Bernhard Czech
2003-Aug-10 17:49 UTC
[Samba] Changes to userPassword attribute in LDAP for machine accounts
Hi, does Samba-3.0.0beta3 still requires the posixAccount object for machine accounts? If so does Samba or any program called by Samba change the userPassword attribute for machine accounts? If no posixAccount object is required for machine accounts and there is a userPassword attribute from a differnt Object, does Samba or a program called by Samba change the userPassword attribute? Thank's Bernhard Czech
Dariush Forouher
2003-Aug-10 19:42 UTC
[Samba] Changes to userPassword attribute in LDAP for machine accounts
Am Son, 2003-08-10 um 19.49 schrieb Bernhard Czech:> Hi, > > does Samba-3.0.0beta3 still requires the posixAccount object for machine > accounts?Unless you use winbind, yes (Which doesn't make much sense when you're already using LDAP & nss-ldap).> If so does Samba or any program called by Samba change the userPassword > attribute for machine accounts?Samba has an option 'ldap passwd sync', when set samba will update userPassword whenever the two samba hashes are updated, too.> If no posixAccount object is required for machine accounts and there is > a userPassword attribute from a differnt Object, does Samba or a program > called by Samba change the userPassword attribute?Just checked this here: If there is no userPassword attribute in the entry, samba won't create a new one (at least not with machine trust accounts). ciao Dariush
Beast
2003-Aug-12 03:33 UTC
[Samba] Changes to userPassword attribute in LDAP for machine accounts
Monday, August 11, 2003, 8:20:52 PM, Bernhard wrote:> Beast schrieb:>>userPassword is optional on posixAccount objectclass, why you need a >>password for that? >> > Currently I am writing on a client management software. It gives the > Administrator complete control over their Windows 2000/XP machines from > a web interface. In this software the clients have to authenticate > themselves on the server. We decided to store as much machine specific > settings in LDAP as possible, because our Samba already stores machine > information in LDAP and we do not want to start a new data source.1. Use acl to restrict access. 2. If you still want to synch passwd, write your own passwd changer script to update the machine passwd also.> Bernhard Czech--beast