samba - Apr 2004 - Samba / Ldap Password Issues

I'm having some issues with samba 3 and my ldap passwords. First I'll
tell
you what I'm working with.

Ldap server is RH 7.3 and openldap 2.0.25 DBM

Samba 3.0.2a-1 using ldapsam_compat (Compiled from RPM source by me ) on
RHEL 3

Samba 2.2.8-1.ldap on RH9

--------------
The Samba 2 works great. Auth against ldap no problem, has been for over a
year.

The Samba 3 does not work.. Well not really. If I change the users password
using smbldap-passwd.pl (or the ldap webmin module) to the same (or
different) password they had before it works.

When I look at the nt and lan hashes in the ldap records they have not
changed!

It's almost like I need to some how touch the ldap record for it to work

This is really confusing.. Any one have an idea?

- Jamie


Heres a sample LDIF record

dn: uid=mimc08,ou=People,dc=newberg,dc=k12,dc=or,dc=us
shadowLastChange: 12370
rid: 11126
primaryGroupID: 11127
acctFlags: [U          ]
gecos: Millen Mc
uidNumber: 5063
userPassword: {crypt}PIsNAk2Yp2XmU
gidNumber: 501
objectClass: account
objectClass: posixAccount
objectClass: sambaAccount
objectClass: top
objectClass: shadowAccount
objectClass: inetorgperson
objectClass: apple-user
objectClass: extensibleObject
objectClass: newberg
lmPassword: 57E3A052197F90B0AAD3B435B51404EE
homeDirectory: /data/students/mimc08
ntPassword: DF32985352318202CC224ECFD06B0599
cn: Millen Mc
sn: null
loginShell: /bin/false
uid: mimc08

-------

Heres a copy of my smb.conf

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/04/05 14:33:34

# Global parameters
[global]
        log level = 10
        wins support = Yes
        ldap server = ldap.newberg.k12.or.us
        ldap port = 389
        passdb backend = ldapsam_compat:ldap://ldap.newberg.k12.or.us/,
guest
        ldap suffix = dc=newberg,dc=k12,dc=or,dc=us
        ldap admin dn = uid=root,ou=People,dc=newberg,dc=k12,dc=or,dc=us
        ldap ssl = no

[homes]
        valid users = %S
        read only = No
        browseable = No

Hi Jamie,

I think you need to upgrade smbldap-too to new version which is 
smbldap-tools-0.8.4-1.i386.rpm it support Samba 3.0
Check this out URL http://samba.idealx.org/index.en.html
****

Regards,

Suhaimi


jamie wrote:
>I'm having some issues with samba 3 and my ldap passwords. First
I'll tell
>you what I'm working with.
>
>Ldap server is RH 7.3 and openldap 2.0.25 DBM
>
>Samba 3.0.2a-1 using ldapsam_compat (Compiled from RPM source by me ) on
>RHEL 3
>
>Samba 2.2.8-1.ldap on RH9
>
>--------------
>The Samba 2 works great. Auth against ldap no problem, has been for over a
>year.
>
>The Samba 3 does not work.. Well not really. If I change the users password
>using smbldap-passwd.pl (or the ldap webmin module) to the same (or
>different) password they had before it works.
>
>When I look at the nt and lan hashes in the ldap records they have not
>changed!
>
>It's almost like I need to some how touch the ldap record for it to work
>
>This is really confusing.. Any one have an idea?
>
>- Jamie
>
>
>Heres a sample LDIF record
>
>dn: uid=mimc08,ou=People,dc=newberg,dc=k12,dc=or,dc=us
>shadowLastChange: 12370
>rid: 11126
>primaryGroupID: 11127
>acctFlags: [U          ]
>gecos: Millen Mc
>uidNumber: 5063
>userPassword: {crypt}PIsNAk2Yp2XmU
>gidNumber: 501
>objectClass: account
>objectClass: posixAccount
>objectClass: sambaAccount
>objectClass: top
>objectClass: shadowAccount
>objectClass: inetorgperson
>objectClass: apple-user
>objectClass: extensibleObject
>objectClass: newberg
>lmPassword: 57E3A052197F90B0AAD3B435B51404EE
>homeDirectory: /data/students/mimc08
>ntPassword: DF32985352318202CC224ECFD06B0599
>cn: Millen Mc
>sn: null
>loginShell: /bin/false
>uid: mimc08
>
>-------
>
>Heres a copy of my smb.conf
>
># Samba config file created using SWAT
># from 0.0.0.0 (0.0.0.0)
># Date: 2004/04/05 14:33:34
>
># Global parameters
>[global]
>        log level = 10
>        wins support = Yes
>        ldap server = ldap.newberg.k12.or.us
>        ldap port = 389
>        passdb backend = ldapsam_compat:ldap://ldap.newberg.k12.or.us/,
>guest
>        ldap suffix = dc=newberg,dc=k12,dc=or,dc=us
>        ldap admin dn = uid=root,ou=People,dc=newberg,dc=k12,dc=or,dc=us
>        ldap ssl = no
>
>[homes]
>        valid users = %S
>        read only = No
>        browseable = No
>
>
>
>  
>