Question regarding what the smb.conf line ldap passwd sync = Yes actually does. I have a lab with mixed Win2k and RH9 computers running Samba 3 and OpenLdap. Right now we're having a problem with password expiration. Samba is working just fine and when a user changes their password, the date changes as well. But for Linux, however the password is being changed is not updating the shadowLastChange parameter. So even though the users are successfully changing their passwords (though Windows), the Linux boxes are denying access due to that parameter not being set. So after saying all that, I am trying to get a handle on what "ldap passwd sync" enables so that I can figure out if this is a bug, Samba config problem, LDAP config problem, script issue, or PAM problem. Thanks in advance, Anthony
On Thu, 2005-01-20 at 15:00 -0500, Anthony Linux wrote:> Question regarding what the smb.conf line ldap passwd sync = Yes actually does. > > I have a lab with mixed Win2k and RH9 computers running Samba 3 and > OpenLdap. Right now we're having a problem with password expiration. > Samba is working just fine and when a user changes their password, the > date changes as well. > > But for Linux, however the password is being changed is not updating > the shadowLastChange parameter. So even though the users are > successfully changing their passwords (though Windows), the Linux > boxes are denying access due to that parameter not being set.It is up to your LDAP sever to update these values. Samba makes a call to the OpenLDAP defined (and internet-stadnard-proposed, I think) password set extended operation. The LDAP server is expected to do something sane . You may need to obtain/write some modules for OpenLDAP to handle this. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050121/f3bdda40/attachment.bin