thr3ads.net - samba - [Samba] sambaNTPassword does NOT write to master LDAP when machines auto change the values [Dec 2005]

If this information is useful, please help other people find it:
Share via:

Paul Hanson

2005-Dec-12 13:01 UTC

[Samba] sambaNTPassword does NOT write to master LDAP when machines auto change the values

We have SuSE SLES9 servers with LDAP master/slave replication (24
replications/BDC's)

All working fine -joining domain etc.

The problem I am having is PC's at remote sites (BDC) with a local
replica (OpenLDAP) periodically change the
sambaNTPassword/sambaLMPassword on there own and write to the local LDAP
server and do NOT follow the referral to the master.

I have written scripts to force the sambaNTPassword attribute to be
re-synchronised but the attribute becomes a different value - at a
variable timeframe.

Further investigation suggests that NT/W2K/W2K3/XP have different times
when they auto change the sambaNTPassword vaue - (avoid replay
attacks??). However 3.0.14a that is distributed/updated on SLES9 only
writes this info to the local BDC and not the centre/MASTER.

7 days for NT 4, 30 days for W2K/XP is the default policy for the
machines to auto change the sambaNTPassword/sambaLMPassword.

I have also noticed that using pdbedit to change a value will change the
local OpenLDAP server and not follow the referral to the master. So that
changes at the BDC's are out of sync with respect to the master.

Joining the domain works great and replicates ALL attributes correctly
(inc sambaNTPassword) FYI - This is the fix by local admins to allow
machines to connect to the domain again.

Can you help on this subject - this is causing major issues with
machines moving sites!!!

Best Regards Paul Hanson try { document.title
document.getElementById("subject").innerHTML; } catch (e) { }

Rex Dieter

2005-Dec-12 14:25 UTC

head link

[Samba] Re: sambaNTPassword does NOT write to master LDAP when machines auto change the values

Paul Hanson wrote:> We have SuSE SLES9 servers with LDAP master/slave replication (24
> replications/BDC's)
> 
> All working fine -joining domain etc.
> 
> The problem I am having is PC's at remote sites (BDC) with a local
> replica (OpenLDAP) periodically change the
> sambaNTPassword/sambaLMPassword on there own and write to the local LDAP
> server and do NOT follow the referral to the master.
> Can you help on this subject - this is causing major issues with
> machines moving sites!!!
I'd suggest filing a formal bug report/enhancement request:
http://bugzilla.samba.org/

-- Rex

Maybe Matching Threads

Search for more possibly parallel threads

samba - Dec 2005 - sambaNTPassword does NOT write to master LDAP when machines auto change the values

[Samba] sambaNTPassword does NOT write to master LDAP when machines auto change the values

[Samba] Re: sambaNTPassword does NOT write to master LDAP when machines auto change the values

Maybe Matching Threads