search for: dsheuristics

...the following error when trying to change passwords on my Samba 4.7 AD via LDAP: ``` ldap_exop_passwd(): Passwd modify extended operation failed: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported ``` Is this feature (1.3.6.1.4.1.4203.1.11.1) still not supported? Also, I have tried setting dsHeuristics for iutem 9 (fUserPwdSupport) to 1 with: ``` samba-tool forest directory_service dsheuristics 000000001 ``` But there doesn't seem to be a way to get it to reset to "default value" (empty). Any ideas how I would do that? Thanks, Ben

...This feature has never been seen on Active Directory DCs, and Samba has not had a patch for this contributed. We would welcome such a feature, but note it would need to be quite carefully implemented and tested to ensure it honours all the appropriate ACLs. > Also, I > have tried setting dsHeuristics for iutem 9 (fUserPwdSupport) to 1 > with: > > ``` > samba-tool forest directory_service dsheuristics 000000001 > ``` > > But there doesn't seem to be a way to get it to reset to "default > value" (empty). Any ideas how I would do that? All-zeros will be the...

Hi, When I change dsHeuristics=0000002001001 like M$ said: https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx Not works.

Am 22.01.2015 um 17:19 schrieb John Yocum: >> When I change dsHeuristics=0000002001001 like M$ said: >> >> https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx >> >> Not works. >> > > I've got anonymous binds enabled, using the instructions at > http://www.petri.com/anonymous_ldap_operations_in_windows_2003_a...

...ma,CN=Configuration,DC=x are showing up where they shouldn't be). This goes for the GC and non-GC ports. I have modified my schema and set isMemberOfPartialAttributeSet to true in order to make posix attributes available in the GC, as well as defaultHidningValue and showInAdvancedViewOnly, and dsHeuristics to enable anon access. I tried disabling anon access, but that didn't make any difference. Thanks, cs

In our current testing environment, we are using nslcd to get user and group information from the Samba4 LDAP server, using the last part of objectSid as uidNumber. The configuration is designed to pull down unixHomeDirectory and loginShell if they exist, but they default to standard values if they do not. nslcd on each machine binds to LDAP using a dedicated user account, nslcd-service, and

...hereas that worked fine before > > > 4.18.6. In the > > > meantime I moved to 4.19.2 (and to Bookworm) but nothing > > > changed. > > > > > > > > > I have enabled LDAP password change in enabled > > > dsheuristics (value: > > > 000000001) in order to accommodate the self-service- > > > password webui (from > > > ltb-project.org), which is a handy tool for users without > > > desktop access > > > to change their password when it is that t...

...gress on topic? >> Not here at least, I am still unable to change expired passwords, at >> least? over LDAP, whereas that worked fine before 4.18.6.? In the >> meantime I moved to 4.19.2 (and to Bookworm) but nothing changed. >> I have enabled LDAP password change in enabled dsheuristics (value: >> 000000001) in order to accommodate the self-service-password webui (from >> ltb-project.org), which is a handy tool for users without desktop access >> to change their password when it is that time again. >> As such the tool still works fine, except that it is no...