Hello,
Perhaps this post is not directly connected with Samba itself but after
I saw that Samba uses EXOP for LDAP password changing I decided to write
it to this list as well. Here is what I'd like to do:
1) I use openldap-2.3.35 for Samba auth mechanism
2) additionally I use openldap for any other auths I have in my subnet -
exim, imap, svn, linux-login, etc...
In case of Samba the NT/LM passwords play major role, for others I use
userPassword. However userPassword (posixAccount) shows up in different
places not only once:
ldapsearch -x -LLL uid=giedz
----------------
dn: uid=giedz,ou=people,dc=xxxx,dc=pl
uid: giedz
.....
objectClass: sambaSamAccount
....
sambaLMPassword: 598DDCE2660D3193AAD3B435B51404EE
sambaNTPassword: 2D20D252A479F485CDF5E171D93985BF
....
userPassword:: e01ENX0yRmVPMzRSWXpnYjd4YnQycFl4Y3BBPT0
---------------------
dn: mail=giedz@xxxx.com,ou=domains,dc=xxxx,dc=pl
mail: giedz@xxxx.com
......
userPassword:: e01ENX0yRmVPMzRSWXpnYjd4YnQycFl4Y3BBPT0
-----------------
dn: mail=giedz@xxxxx.com.pl,ou=domains,dc=xxxxx,dc=pl
.....
userPassword:: e01ENX0yRmVPMzRSWXpnYjd4YnQycFl4Y3BBPT0
I want to give my users ability to change their passwords by themselfs.
But I need to sync all passwords for particular user. I mean when user
changes his/her password from windows via Samba (ldap passwd sync = yes)
the LM/NT and all userPassword are being changed respectively (regarding
the particular dn=giedz,ou=people,dc=xxx,dc=pl), right?
The same when "passwd" command is involved - when user uses it, this
means all passwords are changed (windows + all userPassword).
I heard about smb5kpwd but I don't use Kerberos and I don't think
it's
suitable for my need, isn't it?
So in this case do you have any idea what should I do? Of course I could
you external script to change userPassword everywhere, but since EXOP
exists I thought it's much wiser to use native feature rather than
external solution.
Regards,
Marcin
--
ARISE M.Giedz, T.?ebru? Sp.j.
http: www.arise.pl
mail: giedz@arise.pl
tel: +48 502 537 157