search for: exop

WHat is the significance to Samba of pam_password exop vs pam_password md5 in ldap.conf? The reason I ask is that, wherever possible, I prefer to use the vendor supplied tools for manipulating config files. With Fedora 3 it's system-config-authentication and it doesn't give you the option of exop. You either enable MD5, which puts pam_password...

LDAP Account Manager (LAM) 6.5.RC1 - September 6th, 2018 ======================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- Passwords can be changed now via LDAP EXOP operation (PHP 7.2). Additionally, LDAP entries can be set to auto-delete on server side with LDAP dynamic directory services (PHP 7.2). LAM supports Imagick and GD. The file upload can overwrite existing accounts if selected. User photos are supported as part of PDF export. This is a test release...

LDAP Account Manager (LAM) 6.5 - September 25th, 2018 ===================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- Passwords can be changed now via LDAP EXOP operation (PHP 7.2). Additionally, LDAP entries can be set to auto-delete on server side with LDAP dynamic directory services (PHP 7.2). LAM supports Imagick and GD. The file upload can overwrite existing accounts if selected. User photos are supported as part of PDF export. Full changelog: http...

...has whenever there's a non-ascii character part of the password ?? -- Here is part of the samba+ldap config: -- /usr/local/etc/nss_ldap.conf: -- * ls -l /usr/local/etc/ldap.conf /usr/local/etc/ldap.conf -> nss_ldap.conf * Excerpt from the nss_ldap.conf file pam_password clear pam_password exop nss_base_passwd ou=People,dc=XXXX?one nss_base_passwd ou=Hosts,dc=XXXX?one nss_base_shadow ou=People,dc=XXXX?one nss_base_group ou=Group,dc=XXXX?one ssl start_tls tls_checkpeer yes -- /usr/local/etc/openldap/slapd.conf (the ldap server is on another box): -- moduleload smbk5pwd.so security...

...farther and farther! :) I've managed to preload user and computer passwords onto a samba RODC: *sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'win7-shire$' --server main.adlab.netdirect.ca** *Replicating DN CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca] objects[1] linked_values[2] *sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'win7-shire-2$' --server main.adlab.netdirect.ca** *Replicating DN CN=WIN7-SHIRE-2,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca E...

Hello, Perhaps this post is not directly connected with Samba itself but after I saw that Samba uses EXOP for LDAP password changing I decided to write it to this list as well. Here is what I'd like to do: 1) I use openldap-2.3.35 for Samba auth mechanism 2) additionally I use openldap for any other auths I have in my subnet - exim, imap, svn, linux-login, etc... In case of Samba the NT/LM passw...

...function of the LDAP server? For what it's worth, I'm using OpenLDAP. I know if I use the OpenLDAP program slappasswd, I can tell manually *it* to generate passwords using the crypt scheme, but that's not the same thing as what the LDAP server does when it receives a password changing exop from Samba. For now, I'm planning to "solve" this problem by putting unix password sync = Yes passwd program = /path/to/smbldap-passwd -u %u passwd chat = (stuff appropriate for smbldap-passwd) into smb.conf. But this strikes me as a little ugly. As I understand it, smbldap...

...ith always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=example,DC=de Partition[DC=DomainDnsZones,DC=example,DC=de] objects[83/79] linked_values[0/0] Replicating DC=ForestDnsZones,DC=example,DC=de Partition[DC=ForestDnsZones,DC=example,DC=de] objects[8/8] linked_values[0/0] Exop on[CN=RID Manager$,CN=System,DC=example,DC=de] objects[3] linked_values[0] Committing SAM database Commiting the database is running now for more then an hour, is this normal? Stefan

...sambaAcctFlags includes the X flag which I thought meant "don't expire passwords." The password changing thing has got me even more stumped. Can anyone offer any clues? /etc/pam_ldap.conf: host localhost base dc=trec,dc=us ldap_version 3 rootbinddn cn=admin,dc=trec,dc=us pam_password exop /etc/libnss-ldap.conf: host localhost base dc=trec,dc=us ldap_version 3 rootbinddn cn=admin,dc=trec,dc=us pam_password exop Example user entry: dn: uid=sgoodrich,ou=Users,dc=trec,dc=us objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount,inetLocalMailRecipient cn: Suzanne Go...

...new password overwrites the LDAP userPassword, thanks to the "ldap password sync = yes" directive in smb.conf). If I want to permit that a user can change his LDAP userPassword and align it to the SambaNTPassword, I have seen that I can do it by using the smbk5pwd overlay and pam_password exop. But I do not know a method for using the existing LDAP userPassword for Samba authentication: I do not want that all the users have to redefine their passwords. Someone of you knows a way for doing that? Thank you in advance

...n,dc=lan > idmap alloc config:ldap_url = ldap://localhost > idmap alloc config:range = 50000-500000 > > #logging > log level = 1 > --- > my nsswitch/pam /etc/ldap.conf > --- > ssl off > suffix "dc=th-domain,dc=lan" > uri ldap://localhost > pam_password exop > > rootbinddn "cn=root,dc=th-domain,dc=lan" > > ldap_version 3 > pam_filter objectclass=posixAccount > pam_login_attribute uid > pam_member_attribute memberuid > nss_base_passwd ou=peoples,dc=th-domain,dc=lan > nss_base_shadow ou=peoples,dc=th-domain,dc=lan &...

...t run samba. On some machines I don't want to run samba but i still want to provide passwd updates. I've considered and rejected pam_smb and pam_ntdom since they don't seem to have the password updating features (just auth features). I'd rather have the samba stuff updated by an exop on the ldap server but i don't think that is possible since the ldap server would have to know how to generate NT and LM hashes Is there anybody else in the same situation - how do you handle this? thanks! brad

I have LDAP backend and in my smb.conf I put "ldap passwd sync = Yes" so to syncronize LM/NT/UserPassword when a user is changing his passoword. But it doesn't work. It only updates NT/LM password but not the field userPassword. In the log it gives me backup this message: "ldap password change requested, but LDAP server does not support it -- ignoring" I use OpenLdap

...em. 1) Is there any way a Domain User can install a printer from the samba server? cuz it's a litle annoying going to all the pc's as Administrator to install them. 2) Changing the password on the windows clients does not sync with the ldap password. I read that Ldap must support exop for that to happen, but the only reference that i found to it is on ldap.conf (pam_password exop) and it's uncomment or do I miss something? 3) Is there any way that I can give permission to a group/user so that it can make shares on is own workstation? I read all about policies bu...

HEllo I have a samba 3 with ldap working as a PDC,my mail server also using LDAP database as a authentication. Do you know any web application, script (working with apache) that allow users to change their ldap passwords (smaba passwords and passwd passwords). Usually users can do that from windows clients which log in to domain, but I have also a lot of users using laptops and they dont log

...properly documenting their work # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1) host LBSD.summitnjhome.com base dc=summitnjhome,dc=com sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com binddn cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com bindpw {SSHA}secret scope sub pam_password exop nss_base_passwd ou=staff,dc=summitnjhome,dc=com nss_base_shadow ou=staff,dc=summitnjhome,dc=com # grep for ldap account shows ldap account on the ldap server itself succeeds [root at LBSD2:/usr/local/etc/openldap] #getent passwd | grep walbs walbs:secret/:1002:1003:Walkiria Soares:/home/walbs:/u...

...s,DC=3Dexample,DC=3Dde >> Partition[DC=3DDomainDnsZones,DC=3Dexample,DC=3Dde] objects[83/79] >> linked_values[0/0] >> Replicating DC=3DForestDnsZones,DC=3Dexample,DC=3Dde >> Partition[DC=3DForestDnsZones,DC=3Dexample,DC=3Dde] objects[8/8] >> linked_values[0/0] >> Exop on[CN=3DRID Manager$,CN=3DSystem,DC=3Dexample,DC=3Dde] >> objects[3] >> linked_values[0] >> Committing SAM database >> >> Commiting the database is running now for more then an hour, is this >> norm= >> al? > This can take quite some time on that scale o...

...>> >> Hello Rowland, >> >> thanks for your answer but I don't want to replace my kerberos & ldap >> setup with an AD server. Basically I only want to control access to the >> handful of Samba shares. > > Your users should auth against openldap with exop control enabled. > Openldap should handover the auth to kerberos. And then install > slapo-smbk5pwd on your openldap server. This overlay will sync the samba > passwords. slapo-smbk5pwd is for heimdal kerberos server only. i use the MIT kerberos server. There was a fork for MIT kerberos bu...

...thers: db files rpc: db files publickey: nisplus netgroup: files libnss_ldap.conf host xx.xx.xx.xx base dc=xxx,dc=xxxxx,dc=xxx binddn cn=Administrator,dc=xxx,dc=xxxxx,dc=xxx bindpw xxxxxxx timelimit 50 bind_timelimit 50 bind_policy hard idle_timelimit 3600 pam_password exop nss_base_passwd dc=xxx,dc=xxxxx,dc=xxx nss_base_shadow dc=xxx,dc=xxxxx,dc=xxx nss_base_group dc=xxx,dc=xxxxx,dc=xxx ssl off Thank you, Wasil.

...le = yes [print$] comment = Printer Driver Download Area path = /etc/samba/drivers browseable = yes guest ok = yes read only = yes ================ /etc/ldap.conf uri ldap://x.x.x.x base dc=test binddn cn=Directory Manager bindpw xxxx #pam_password exop #pam_filter objectclass=sambaSamAccount nss_base_passwd ou=Users,dc=test nss_base_shadow ou=Users,dc=test nss_base_group ou=NTGroups,dc=test ssl no