The user's unix LDAP password should be encrypted (technically I think
it is actually hashed, since it is not reversible)- so no, you can't
get their existing password.
There are two options in smb.conf to have the password sync
ldap passwd sync = yes
or
unix password sync = yes
I have ldap backend for linux and samba passwords, but initally had NIS
for unix and TDB for samba. I use the "unix password sync" option
partially as a legacy hold over of the previous backend.
I therefore also set
passwd program = /etc/samba/smbldappasswd.sh %u
passwd chat =*New* %n\n *changed*
Samba passes the new "windows" password to the external script which
uses the sun ldappasswd command to change the user's unix script. You
can't just use the "passwd" command since the local root account
on a
unix server is not the LDAP admin user.
The " ldap passwd sync = yes" would probably have been cleaner.
On 06/24/2011 05:36 AM, thom_schu at gmx.de wrote:> Hi,
> all the users here are stored in a LDAP-Server, means authentication on a
workstation (linux) is over LDAP. Yesterday I configured a Samba-Server, it also
uses the LDAP-Server as its backend.
> I found out, that with a call "smbpasswd -a user" an existing
user gets all the attributes from the sambaSamAccount automaticly.
> But here is my first question - for this call I need to know the users
password, is there a way, so that I can use the users password already saved in
LDAP as the unix account password ?
>
> Another question.
> When a user calls "passwd" on a workstation, now only the
passwordfield in LDAP for the unix account will be changed. But I want to keep
unix account password and samba password synchron - is this possible with
calling "passwd" ?
>
> thanks
>
> gizmo