Nathan Benson
2004-Sep-28 21:48 UTC
[Samba] LDAP password/group problems when upgrading to Samba 3.0.7 (previously 3.0.4)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just upgraded samba to samba-3.0.7-1.3E, and am now having trouble with my groups. I used to be able to log into a windows machine and request a share that I didn't have access to. It would then ask me for a username/password to connect to the share (as it should). I would then add myself (or whatever user) to the proper LDAP group entry that was responsible for that share. I would then try the share again and it would either let me right in, or prompt me for the username and password. If I got prompted, I entered my username/password, and I was given access to the share. Now my problem is that since upgrading to 3.0.7, this is no longer the case. I have to log out and log back in for me to gain access to the share. So, it seems that samba is caching the groups I belong to when I log in, and not querying the LDAP server again when I provide credentials when prompted. I am sure that is is probably something trivial that I am missing, but I am indeed missing it. I would appreciate any input on this, as it is more than mildly annoying. On a totally different subject, I also had a problem when changing a password from a windows machine (or smbpasswd), it told me that I do not have permission to change my password. So, I thought I would include what I had to do to fix it, just in case someone else runs into the same problem (I didn't really find anything when I looked). After some sifting through the logs and such it became apparent that the schema had changed. Samba was trying to set the sambaPasswordHistory attribute, and my early 3.0 schema didn't even have that (and a few other) attributes. Once I updated my schema to the correct one (http://us1.samba.org/samba/ftp/samba.schema), updated my LDAP ACL's to give samba read/write access to the attribute, and restarted the LDAP server, it was working again. Regards, Nathan - -- Nathan Benson http://sourcefire.com/ 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFBWdwADXPcm+lr3ZYRAkpoAJj6Jnu4Xkh9GWaAOSKkYASmSwCFAJ9HSGI8 RXTDcm74HsT1voCeJb0JcQ==TRS3 -----END PGP SIGNATURE-----