On 17/05/2021 15:05, Rowland penny via samba wrote:> On 17/05/2021 14:54, Hernan Jalabert wrote:
>> Thanks Rowland and Jonathon for the help.
>>
>> I was trying with the password generated in utf16 with the output of
>> the command that rowland gave me, but I keep getting the same error.
>>
>> modifying entry "cn = testuser, XXXXXX"
>> ldap_modify: Server is unwilling to perform (53)
>> additional info: 00002035: setup_io: it's not allowed to set the NT
>> hash password directly '
>>
>> Both in the execution of the script that I am writing and in the
>> execution of the ldapmodify command.
>>
>> By command line i execute the following (With the samba administrator
>> user):
>>
>> ldapmodify -H ldaps: // -x -D "cn = Administrator, XXXXXX" -w
XXXXXX
>> -f change.ldif
>>
>> With the following ldif:
>>
>> dn: cn = testuser, XXXXXX
>> changetype: modify
>> replace: unicodePwd
>> unicodePwd: IgAxADIAMwA0ADUANgBAAFkAYQAiAA=>
>
> You missed a colon ( : ) after unicodePwd. You have 'unicodePwd:'
and
> it should be 'unicodePwd::'
>
> Rowland
>
>
>
Also, you are doing it over the wire and you cannot do it over the wire,
do it on the DC using ldb-tools.
Rowland