Hi,
I am having a problem synchronizing user passwords with an LDAP server.
The samba password works fine but synchronizing the LDAP unixpassword fails.
Samba server and LDAP server are not identically and therefore I need
the old an the new password for whatever passwd chat.
But %o is an empty string.
I browse through the source code and found:
/*
* At this point we have the new case-sensitive plaintext
* password in the fstring new_passwd. If we wanted to synchronise
* with UNIX passwords we would call a UNIX password changing
* function here. However it would have to be done as root
* as the plaintext of the old users password is not
* available. JRA.
*/
can anybody help me out ???
hpb
Hans-Peter Bernhard wrote:> > Hi, > > I am having a problem synchronizing user passwords with an LDAP server. > The samba password works fine but synchronizing the LDAP unixpassword fails. > Samba server and LDAP server are not identically and therefore I need > the old an the new password for whatever passwd chat. > But %o is an empty string. > I browse through the source code and found: > > /* > * At this point we have the new case-sensitive plaintext > * password in the fstring new_passwd. If we wanted to synchronise > * with UNIX passwords we would call a UNIX password changing > * function here. However it would have to be done as root > * as the plaintext of the old users password is not > * available. JRA. > */ > > can anybody help me out ???It is a limitation of the protocol, and there isn't much that can be done. One way around it is to use a HTTPS server and a script like the one I use (hawkerc.net/staff/abartlet/sign-on.pl) to change them both via PAM. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net samba.org build.samba.org hawkerc.net