NSC - NetworkServiceCenter
2002-Jun-14 01:12 UTC
[Samba] with ldap - samba - password sync - domain group map
> my solution (found in some ldap-samba-pdc-howto) was to set the > pwdMustChange to 2147483647 (which is far in the future: 2030 or > something)thank you very much! your solution solved this problem.>> 2. the unix password sync doesn't work. but i think there are two >> different problems, but let me describe: if i activated the password >> sync, i got on > you have to set the password chat to something that reflects your > systems password chat (no na)i knew it - (no na) ;-) my heavy situation is, that the chat expects [New password: ] and receives [New password: ] , but it says no match following row is from the log: expect: expected [New password: ] received [New password: ] match no this is my problem! is there a bug or is my config faulty: passwd chat = New\spassword:\s %n\n Re-enter\snew\spassword:\s %n\n Result:\sSuccess\s(0)\n passwd program = /etc/ldappwdsmb %u the programm ldappwdsmb is a script which calls ldappasswd as root! would it be possible to send me your configfiles to compare with mine? in my opinion, there's only one little mistake that let the sync crash!>> 3. the domain group map doesn't work! i found a lot of descriptions >> about > i have not tried this yet, but i think that 2.2.3a does not supprt > domain-group-mapping (but 2.2.4 should ???)i saw mails from lists where persons told about working group-map with earlier versions as 2.2.3 (!), but maybe i'm wrong! thanks lg thomas reisenbichler
IOhannes zmoelnig
2002-Jun-17 02:53 UTC
[Samba] with ldap - samba - password sync - domain group map
NSC - NetworkServiceCenter wrote:> > i knew it - (no na) ;-) > my heavy situation is, that the chat expects [New password: ] and receives > [New password: ] , but it says no match > following row is from the log: > > expect: expected [New password: ] received [New password: ] match no > > this is my problem! is there a bug or is my config faulty: > > passwd chat = New\spassword:\s %n\n Re-enter\snew\spassword:\s %n\n > Result:\sSuccess\s(0)\n > passwd program = /etc/ldappwdsmb %u > > the programm ldappwdsmb is a script which calls ldappasswd as root! > > would it be possible to send me your configfiles to compare with mine? in > my opinion, there's only one little mistake that let the sync crash! > >well, i think my configs won't help much (but just mail me again directly, if you really think you need them) so may passwd-chat line is as follows: passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n . note the asterisk and dot (i haven't really understood now what the dot means, but the asterisks match anything, and maybe the blank ("\s") between "passwd:" and " %n" is just no plain blank but something different. additionally i decided to not use tools like ldappwdsmb (by the way: do you always store your administrative progs in /etc/ ?? ;-)) but to change the ldap-passwds via pam (so the transmission to the new authentification would be totally transparent to my users) i had to patch the pam_ldap-sources with http://www.rit.bme.hu/~balsa/pam_ldap_ntlm/ mfg.ad.asdr IOhannes