Hi, colleagues, I'm running samba3 Using OID (Oracle Internet Directory) as backend, almost works ok, but the final trick that doesn't work is the change of the passwords from windows dialog box, this change the samba passwords but don't change the userpassword, i have found this line on samba logs files: ldap password change requested, but LDAP server does not support it -- ignoring. And i found in samba.org fourum that this problem is solved with this ACL: access to dn.base="" by * read. Already i have put them, but doesn't works, Anybody help me? thanks in advance Alex Canizales
tor, 30.06.2005 kl. 22.45 skrev Alex Canizales:> I'm running samba3 Using OID (Oracle Internet Directory) as backend, almost works ok, but the final trick that doesn't work is the change of the passwords from windows dialog box, this change the samba passwords but don't change the userpassword, i have found this line on samba logs files: > > ldap password change requested, but LDAP server does not support it -- ignoring.You'd have to have the Oracle LDAP administrator add the correct Samba schema to the Oracle LDAP server. This might be problematic, as he'd have to write it himself (if that's at all possible, I don't know Oracle Internet Directory). He could use the examples in the Linux Samba distribution document directory for IBM-DS, IBMSecureWay, or nescape4 or 5, as well as the OpenLDAP schema, of course.> And i found in samba.org fourum that this problem is solved with this ACL: > > access to dn.base="" by * read.This will not help you for two reasons: 1: it's an OpenLDAP server ACL and is only applicable to the server configuration; 2: it only gives read access anyway. [...] --Tonni -- mail: tonye@billy.demon.nl http://www.billy.demon.nl
> Hi, colleagues, > > I'm running samba3 Using OID (Oracle Internet Directory) as backend, almost works ok, but the final trick that doesn't work is the change of the passwords from windows dialog box, this change the samba passwords but don't change the userpassword, i have found this line on samba logs files: > > ldap password change requested, but LDAP server does not support it -- ignoring.windows "password change dialog" modifies LM and NT hashes (probably, just NT one), changing of "user password" can be achived in two ways: 1) modifying UserPassword attribute (ldapmodify request, which is standard one) 2) some special request sich as "extended operation" in OpenLDAP, non standard requests. there's special module for OpenLDAP, called smbk5pwd, which sincronyses NT, LM and optionally heimdal hashes when extended operation on password change is requested. that module is supplied with OpenLDAP-2.3, but I'm successfully using it with OpenLDAP-2.2, it will not help much in your situation, but it has to be clear about inderlying things when "modifying passwords"....> > And i found in samba.org fourum that this problem is solved with this ACL: > > access to dn.base="" by * read. > > Already i have put them, but doesn't works, Anybody help me? > > thanks in advance > > Alex Canizales > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >