search for: userpassword

...nSecureConnection` (`dSHeuristic` 13): >> >> `root at addc-test:~# samba-tool forest directory_service dsheuristics >> 0000000011001` >> >> Note that I also set fUserPwdSupport to 1, which I don't believe to >> be needed (as I'm using `unicodePwd`, not `userPassword`), which >> means TRUE according to >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: >> >> "If this character is neither "0" nor "2", then the fUserPwdSupport >> heuristic is TRUE....

Hi Karsten, > You should be able to add multiple userPassword attributes to your directory: > > userPassword: {CRAM-MD5}xxx > userPassword: {DIGEST-MD5}xxxx > userPassword: {SCRAM-SHA-1}xxxx > userPassword: {NTLM}xxxx > > > Karsten Did try this, didn't end end well. Jun 14 12:59:43 auth: Error: ldap(leonkyneur at itest.com,192.16...

...gt; 13): > >> > >> `root at addc-test:~# samba-tool forest directory_service dsheuristics > >> 0000000011001` > >> > >> Note that I also set fUserPwdSupport to 1, which I don't believe to > >> be needed (as I'm using `unicodePwd`, not `userPassword`), which > >> means TRUE according to > >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: > >> > >> "If this character is neither "0" nor "2", then the fUserPwdSupport > &gt...

Hi, does Samba-3.0.0beta3 still requires the posixAccount object for machine accounts? If so does Samba or any program called by Samba change the userPassword attribute for machine accounts? If no posixAccount object is required for machine accounts and there is a userPassword attribute from a differnt Object, does Samba or a program called by Samba change the userPassword attribute? Thank's Bernhard Czech

...write it to this list as well. Here is what I'd like to do: 1) I use openldap-2.3.35 for Samba auth mechanism 2) additionally I use openldap for any other auths I have in my subnet - exim, imap, svn, linux-login, etc... In case of Samba the NT/LM passwords play major role, for others I use userPassword. However userPassword (posixAccount) shows up in different places not only once: ldapsearch -x -LLL uid=giedz ---------------- dn: uid=giedz,ou=people,dc=xxxx,dc=pl uid: giedz ..... objectClass: sambaSamAccount .... sambaLMPassword: 598DDCE2660D3193AAD3B435B51404EE sambaNTPassword: 2D20D252A47...

I'm switching from OpenLDAP to the newly released Fedora Directory Server (formely known as the Netscape Directory Server) as a LDAP backend for my Samba domain. I'm now faced with a problem regarding how Fedora DS handles the userPassword field. Unlike OpenLDAP it encodes it in base64 so instead of reading userPassword: {SSHA}0lP+r3Z1NVan7Caf4CG9oSgnTbQRrv/p it reads: userPassword:: e1NTSEF9MGxQK3IzWjFOVmFuN0NhZjRDRzlvU2duVGJRUnJ2L3A= Samba apparently does not like this because when I try to change the password using the "ctr...

...asswordOperationsOverNonSecureConnection` (`dSHeuristic` 13): > > `root at addc-test:~# samba-tool forest directory_service dsheuristics > 0000000011001` > > Note that I also set fUserPwdSupport to 1, which I don't believe to > be needed (as I'm using `unicodePwd`, not `userPassword`), which > means TRUE according to > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: > > "If this character is neither "0" nor "2", then the fUserPwdSupport > heuristic is TRUE. If this character...

...6f 61 d=root,ou=pessoa 0030: 73 2c 64 63 3d 61 6d 62 6c 69 76 72 65 2c 64 63 s,dc=amblivre,dc 0040: 3d 63 6f 6d 82 08 70 69 6c 61 73 74 72 6f 05 00 =com..pilastro.. ldap_read: want=8 error=Resource temporarily unavailable Entry (uid=root,ou=pessoas,dc=amblivre,dc=com), attribute 'userPassword' not allowed entry failed schema check: attribute 'userPassword' not allowed By log , the schema samba not allowed attribute 'userPassword' , Somebody know how resolve this problem ? -- Bruno Steven - Administrador de sistemas. LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e...

...------------------------------------------- uris = ldaps://192.168.0.1:636 dn = cn=ldap,ou=USER,dc=example,dc=de dnpass = somepassword base = dc=example,dc=de scope = subtree deref = never user_attrs = sAMAccountName=uid,primaryGroupID=gid user_filter = (sAMAccountName=%u) pass_attrs = mail=user,userPassword=password pass_filter = (sAMAccountName=%u) --------------------------------------------------- So trying to authenticate to Dovecot with a telnet connection >telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4r...

...Samba3 PDC domain using openldap as a backend and smbldap-tools to vampire the WinNT4 domain (pretty much following Samba3 by Example and documentation in smbldap project by IDEALX). Nevertheless, all 600 users migraged from the WinNT4 domain have attributes like these on the ldap database: userPassword: {crypt}x sambaLMPassword: blablabla sambaNTPassword: blablabla Every user that have had their password changed since the migration (using Win9x control panel or WinXP tools or smbldap-passwd) have attributes like these on the ldap database: userPassword: {MD5}foobar== sambaLM...

...e the problem of supporting multiple auth mechanisms + proxy and really don't want to store user passwords in plain test and fine to do master user to backend. I had the crazy thought I could do something like the following: For each user Store supported password schemes as LDAP attributes: userPasswordCRAM-MD5: {CRAM-MD5}xxx userPasswordDIGEST-MD5: {DIGEST-MD5}xxxx userPasswordSCRAM: {SCRAM-SHA-1}xxxx userPasswordNTLM: {NTLM}xxxx then: =password=%{ldap:userPassword%m} <- Though this doesn't work.. just wondering if it could possibly work or if I should give up on this crazy idea :) Tha...

Hello, lists. I'm struggling to find out, how one can change password of an active directory (based on samba4) user via LDAP. The problem is that if I try to use userPassword parameter: dn: CN=John Smith,cn=Users,DC=domain,DC=com changetype: modify replace: userPassword userPassword: newPassword ldapmodify -v -c -a -f filename.ldif -H ldaps://server.domain.com -D\ administrator at domain.com -W \ ldap_initialize( ldaps://server.domain.com:636/??base ) Enter LDAP Pass...

...> >> >> `root at addc-test:~# samba-tool forest directory_service dsheuristics >> >> 0000000011001` >> >> >> >> Note that I also set fUserPwdSupport to 1, which I don't believe to >> >> be needed (as I'm using `unicodePwd`, not `userPassword`), which >> >> means TRUE according to >> >> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e5899be4-862e-496f-9a38-33950617d2c5: >> >> >> >> "If this character is neither "0" nor "2", then the fUserPwdS...

...rip=192.168.34.18 lport=143 rport=59394 auth: Debug: client passdb out: CONT 1 auth: Debug: client in: CONT<hidden> auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): pass search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1) fields=uid,userPassword auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid= testuser1 userPassword=<hidden>; uid,userPassword unused auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid= testuser1 userPassword=<hidden> auth: Debug: client passdb out: OK...

...y, after migration, computers, users, groups are all created and filled up with the correct membership. However, I still have the same problem with machine password and user password. Further looking into the detail, it looks like samba/ldap does not use LM/NT password for authentication but expect userPassword, which I assume is posix account password and did not exist on the original NT4 server. Here is my account entry after the migration: ====================================================== dn: uid=ksun,ou=Users,dc=ab,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: ksun sn...

...if the user enabled it, we will query about his basic data (email,pwd) on a user-setup LDAP directory. It used to work fine when I was testing with OpenLDAP. The code, essentially, is this: connection.bind(self.bind_dn,self.password) connection.search2(self.base_dn,1,"(& (userPassword=#{password}) (mail=#{email}))",nil,false,5,5000) It binds and then searches for the user by mail and password. The entries must have a userPassword and mail attributes. It''s part of the core schema (I guess), so it works fine on OpenLDAP. I then went to test with Active Directory. I...

Hello all! #pkg_info | grep dovecot dovecot-1.1.3_1 dovecot-managesieve-0.10.3 dovecot-sieve-1.1.5_1 Im trying to do this: Im have a LDAP account with multiple "mail" field like this(many strings cuted): dn: uid=k.proskurin,ou=Users,dc=Moscow,dc=CAS uid: k.proskurin userPassword: {CRYPT}$1$ETadxf6G$O2bNUQVSHxksUp08V/iY2. mail: sysadmin at domain.off mail: proskurin-kv at domain.off My dovecot user "mail" as login: user_filter = (&(objectClass=mailUser)(mail=%u)) pass_attrs = mail=user,userPassword=password pass_filter = (&(objectClass=mailUser)(mail=%u)...

First, the software: Samba 3.0.0 OpenLDAP 2.0.27 nssldap / pam_ldap Redhat 9 This may be more of a question for the OpenLDAP mailing list.. but does anyone know of a method (perhaps using slappasswd?) to hand-sync userPassword attributes to sambaNTPassword attributes? Deploying Samba 3.0 as pdc pretty soon, used Migration Tools on the mail server soon, and I'd really like to be able to tell people to log in using their mail credentials, as opposed to a generic password that they might not ever change, resulting in t...

...dn = uid=admin,ou=system dnpass = Ahma3zoc sasl_bind = no auth_bind = no ldap_version = 3 base = ou=people,dc=parkheights,dc=dyndns,dc=org user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%Ln)) pass_attrs = uid=user,gidNumber=userdb_gid,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid default_pass_scheme = MD5 --- # tail -5 /tmp/dovecot.debug dovecot: Aug 03 08:07:10 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=AHNlc(here_also_skipped_something)3N1Pg== d...

...> here:https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f3adda9f-89e1-4340-a3f2-1f0a6249f1f8?redirectedfrom=MSDN. >>> This also states: >>> >>> The special encoding required for updating the unicodePwd attribute >>> is not used with the userPassword attribute; that is, Vpassword = V. >>> The same restrictions on SSL/TLS- or SASL-protected connections are >>> enforced. The password values are sent to the server as UTF-8 >>> strings, and surrounding quotation marks are not used. >>> >>> It looks l...