[Fedora-directory-users] Samba LDAP password sync

Craig White craigwhite at azapple.com
Tue Nov 28 02:30:02 UTC 2006 

On Mon, 2006-11-27 at 19:09 -0700, Craig White wrote:
> On Tue, 2006-11-28 at 11:28 +1000, Matt Stucky (Office) wrote:
> > As I understand it, the password chat is only used with "unix password 
> > sync" and is not used with "ldap passwd sync".
> ----
> I missed that detail - I use unix password sync and have never used ldap
> password sync and thus the chat.
> ----
> > 
> > Are you using MD5 for your passwords?
> ----
> no - crypt
----
correction...on the system that I am using with fedora directory server,
I see that it is using md5

Craig
> ----
> > -Matt
> ----
> Craig
> ----
> > 
> > Craig White wrote:
> > > On Tue, 2006-11-28 at 10:55 +1000, Matt Stucky (Office) wrote:
> > >   
> > >> Hi All,
> > >>
> > >> I've set up FDS as the ldap back end for a Samba PDC.  It is working 
> > >> well, but I'm having a problem with Windows users changing their 
> > >> password from Windows.  When I use "ldap passwd sync = yes" (in the 
> > >> samba config) Windows users receive an error message when they attempt 
> > >> to change their password.  What actually happens is their Samba/NT 
> > >> passwords are changed, but the posix password is not.  If I use "ldap 
> > >> passwd sync = no" (default) then the users can successfully change their 
> > >> passwords but, as per the smb.conf man page, only the Samba/NT passwords 
> > >> are changed, not the posix password.  I have FDS, User Admin tool 
> > >> (Webmin - LDAP users and Groups), and /etc/ldap.conf set to use MD5 for 
> > >> password hashing.
> > >>
> > >> If, on the server I run "smbpasswd test_user" and attempt to change a 
> > >> user's password that way; it gives me the error:
> > >> ---------------
> > >> ldapsam_modify_entry: LDAP Password could not be changed for user 
> > >> test_user: Confidentiality required
> > >>         Operation requires a secure connection.
> > >>
> > >> Failed to modify entry for user test_user.
> > >> Failed to modify password entry for user test_user
> > >> ---------------
> > >>
> > >> It looks like FDS requires SSL in order for a user's posix password to 
> > >> be changed from Samba/Windows.  I need to have the Samba and posix 
> > >> passwords syncronized.  Do I need to set up SSL for that to work, or is 
> > >> there something else I am missing?  I found a post where someone used 
> > >> "unix password sync = yes" with smbldap-passwd for the password program 
> > >> as a workaround for this same problem, but I would prefer the tidier and 
> > >> simpler "ldap passwd sync = yes".  Has anyone run into this and figured 
> > >> out how to make it work?
> > >>     
> > > ----
> > > my guess is that you have something wrong with your 'password chat
> > > script' in smb.conf or possibly something amiss in smbldap configuration
> > > because it does work.
> > >
> > > Craig
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >   
> > 
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

More information about the Fedora-directory-users mailing list