[Freeipa-users] Resynchronize Samba Passwort

Marc Grimme grimme at atix.de
Thu Oct 11 07:43:06 UTC 2012 

On Mi 10 Okt 2012 17:54:22 CEST, Simo Sorce wrote:
> On Wed, 2012-10-10 at 17:11 +0200, Marc Grimme wrote:
>> Hello together,
>> we are running IPA on RHEL6.3 for quite some time.
>> We are also using IPA to provide the LDAP backend for our samba
>> configuration.
>> Normally everything is running quite ok.
>>
>> But from time to time some people inform me that their samba password is
>> not in sync with their password in IPA.
>> Mostly this is working but a few different people are informing me about
>> that.
>> So is there a way to "resync" the password to the ones in LDAP
>> (userPassword, sambaNTPassword)?
>
> We do not have code to do that now (although we have some code in 3.0
> that is capable of doing that so it is technically possible), but this
> shouldn't happen in the first place.
>
> Do you have any information about how the password was changed by these
> users ?
They are changing their passwords via ssh, sssd (kpasswd underneath) or 
directly over kpasswd.

BTW: What would be the recommended way to re change their password 
afterwards again?
>
> Are you allowing samba to change the password ?
Probably (ldap passwd sync=Yes). Up to now I recommended to use 
ssh/sssd combination for passwd change to those users.
>
> If so are you using the option 'ldap sync only = Only' ? If you do not
> use this setting that is most likely the problem.
> If you do then it may be a bug in samba.
I'm using samba 3.5 (part of RHEL6) and there seems to be no option 
ldap sync.
The only relevant option I've set is ldap passwd sync = Yes.
>
> Have you given samba access for writing to the sambaNTPassword
> attribute ?
> (you shouldn't samba should be allowed only to read).
Not that I know of.
How can I do this?
>
> Simo.
>



--
--

Marc Grimme

E-Mail: grimme( at )atix.de

ATIX Informationstechnologie und Consulting AG | Einsteinstrasse 10 |
85716 Unterschleissheim | www.atix.de | www.comoonics.org

Registergericht: Amtsgericht Muenchen, Registernummer: HRB 168930, 
USt.-Id.:
DE209485962 | Vorstand: Marc Grimme, Mark Hlawatschek, Thomas Merz 
(Vors.) |
Vorsitzender des Aufsichtsrats: Dr. Martin Buss

More information about the Freeipa-users mailing list