I've compiled samba with the --with-ldapsam option and have setup up an ldap server. When I try to change the password of a user, say Administrator, get the following stuff with full debugging turned on (-D 255): New SMB password: Retype new SMB password: ldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=Administrator)(objectclass=sambaAccount))] get_single_attribute: [uid] = [Administrator] Entry found for user: Administrator get_single_attribute: [sambaDomain] = [NULL] get_single_attribute: [pwdLastSet] = [3B9E4575] get_single_attribute: [logonTime] = [00000000] get_single_attribute: [logoffTime] = [00000000] get_single_attribute: [kickoffTime] = [00000000] get_single_attribute: [pwdCanChange] = [3982F885] get_single_attribute: [pwdMustChange] = [FFFFFFFF] get_single_attribute: [gecos] = [Root user] get_single_attribute: [homeDrive] = [K:] homeDrive is set to K: get_single_attribute: [smbHome] = [NULL] smbHome is set to smbHome fell back to \\samba\%u get_single_attribute: [scriptPath] = [testmess.bat] scriptPath is set to testmess.bat get_single_attribute: [profilePath] = [\\samba\profiles\Administrator] profilePath is set to \\samba\profiles\Administrator get_single_attribute: [description] = [NULL] get_single_attribute: [userWorkstations] = [NULL] get_single_attribute: [rid] = [1f4] get_single_attribute: [primaryGroupID] = [200] ldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=)(objectclass=sambaAccount))] No user to modify! Failed to modify entry for user Administrator. Failed to modify password entry for user Administrator Is this a bug in the LDAP part of samba? How come the search string is correct the first time: (&(uid=Administrator)(objectclass=sambaAccount)) but not the second time: (&(uid=)(objectclass=sambaAccount)) Any ideas? thanks, Michael -- Public key available from http://students.cs.byu.edu/~torriem
I'm about to start setting samba up on our LDAP servers too. can you use the default RedHat OpenLDAP ? or must i recompile ? Also, can i use the samba source 2.2.2 or the 3.0 alpha. Thank You sorry for off topic questions. On 3 Dec 2001, Michael Torrie wrote:> I've compiled samba with the --with-ldapsam option and have setup up an > ldap server. When I try to change the password of a user, say > Administrator, get the following stuff with full debugging turned on (-D > 255): > > New SMB password: > Retype new SMB password: > ldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > ldap_search_one_user: searching > for:[(&(uid=Administrator)(objectclass=sambaAccount))] > get_single_attribute: [uid] = [Administrator] > Entry found for user: Administrator > get_single_attribute: [sambaDomain] = [NULL] > get_single_attribute: [pwdLastSet] = [3B9E4575] > get_single_attribute: [logonTime] = [00000000] > get_single_attribute: [logoffTime] = [00000000] > get_single_attribute: [kickoffTime] = [00000000] > get_single_attribute: [pwdCanChange] = [3982F885] > get_single_attribute: [pwdMustChange] = [FFFFFFFF] > get_single_attribute: [gecos] = [Root user] > get_single_attribute: [homeDrive] = [K:] > homeDrive is set to K: > get_single_attribute: [smbHome] = [NULL] > smbHome is set to > smbHome fell back to \\samba\%u > get_single_attribute: [scriptPath] = [testmess.bat] > scriptPath is set to testmess.bat > get_single_attribute: [profilePath] = [\\samba\profiles\Administrator] > profilePath is set to \\samba\profiles\Administrator > get_single_attribute: [description] = [NULL] > get_single_attribute: [userWorkstations] = [NULL] > get_single_attribute: [rid] = [1f4] > get_single_attribute: [primaryGroupID] = [200] > ldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > ldap_search_one_user: searching > for:[(&(uid=)(objectclass=sambaAccount))] > No user to modify! > Failed to modify entry for user Administrator. > Failed to modify password entry for user Administrator > > Is this a bug in the LDAP part of samba? How come the search string is > correct the first time: > (&(uid=Administrator)(objectclass=sambaAccount)) > but not the second time: > (&(uid=)(objectclass=sambaAccount)) > > Any ideas? > > thanks, > Michael > > >
I noticed that when I use smbpasswd to change my password that is stored in LDAP, if I have multiple uid it'll delete the extra ones is there a way to prevent that? Jean-Rene Cormier
Hi All, Is it possible for smbpasswd to authenicate and update samba password in an LDAP tree. I know that this works for su however it doesn't work for joe user. When I try to change the password this is what I get: Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for jgeddes30 My Old password is valid... What I don't understand is why smbpasswd does not ask for my password to authenicate to the tree and once authenicated then do the modifies on the password. Please let me know if people are able to update there samba passwords using smbpasswd and only having there samba info in the LDAP. -- Jeff Geddes, BSc(UNB) Computer Systems Specialist University of New Brunswick Faculty of Computer Science eMail: jgeddes@unb.ca office: Rm. E119 phone : (506) 452-6102 fax : (506) 453-3566
Hello,
Is it possible to use smbpasswd command to add necessary objectclasses
and attributes to existing ldap entries which contain only posix
account??
I got invalid DN syntax when adding smbuser using smbpasswd :
-----
[root@potato root]# smbpasswd -a beast
New SMB password:
Retype new SMB password:
failed to add domain dn= sambaDomainName=DJKT,dc=mydomain,dc=com with: Invalid
DN syntax
invalid DN
Adding domain info for DJKT failed with NT_STATUS_UNSUCCESSFUL
failed to add user dn= uid=beast,ou=people,"dc=mydomain,dc=com" with:
Invalid DN syntax
invalid DN
failed to modify/add user with uid = beast (dn =
uid=beast,ou=people,"dc=mydomain,dc=com")
Failed to add entry for user beast.
Failed to modify password entry for user beast
----
I have necessary ldap entry under
ou=people,ou=mysite,dc=mydomain,dc=com.
--beast
hi, What is the search scope of samba by default? One, Base, Sub .... Also. Can two LDAP PDCs, on different subnets and windows domains use the same LDAP server for auth? I have one working well, but the other seems to have trouble, seems to have problems with the machine account settings. j. -- ...................... ..... Jason C. Leach .. Current PGP/GPG Key ID: 43AD2024
Saturday, August 2, 2003, 2:16:40 PM, Markus wrote:> On Fri, 1 Aug 2003 17:47:11 +0700 > Beast <beast@setuid.com> wrote:>> > It seems samba was trying to add this new user instead of modify. >> > Whenever I add new user which doesn't has posixaccount yet, >> > smbpasswd refused to add. It's like chicken and egg pb. >> >> Aah.., using pdbedit -a was able to add new (non existing >> posixaccount), but what if I want to add custom attributes?> So you solved your problems finally?For this case, yes. more pb still waiting on the list...> I suppose with "add custom attributes" you mean you want to write your > own schema-file and have the users use these new objectClass(es) and > attributes. Well, then just use LDAP-commands to assign them to them. > That's nothing Samba-specific...Hmm, if i can not customize the attribute that were added by this tool, then better to create/modify/delete user stright to ldap server itself. It would be better if it has an options like -l which specify the ldif file to be added OR this tools will only modify existing posixaccount instead of creating new account.> (Don't ask me how to apply a specific LDAP-command such as ldapmodify to > a perhaps large subset of all LDAP entries ... I just don't know that > yet either.)Well, tks. I can handle it myself :-) --beast