what other kind of ldap operation
make when change the password from windows? why i got the message: ldap
password change requested, but LDAP server does not support it -- ignoring
? if Oracle Ldap doesn't support this, why it's changing just the samba
password and not the userpassword, and why it is changed when i use the
smbldap-password command?
smbldap-password probably uses smbadmin ( has write accces on OID )
Windows probably uses self ( has no write access on OID )
Windows is *not* touching ldap directly, only asking Samba to change the
NT4 domain password in a SAM, which happens to be Samba on LDAP. You
can see what the smbldap script is doing by reading the script, but the
Samba 'ldap password sync = yes', is making the OpenLDAP password set
exop call. This it hopes might set some LDAP password, in the hope of
keeping everything in sync.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
