samba - Apr 2004 - Samba / Ldap Password Issues - bump ;-)

Sorry to repost this question.. But I am at my wits end.. The server has
been off line for 2 weeks. So I will have to downgrade to samba 2.X by the
end of the day unless a miracle happens ;)

I'm having some issues with samba 3 and my ldap passwords. First I'll
tell
you what I'm working with.

Ldap server is RH 7.3 and openldap 2.0.25 DBM

Samba 3.0.2a-1 using ldapsam_compat (Compiled from RPM source by me ) on
RHEL 3

Samba 2.2.8-1.ldap on RH9

--------------
The Samba 2 works great. Auth against ldap no problem, has been for over a
year.

The Samba 3 does not work.. Well not really. If I change the users password
using smbldap-passwd.pl (or the ldap webmin module) to the same (or
- Jamie

 different) password they had before it works.

When I look at the nt and lan hashes in the ldap records they have not
changed!

It's almost like I need to some how touch the ldap record for it to work

This is really confusing.. Any one have an idea?

- Jamie


Heres a sample LDIF record

dn: uid=mimc08,ou=People,dc=newberg,dc=k12,dc=or,dc=us
shadowLastChange: 12370
rid: 11126
primaryGroupID: 11127
acctFlags: [U          ]
gecos: Millen Mc
uidNumber: 5063
userPassword: {crypt}PIsNAk2Yp2XmU
gidNumber: 501
objectClass: account
objectClass: posixAccount
objectClass: sambaAccount
objectClass: top
objectClass: shadowAccount
objectClass: inetorgperson
objectClass: apple-user
objectClass: extensibleObject
objectClass: newberg
lmPassword: 57E3A052197F90B0AAD3B435B51404EE
homeDirectory: /data/students/mimc08
ntPassword: DF32985352318202CC224ECFD06B0599
cn: Millen Mc
sn: null
loginShell: /bin/false
uid: mimc08

-------

Heres a copy of my smb.conf

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/04/05 14:33:34

# Global parameters
[global]
        log level = 10
        wins support = Yes
        ldap server = ldap.newberg.k12.or.us
        ldap port = 389
        passdb backend = ldapsam_compat:ldap://ldap.newberg.k12.or.us/,
guest
        ldap suffix = dc=newberg,dc=k12,dc=or,dc=us
        ldap admin dn = uid=root,ou=People,dc=newberg,dc=k12,dc=or,dc=us
        ldap ssl = no

[homes]
        valid users = %S
        read only = No
        browseable = No

Hello jamie,

in Samba 3 the LDAP-Schema has changed. In example: lmPassword has 
changed to sambaLMPassword

Please read this first: 
http://de.samba.org/samba/docs/man/upgrading-to-3.0.html

matze

> Sorry to repost this question.. But I am at my wits end.. The server has
> been off line for 2 weeks. So I will have to downgrade to samba 2.X by the
> end of the day unless a miracle happens ;)
> 
> I'm having some issues with samba 3 and my ldap passwords. First
I'll tell
> you what I'm working with.
> 
> Ldap server is RH 7.3 and openldap 2.0.25 DBM
> 
> Samba 3.0.2a-1 using ldapsam_compat (Compiled from RPM source by me ) on
> RHEL 3
> 
> Samba 2.2.8-1.ldap on RH9
> 
> --------------
> The Samba 2 works great. Auth against ldap no problem, has been for over a
> year.
> 
> The Samba 3 does not work.. Well not really. If I change the users password
> using smbldap-passwd.pl (or the ldap webmin module) to the same (or
> - Jamie
> 
>  different) password they had before it works.
> 
> When I look at the nt and lan hashes in the ldap records they have not
> changed!
> 
> It's almost like I need to some how touch the ldap record for it to
work
> 
> This is really confusing.. Any one have an idea?
> 
> - Jamie
> 
> 
> Heres a sample LDIF record
> 
> dn: uid=mimc08,ou=People,dc=newberg,dc=k12,dc=or,dc=us
> shadowLastChange: 12370
> ridctClass: sambaAccount
> objectClass: top
> objectClass: shadowAccount
> objectClass: inetorgperson
> objectClass: apple-user
> objectClass: extensibleObject
> objectClass: newberg
> lmPassword: 57E3A052197F90B0AAD3B435B51404EE
> homeDirectory: /data/students/mimc08
> ntPassword: DF32985352318202CC224ECFD06B0599
> cn: Millen Mc
> sn: null
> loginShell: /bin/false
> uid: mimc08
> 
> -------
> 
> Heres a copy of my smb.conf
> 
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2004/04/05 14:33:34
> 
> # Global parameters
> [global]
>         log level = 10
>         wins support = Yes
>         ldap server = ldap.newberg.k12.or.us
>         ldap port = 389
>         passdb backend = ldapsam_compat:ldap://ldap.newberg.k12.or.us/,
> guest
>         ldap suffix = dc=newberg,dc=k12,dc=or,dc=us
>         ldap admin dn = uid=root,ou=People,dc=newberg,dc=k12,dc=or,dc=us
>         ldap ssl = no
> 
> [homes]
>         valid users = %S
>         read only = No
>         browseable = No
> 
> 
> 
: 11126
> primaryGroupID: 11127
> acctFlags: [U          ]
> gecos: Millen Mc
> uidNumber: 5063
> userPassword: {crypt}PIsNAk2Yp2XmU
> gidNumber: 501
> objectClass: account
> objectClass: posixAccount
> obje