similar to: ldap password sync and RFC2307 hash schemes

Hello everybody, I've setup a SAMBA 3.0.X (3.0.32 right now) PDC with a LDAP backend running on FreeBSD 6.3 some time ago and users can't just login on unix box when the password their password, modified from Windows, include non-ascii character (such as french letter like "?" for example) I guess that they must some kind of charset issue but i just don't know how to debug

Hi there, I desperatly trying to store a BLF-CRYPT password hash in an LDAP userPassword Attribute and get dovecot to authenticate against it. I use a thunderbird as client and send the password plain with starttls. what worked so far but is kinda problematic for my smtp authenticaton was to store the has with the prefix {CRYPT} or {BLF-CRYPT}. Is there a way to get dovecot to authenticate

WHat is the significance to Samba of pam_password exop vs pam_password md5 in ldap.conf? The reason I ask is that, wherever possible, I prefer to use the vendor supplied tools for manipulating config files. With Fedora 3 it's system-config-authentication and it doesn't give you the option of exop. You either enable MD5, which puts pam_password md5 in ldap.conf, or disable it, which puts

Hello list, I am running an openldap 2.4 server under FreeBSD that was working well until the config was tweaked by someone on the team without properly documenting their work # /usr/local/etc/ldap.con on ldap server (FreeBSD 8.1) host LBSD.summitnjhome.com base dc=summitnjhome,dc=com sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com binddn

That's not SHA512-CRYPT. That's just a simple sha512 of the password, without salt. A SHA512-CRYPT password will be generated with: printf "1234\n1234" | doveadm pw -s SHA512-CRYPT or: doveadm pw -s SHA512-CRYPT -p 1234 or: mkpasswd -m sha-512 1234 (without the "{SHA512-CRYPT}" prefix) What exactly is the difficulty you are having with converting the passwords?

Hi, right now I have default_pass_scheme = MD5-CRYPT in my dovecot-sql-auth.conf file. This works; however I noticed because of history a lot of my users still have a CRYPT password (not a MD5-CRYPT password). Now I get these errors: dovecot: Feb 26 13:08:17 Info: auth-worker(default): sql(***, *******): MD5-CRYPT(0lifant) != 'i3/S6ZswGSfbk' Any way to make Dovecot

This looks good, except it is truncated, it should be something like 95chars long, Is your hash column set to 128 or up around there or larger? Quoting Carl A Jeptha <cajeptha at gmail.com>: > Sorry for double reply, but this what a password looks like in the > "hashed" password column: > {SHA512-CRYPT}$6$wEn1UFuiMzl9OSjd$Vh/PZ95WDID1GwI2 > > ------------

Hi, I have an existing OpenLDAP directory, that I want to use as the backend for a Samba 3 instance. I do not want for now making Samba a Domain Controller, but only define in it some shares accessible by users on LDAP. I have imported in my slapd.conf the samba schema, and I have inserted in my smb.conf all the directives for connecting to an LDAP server: passdb backend =

I have LDAP backend and in my smb.conf I put "ldap passwd sync = Yes" so to syncronize LM/NT/UserPassword when a user is changing his passoword. But it doesn't work. It only updates NT/LM password but not the field userPassword. In the log it gives me backup this message: "ldap password change requested, but LDAP server does not support it -- ignoring" I use OpenLdap

Hey there, I'm using the latest dovecot 2.1.13 In the wiki http://wiki2.dovecot.org/Authentication/PasswordSchemes BLF-CRYPT is listed, but i can't use it. "doveadm pw -l" doesn't show it. And i'm unsure about how I am supposed to use the different SHA schemes, since they always output different hashes for the same password. MD5 is working fine, but I'd rather not

First of all, you can probably go online before you convert all passwords. You can modify your query in dovecot-sql.conf.ext to something like the following: SELECT IF(crypt_pass IS NULL OR crypt_pass='', CONCAT('{PLAIN}',plain_pass), crypt_pass) as password FROM mailuser .. This is assuming that: * for incoming users, you have a plain_pass column containing just the plaintext

I'm having a weird problem which I think may be a bug, but I'm not sure, so I think I'll describe it and see if it rings a bell with anyone. Basically, the story is this: there's a file owned by a Unix user "lshaw" (i.e. me) and whose group ownership is "engineer". Now, I open this file on one Windows XP computer, then go try and open it again on another XP

Hello, Perhaps this post is not directly connected with Samba itself but after I saw that Samba uses EXOP for LDAP password changing I decided to write it to this list as well. Here is what I'd like to do: 1) I use openldap-2.3.35 for Samba auth mechanism 2) additionally I use openldap for any other auths I have in my subnet - exim, imap, svn, linux-login, etc... In case of Samba the

You do need to complete the query. Don't just replace your query with the one I wrote. You have to have a WHERE clause, and you might need to return other fields. Keep the password query you had before, just replace the 'password' column with "IF( ... ) as password" The query as you have it now simply returns all the passwords for all the users, because you don't have a

Hi all, Is there a way to get dovecot to recognize arbitrary password hash schemes when looking up a password in a database? I originally set up with #default_pass_scheme = MD5, and I would like to migrate to SHA512. Seeing as the scheme is actually stored in the password column along with the password in the format $_<scheme#>_$_<salt>_$_<passwordhash>_, it seems to me that

Hey everyone, I'm preparing for a transition in which I'll be moving everything (PDC, WINS server, big file shares) off an old Linux server running Samba 2.2.7 onto a much newer Linux system running Samba 3.0.22. In the process, I'll be switching from smbpasswd (only thing supported under Samba 2.x, if I understand correctly) to ldapsam on Samba 3.x. I want to keep the same domain

Hey everyone, I'm looking at the IDEALX smbldap-passwd script (the version which comes with samba 3.0.22, in the examples directory), and it seems to want to set the password scheme to an uppercase string, i.e.: {CRYPT}foobarfoobar {MD5}barfoobarfoo However, looking at RFC 2307 ( http://www.ietf.org/rfc/rfc2307.txt ), in section 5.3, it would appear that these are supposed to be

Hi, I have been running Samba with OpenLDAP for a few years. We recently upgrade the OpenLDAP server from 2.2.13 to 2.4.11. When users change their passwords now, only the Windows password is changed the UNIX password is not changed anymore. Samba server does not log any errors The samba configuration file did not change when the LDAP server was upgraded. I do have "ldap passwd

Hello, We are using Samba 3.0.14a-6, slapd 2.2.26-4 and smbldap-tools 0.9.1-2 on Debian. My users are complaining about warnings that their password is about to expire and that the are told "You do not have permission to change your password" when they try to change it. sambaAcctFlags includes the X flag which I thought meant "don't expire passwords." The password changing

I am stuck with Samba -Active Directory communication. Trying to bring my SUSE 10.0 to speak with AD Domain. net rpc testjoin - brings a unable to find suitable server message net join - kerberos_kinit_password preauthentication failed and ads_connect preauthentication failed wbinfo -u works fine wbinfo -t works fine getent passwd/group works too smb is running nmb is running winbindd is