Hi Folks,
I'm running DS-389 (version: 1.3.7.5 ; Build: 2018.178.1311) on a Cent OS 7
(vs. 7.6.1810) system.
I've been working through creating a Samba 4 server and using LDAP
authentication to my DS-389 server. I've managed to get through
most everything but I'm running into an issue with how passwords are working.
From the Samba box I can user the command "smbpasswd -a testuser" and it will
change the Samba NT password internal to the DS-389 system
along with the LDAP userPassword.
I can then use this new password to login to linux systems using ssh and into
my Samba shares from a Windows 10 system.
But this isn't how I want the system to run.
I want to be able to change the LDAP password (userPassword) and have that then
update the sambaNTPassword.
I have been googling for days and ran across the suggestion to use the
smbkrb5pwd overlay but that looks specific to openldap and not DS-389.
I know there must be a way to update the userPassword field and have that push
out to the samba password but I can't find anything useful.
I'm hoping folks might have some suggestions on how to get the two passwords to
sync.My smb.conf file looks like the following (scrubbed for
security):
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = ldapsam:ldap://192.168.1.10
ldap suffix = dc=abc,dc=edu
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap delete dn = no
ldap admin dn = cn=Directory Manager
ldap passwd sync = Yes
ldap ssl = start_tls
log level = 5 passdb:5 auth:5
printing = cups
printcap name = cups
load printers = yes
cups options = raw
unix charset = UTF-8
dos charset = CP932
hosts allow = 127. 192.168.1.
# max protocol = SMB2
map to guest = Bad User
[homes]
valid users = @smbgroup
browsable = no
writable = yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[Anonymous share]
path = /samba/anonymous_share
writable = yes
browsable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
Thanks in advance!
(Sincere apologies for the multiple entries. I don't post often and it seems
the original post got garbled)
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
