On Sun, 2003-03-16 at 06:27, Kri¨tof Petr wrote:
Hi,
I configured samba 2.2.7a with --ldapsam. Works fine.
Pasword changes are updated on ldap server on
lmPassword and ntPassword atributes. Good.
But I want to synchronize unix password too.
You need to either tell pam_ldap your Manger DN and password
(keep that file secure!) or use the feature 'ldap passwd sync' in
Samba 3.0.
Samba did not update userPassword or never
call /bin/passwd or pam to change it.
This behavior doesnt depend on setting
unix password sync = yes
or
pam password change = yes
smbpasswd does:
- bind ldap seerver
search (uid=joe)(objectClass=sambaAccount)
- bind ldap server
search (objectClass=posixAccount)(uid=joe)
- bind ldap server
modify DN: uid=joe,dc=People,dc=company,dc=com
attribute ntPassword
attribute lmPassword
- bind ldap server
search (uid=joe)(objectClass=sambaAccount)
search (objectClass=posixAccount)(uid=joe)
I think correct behavior is modify userPassword too.
The attribute might not be present - we might not even have a matching
posixAccount. In Samba 2.2 we don't have the codepaths to get the
plaintext password to the parts doing the LDAP modifications easily.
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part