jan
2002-Dec-16 11:06 UTC
[Samba] ldap users would like to change their own (smb)passwords
Dear Samba list, I am using samba with ldap. All works fine. Now I want my users to change their own smbpasswd's. That only works when : domain admin groups = myusers and secrets.tdb is set to 660 beside this smb.conf must at least be readable by the myusers_group. Otherwise I get this : /usr/local/samba-2.2.7/bin/smbpasswd -L -a bert Failed to open /usr/local/samba-2.2.7/private/secrets.tdb New SMB password: Retype new SMB password: LDAPS option set...! fetch_ldap_pw: ldap secret is too long (1073817312 > 1023)! ldap_connect_system: Failed to retrieve password for cn=master, ... from secrets.tdb Is there no more secure and better way to let users change their own (smb)passwd in the ldap directory (also to avoid that user x change user's y passwd) ?? regards, Jan
Gerald (Jerry) Carter
2002-Dec-16 14:39 UTC
[Samba] ldap users would like to change their own (smb)passwords
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 16 Dec 2002, jan wrote:> Dear Samba list, > > > I am using samba with ldap. All works fine. > Now I want my users to change their own smbpasswd's. > > That only works when : > > domain admin groups = myusers > and > secrets.tdb is set to 660 > > beside this smb.conf must at least be readable by the myusers_group.I wouldn't do this if I were you.> Otherwise I get this : > > /usr/local/samba-2.2.7/bin/smbpasswd -L -a bertnon-root users should use smbpasswd -r <server> -U <user> for changing their passwords. This uses the SMB RAP password changing ops and requires that the user know the old password. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 "SAMS Teach Yourself Samba in 24 Hours" 2ed "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9/eS5IR7qMdg1EfYRAkQ3AKDZV0YYdICqfFij+22lQPkXj3DEkQCg0gil e5c/i9SpkD6817N+Y6DHiv0=IMfQ -----END PGP SIGNATURE-----