similar to: sambar4: user creation with ldap and initial password

Hi all I am trying to create a webapp to allow users to change their own passwords in Samba4 (perhaps, also in AD), using LDAP(s). But when I try to modify the user password using this code: dn: ........ changetype: modify replace: unicodePwd unicodePwd: "Temporal2" I get this error: 0x32 (Insufficient access; error in module acl: insufficient access rights during LDB_MODIFY (50))

Hello, lists. I'm struggling to find out, how one can change password of an active directory (based on samba4) user via LDAP. The problem is that if I try to use userPassword parameter: dn: CN=John Smith,cn=Users,DC=domain,DC=com changetype: modify replace: userPassword userPassword: newPassword ldapmodify -v -c -a -f filename.ldif -H ldaps://server.domain.com -D\ administrator at

Hi Thanks all for your responses. The users can now change their own password adding and removing the unicodePwd attribute, using the correct method to generate the password value. Now, I have a problem, because the users who have the option to force to change the password in the next login checked, can't bind to the LDAP server in order to change their password. Is there any way to do this,

Hi, I'm tying to set user's LDAP passwords using LDAP. `samba-tool user setpassword` does so by setting the write-only `unicodePwd` attribute, but turning it into binary and Base64-encoding it first: ``` if not isinstance(password, str): pw = password.decode('utf-8') else: pw = password pw = ('"' + pw + '"').encode('utf-16-le')

On Sun, 27 Oct 2024 15:08:14 +0100 William Edwards <wedwards at cyberfusion.nl> wrote: > > > Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba > > <samba at lists.samba.org> het volgende geschreven: > > > > ?On Sun, 27 Oct 2024 13:58:56 +0100 > > William David Edwards via samba <samba at lists.samba.org> wrote: > > > >> Hi,

On Sun, 27 Oct 2024 13:58:56 +0100 William David Edwards via samba <samba at lists.samba.org> wrote: > Hi, > > I'm tying to set user's LDAP passwords using LDAP. > > `samba-tool user setpassword` does so by setting the write-only > `unicodePwd` attribute, but turning it into binary and > Base64-encoding it first: > > ``` > if not

> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven: > > ?On Sun, 27 Oct 2024 13:58:56 +0100 > William David Edwards via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> I'm tying to set user's LDAP passwords using LDAP. >> >> `samba-tool user setpassword` does so by

Kees van Vloten via samba schreef op 2024-10-27 15:37: > Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >> On Sun, 27 Oct 2024 15:08:14 +0100 >> William Edwards <wedwards at cyberfusion.nl> wrote: >> >>>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba >>>> <samba at lists.samba.org> het volgende geschreven: >>>>

Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: > On Sun, 27 Oct 2024 15:08:14 +0100 > William Edwards <wedwards at cyberfusion.nl> wrote: > >>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba >>> <samba at lists.samba.org> het volgende geschreven: >>> >>> ?On Sun, 27 Oct 2024 13:58:56 +0100 >>> William David Edwards

On Sun, 27 Oct 2024 19:55:24 +0100 William David Edwards <wedwards at cyberfusion.nl> wrote: > Rowland Penny via samba schreef op 2024-10-27 15:31: > > On Sun, 27 Oct 2024 15:08:14 +0100 > > William Edwards <wedwards at cyberfusion.nl> wrote: > > > >> > >> > Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba > >> > <samba

Rowland Penny via samba schreef op 2024-10-27 15:31: > On Sun, 27 Oct 2024 15:08:14 +0100 > William Edwards <wedwards at cyberfusion.nl> wrote: > >> >> > Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba >> > <samba at lists.samba.org> het volgende geschreven: >> > >> > ?On Sun, 27 Oct 2024 13:58:56 +0100 >> > William

Op 27-10-2024 om 19:58 schreef William David Edwards: > Kees van Vloten via samba schreef op 2024-10-27 15:37: >> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >>> On Sun, 27 Oct 2024 15:08:14 +0100 >>> William Edwards <wedwards at cyberfusion.nl> wrote: >>> >>>>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba

Kees van Vloten schreef op 2024-10-27 20:45: > Op 27-10-2024 om 19:58 schreef William David Edwards: >> Kees van Vloten via samba schreef op 2024-10-27 15:37: >>> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >>>> On Sun, 27 Oct 2024 15:08:14 +0100 >>>> William Edwards <wedwards at cyberfusion.nl> wrote: >>>>

Op 27-10-2024 om 21:11 schreef William David Edwards: > Kees van Vloten schreef op 2024-10-27 20:45: >> Op 27-10-2024 om 19:58 schreef William David Edwards: >>> Kees van Vloten via samba schreef op 2024-10-27 15:37: >>>> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >>>>> On Sun, 27 Oct 2024 15:08:14 +0100 >>>>> William Edwards

Hi Juan, you can use the 'kpasswd' utility: kpasswd user at YOUR.REALM It can be run as unprivileged user. It first prompts you for your old password and the twice for the new password. Cheers, Roel Juan Asensio Sánchez writes: > Hi all > > I am trying to create a webapp to allow users to change their own passwords > in Samba4 (perhaps, also in AD), using LDAP(s).

Hi Kees, Kees van Vloten schreef op 2024-10-27 22:17: > Op 27-10-2024 om 21:11 schreef William David Edwards: >> Kees van Vloten schreef op 2024-10-27 20:45: >>> Op 27-10-2024 om 19:58 schreef William David Edwards: >>>> Kees van Vloten via samba schreef op 2024-10-27 15:37: >>>>> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba:

Hello, I'm troubleshooting an old backup script that exports and imports users from a Samba database using `samba-tool`. It's implemented so that passwords are exported using "samba-tool user getpassword {username} --attributes=unicodePwd". On the import side, an LDIF file is created in the following format: ``` dn: CN={username},OU=Users,DC=example,DC=com changetype: modify

Hi, Thank you for this answer, unfortunately I was not able to re-hash password as they are hashed into LDB database. First I retrieved the hash: ldbsearch -H $sam '(cn=some user)' unicodePwd # record 1 dn: CN=some user,OU=Users Management,DC=ad,DC=example,DC=com unicodePwd:: COwwLgiqqaHRyhy4HxWp4A== This "unicodePwd" attribute comes from a quick search into "user"

On Mon, 2 Dec 2024 10:54:38 +0100 "Emil.s via samba" <samba at lists.samba.org> wrote: > Hello, > > I'm troubleshooting an old backup script that exports and imports > users from a Samba database using `samba-tool`. > > It's implemented so that passwords are exported using "samba-tool user > getpassword {username} --attributes=unicodePwd".

Citando Andrew Bartlett <abartlet at samba.org>: > On Fri, 2017-04-07 at 20:32 +0000, Leonardo Bruno Lopes via samba > wrote: >> Hi everyone! >> >> I have a LDAP with all my users' accounts, each one with the >> sambaNTPassaword correctly defined. I also have a freshly installed >> Samba >> 4.2 running on a Debian 8.7 box. >> >> I