Re: [Samba] smbpasswd vs passwd to change

[Adam Tauno Williams]

On Thu, 2010-02-04 at 10:11 -0600, Adam wrote:
> so what's you're question?
> Nickolas Gray wrote:
> > Not sure if someone here can answer this for me. The OpenLDAP guys 
> > have blown me off on this one.

Don't feel bad;  providing opportunities to blow people off is the
primarily purpose of their listserv.

> > I have a standalone server which is using ldap as the passdb backend. 
> > I can ssh into an account.  I can show that "smbclient works  -L 
> > localhost -U ldaptestuser" works. If I change the password using 
> > smbpasswd both still work with new password. If i change the password 
> > using /usr/bin/passwd I can login interactively with the new password 
> > but samba still uses the old password.

Of course. passwd does not update the SAM password attributes.  With a
Samba 3.x SAM you have [at least] two passwords in your LDAP object -
userpassword and sambantpassword.  Samba may know to update all the
password entries, and potentially other meta-data, but passwd certainly
does not.  Unless you've been successful at configuring the smbk5pwd
module and are performing password changes via the password change
extended operation.

This is covered in the official documentation somwhere.

-- 
OpenGroupware developer: awill...@whitemice.org

OpenGroupare & Cyrus IMAPd documenation @


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] smbpasswd vs passwd to change

[Adam]

so what's you're question?

Nickolas Gray wrote:
Not sure if someone here can answer this for me. The OpenLDAP guys 
have blown me off on this one.


I have a standalone server which is using ldap as the passdb backend. 
I can ssh into an account.  I can show that "smbclient works  -L 
localhost -U ldaptestuser" works. If I change the password using 
smbpasswd both still work with new password. If i change the password 
using /usr/bin/passwd I can login interactively with the new password 
but samba still uses the old password.



The relevant part of the smb.conf is

[global]
workgroup = ISLANDS
server string = Samba Server Version %v on Kailua
netbios name = kailua
hosts allow = 192.168.136. 127.
log file = /var/log/samba/%m.log
max log size = 50
log level = 10
debug timestamp = yes

security = user

passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=local,dc=austin,dc=rr,dc=com
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=root,dc=local,dc=austin,dc=rr,dc=com
ldap delete dn = no
ldap ssl = no
ldap passwd sync = yes
local master = yes
os level = 33
preferred master = yes
load printers = yes
cups options = raw
restrict anonymous = 2


Thanks, Nick Gray

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbpasswd vs passwd to change

[Nickolas Gray]

Not sure if someone here can answer this for me. The OpenLDAP guys  
have blown me off on this one.


I have a standalone server which is using ldap as the passdb backend.  
I can ssh into an account.  I can show that "smbclient works  -L  
localhost -U ldaptestuser" works. If I change the password using  
smbpasswd both still work with new password. If i change the password  
using /usr/bin/passwd I can login interactively with the new password  
but samba still uses the old password.



The relevant part of the smb.conf is

[global]
workgroup = ISLANDS
server string = Samba Server Version %v on Kailua
netbios name = kailua
hosts allow = 192.168.136. 127.
log file = /var/log/samba/%m.log
max log size = 50
log level = 10
debug timestamp = yes

security = user

passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=local,dc=austin,dc=rr,dc=com
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=root,dc=local,dc=austin,dc=rr,dc=com
ldap delete dn = no
ldap ssl = no
ldap passwd sync = yes
local master = yes
os level = 33
preferred master = yes
load printers = yes
cups options = raw
restrict anonymous = 2


Thanks, Nick Gray
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba