samba - Feb 2008 - ldap passwd sync not working

Hi, there!

When my XP users try to change passwords, they get a message saying that
password has been changed. That's not true!

NT and LM passwords are changed but unixPassword isn't.

Look at this openldap.log lines:

Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD
dn="uid=teste,ou=Users,dc=domain"
Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD
attr=sambaLMPassword sambaLMPassword sambaNTPassword sambaNTPassword
sambaPwdLastSet sambaPwdLastSet

See?

My smb.conf have this ldap related options:

passdb backend = ldapsam:ldap://apolo.domain
idmap backend = ldapsam:ldap://apolo.domain
ldap suffix = dc=domain
ldap admin dn = cn=root,dc=domain
ldap ssl = start_tls
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"

-- 
Fabiano Caixeta Duarte
Especialista em Redes de Computadores
Linux User #195299
Ribeir?o Preto - SP

The question may not be related to LDAP since your domain passwords are 
changed. You should be looking at why the Unix password isn't being 
changed.
- Are you using LDAP for Unix authentication?
- Can you change the Unix password using passwd?
- is your password chat in smb.conf correct for your system?


Fabiano Caixeta Duarte wrote:
> Hi, there!
>
> When my XP users try to change passwords, they get a message saying that
> password has been changed. That's not true!
>
> NT and LM passwords are changed but unixPassword isn't.
>
> Look at this openldap.log lines:
>
> Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD
> dn="uid=teste,ou=Users,dc=domain"
> Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD
> attr=sambaLMPassword sambaLMPassword sambaNTPassword sambaNTPassword
> sambaPwdLastSet sambaPwdLastSet
>
> See?
>
> My smb.conf have this ldap related options:
>
> passdb backend = ldapsam:ldap://apolo.domain
> idmap backend = ldapsam:ldap://apolo.domain
> ldap suffix = dc=domain
> ldap admin dn = cn=root,dc=domain
> ldap ssl = start_tls
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> ldap passwd sync = yes
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
>

Le Tue, Feb 12, 2008 at 09:44:01AM -0200, Fabiano Caixeta Duarte a
ecrit:
> Hi, there!
> When my XP users try to change passwords, they get a message saying that
> password has been changed. That's not true!
I can confirmed you that the following configuration work for me:

unix password sync = No
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n
"*Retype new password*" %n\n"

If you have not set the last directive, you should do:
'smbldap-password'
does not prompt you the same way as 'passwd' for example. You sould also
be
careful to not add space or other caracter.


-- 
Jerome Tournier              
GPG key ID (pgp.mit.edu): 75FE0A51

Hi, there!

When my XP users try to change passwords, they get a message saying that 
password has been changed. That's not true!

NT and LM passwords are changed but unixPassword isn't.

Look at this openldap.log lines:

Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD 
dn="uid=teste,ou=Users,dc=domain"
Feb 12 07:50:28 apolo slapd[22826]: conn=698021 op=40 MOD 
attr=sambaLMPassword sambaLMPassword sambaNTPassword sambaNTPassword 
sambaPwdLastSet sambaPwdLastSet

See?

My smb.conf have this ldap related options:

passdb backend = ldapsam:ldap://apolo.domain
idmap backend = ldapsam:ldap://apolo.domain
ldap suffix = dc=domain
ldap admin dn = cn=root,dc=domain
ldap ssl = start_tls
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"

-- 
Fabiano Caixeta Duarte
Especialista em Redes de Computadores
Linux User #195299
Ribeir?o Preto - SP
(16) 8167-2167