David.Martinez@eurorscg.com
2006-Feb-15 04:05 UTC
[Samba] Problem changing passwords (LDAP + SMB + smbldap-tools)
Hi everybody. I'm having a weird behavior with my smb+ldap installation. My server is configured as the PDC for my network. All my users are attached to the domain and are working fine. Also, I'm trying to configure other web applications in order to use LDAP, the idea is that the users use the same credentials to log into the SMB domain and to log into another applications (specifically, OneOrZero helpdesk manager) My problem is: If I change user's password with "smbldap-passwd", users can authenticate to SMB domain and other LDAP applications. BUT if users change their passwords from windows (CTRL+ALT+DEL -> "Change Password"), the new password works for the SMB domain but it does not work for the other LDAP applications. In fact they can log into the LDAP applications using the old password. At the end, every user has two valid passwords: one for the domain and other for my applications using LDAP authentication. I suppose I'm missing some kind of option in order to have synchronized both passwords. My LDAP is saving this entries: sambaNTPassword sambaLMPassword userPassword What represents each of this attributes? How can I force smbldap-tools to keep both password synchronized? Thanks in advance. Saludos David
Stéphane Purnelle
2006-Feb-15 10:29 UTC
[Samba] Problem changing passwords (LDAP + SMB + smbldap-tools)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, look at smb.conf man page about ldap passwd sync parameter David.Martinez@eurorscg.com a ?crit :> Hi everybody. > > I'm having a weird behavior with my smb+ldap installation. > > My server is configured as the PDC for my network. All my users are > attached to the domain and are working fine. > Also, I'm trying to configure other web applications in order to use LDAP, > the idea is that the users use the same credentials to log into the SMB > domain and to log into another applications (specifically, OneOrZero > helpdesk manager) > > My problem is: > If I change user's password with "smbldap-passwd", users can authenticate > to SMB domain and other LDAP applications. > BUT if users change their passwords from windows (CTRL+ALT+DEL -> "Change > Password"), the new password works for the SMB domain but it does not work > for the other LDAP applications. In fact they can log into the LDAP > applications using the old password. > At the end, every user has two valid passwords: one for the domain and > other for my applications using LDAP authentication. > > I suppose I'm missing some kind of option in order to have synchronized > both passwords. > > My LDAP is saving this entries: > sambaNTPassword > sambaLMPassword > userPassword > > What represents each of this attributes? > How can I force smbldap-tools to keep both password synchronized? > > > Thanks in advance. > > > Saludos > David- -- St?phane Purnelle <stephane.purnelle@tiscali.be> Site Web : http://www.linuxplusvalue.be -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD8wJa8tswkE3d0ecRAjsEAJ9Ojt5Yd7I1fl67uTe200bTto7dWACdEBJ5 GmXgQ9ZO5TyTXCcJ6Wc6EA8=dV1l -----END PGP SIGNATURE-----