Thomas Mueller
2012-Nov-01 12:44 UTC
[Samba] sambar4: user creation with ldap and initial password
hi trying to create a user with ldap from a remote server. The user is created successfully. I'm failing setting the initial password. Setting the unicodePwd with kerberos administrator credentials with ldbmodify and the ldif below results in "00002035: setup_io: it's not allowed to set the NT hash password directly". searching the web I've found s4 mailinglist entries telling "do not set unicodePwd with ldap". this KB article tells in AD it's possible to set it: http://support.microsoft.com/kb/263991/en-us Is there a supported method to supply the initial user password with s4 and ldap? - Thomas LDIF: dn: CN=Thomas Mueller,OU=Users,DC=test,DC=testing changetype: modify replace: unicodePwd unicodePwd:: $IlRlc3QxMjMtLSIK
Andrew Bartlett
2012-Nov-05 03:31 UTC
[Samba] sambar4: user creation with ldap and initial password
On Thu, 2012-11-01 at 12:44 +0000, Thomas Mueller wrote:> hi > > trying to create a user with ldap from a remote server. The user is > created successfully. I'm failing setting the initial password. > > Setting the unicodePwd with kerberos administrator credentials with > ldbmodify and the ldif below results in "00002035: setup_io: it's not > allowed to set the NT hash password directly". > > searching the web I've found s4 mailinglist entries telling "do not set > unicodePwd with ldap". this KB article tells in AD it's possible to set > it: http://support.microsoft.com/kb/263991/en-us > > Is there a supported method to supply the initial user password with s4 > and ldap? > > - Thomas > > LDIF: > dn: CN=Thomas Mueller,OU=Users,DC=test,DC=testing > changetype: modify > replace: unicodePwd > unicodePwd:: $IlRlc3QxMjMtLSIKTo set it via unicodePwd, you need to have it as UTF16, not ascii/utf8. See however the userPassword, which is a normal, utf8 unquoted string (ie, sane :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org