similar to: change passord sssd-client

Hi all I am trying to create a webapp to allow users to change their own passwords in Samba4 (perhaps, also in AD), using LDAP(s). But when I try to modify the user password using this code: dn: ........ changetype: modify replace: unicodePwd unicodePwd: "Temporal2" I get this error: 0x32 (Insufficient access; error in module acl: insufficient access rights during LDB_MODIFY (50))

Hi Thanks all for your responses. The users can now change their own password adding and removing the unicodePwd attribute, using the correct method to generate the password value. Now, I have a problem, because the users who have the option to force to change the password in the next login checked, can't bind to the LDAP server in order to change their password. Is there any way to do this,

I've gotten pretty unhappy with "realmd" and "sssd". They try to hide >> a lot of steps away from the user, but the internal interactions are a >> bit of a "mousetrap" game. When it works, you get the mouse. But if >> any of the many steps are even slightly worn, it becomes erratic or >> fails. >> > > > Update: In fact i

Le 14/05/2019 à 09:12, Rowland penny via samba a écrit : > On 14/05/2019 07:32, Julien TEHERY via samba wrote: >> Le 13/05/2019 à 18:44, Rowland penny via samba a écrit : >>> On 13/05/2019 16:11, Julien TEHERY via samba wrote: >>>> Hi >>>> >>>> I'm trying to find a way to change user passwords from ubuntu >>>> client

Hello, I have a big performance problem with a mail server using dovecot and authenticating users via ldap. The architecture of the machine is a local ldap and mysql server, they are used by dovecot for authenticating the mail users. If i use pam_sss the mail server has about 1/8 - 1/10 the performances it has if i use the pam_ldap. Even doing a 'time ls -l' on the mail tree (there are

On Tue, May 14, 2019 at 3:42 AM Rowland penny via samba <samba at lists.samba.org> wrote: > > On 14/05/2019 08:30, Julien TEHERY via samba wrote: > > Yep I allready tried it, it ends with "kpasswd preauthentication > > failed getting initial ticket" What does "klist" say? And can you run "kinit" to ensure you have a valid ticket? One of my

Hello list, a quick question. Right now I have a combination of MIT Kerberos, OpenLDAP and SSSD for authenticating my users. Is there a way that Samba can use this setup to perform user authentication. I only want to access the shares of the Samba server from about 8 Windows computers. I am aware that I cannot make an Active Directory out of this. At the moment I have stored the users in a local

Le 13/05/2019 à 18:44, Rowland penny via samba a écrit : > On 13/05/2019 16:11, Julien TEHERY via samba wrote: >> Hi >> >> I'm trying to find a way to change user passwords from ubuntu client >> workstation on a samba4 domain. >> I tried in CLI from the client workstation (ubuntu 14.04) with: >> >> - smbpasswd -U $user >> >> => In

On 11.12.18 15:23, Rowland Penny via samba wrote: > On Tue, 11 Dec 2018 15:09:39 +0100 > tseegerkrb via samba <samba at lists.samba.org> wrote: > >> Hello list, >> >> a quick question. Right now I have a combination of MIT Kerberos, >> OpenLDAP and SSSD for authenticating my users. Is there a way that >> Samba can use this setup to perform user

Hello, Our linux clients are integrated to AD by the tool "realm" (no "net ads join") and use "sssd" for authenticating AD users. What is the recommended configuration for smb.conf to authenticate AD users for directory shares? First, it looks like the configuration for "security" should be "ADS" and "server role" should be

Hi all, I can only find posts about extended attributes from ~10 years ago, so I figured I'd ask this here. I get the following error when trying to change passwords on my Samba 4.7 AD via LDAP: ``` ldap_exop_passwd(): Passwd modify extended operation failed: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported ``` Is this feature (1.3.6.1.4.1.4203.1.11.1) still not supported? Also, I

If you are authenticating your CentOS 6 systems using sssd from a samba4 DC using GSSAPI, I'd like to hear from you. I have been able to get it to work using only cleartext passwords in sssd.conf, and of course I'd prefer to use GSSAPI. Steve

On 11.12.18 18:19, walk2sun via samba wrote: > Am 11.12.18 um 15:36 schrieb tseegerkrb via samba: >> On 11.12.18 15:23, Rowland Penny via samba wrote: >>> On Tue, 11 Dec 2018 15:09:39 +0100 >>> tseegerkrb via samba <samba at lists.samba.org> wrote: >>> >>>> Hello list, >>>> >>>> a quick question. Right now I have a

hello, I have this error while using --password-file= option. Any idea. Fran?ois tamtam:/etc# rsync --password-file=/etc/rsyncd.secrets backupcvs@cvs::cvs/ @ERROR: auth failed on module cvs rsync error: partial transfer (code 23) at io.c(143) . All seems OK tamtam:/etc# ls -ltr /etc/rsyncd.secrets -rw------- 1 root root 23 May 7 18:12 /etc/rsyncd.secrets

Samba4 beta6. CentOS 6.3. I have a CentOS client, using sssd, bound to a samba4 domain. The sssd configuration uses GSSAPI to bind to the directory. In both scenarios below, kerberos is fine, DNS is fine, I can use ldapsearch and bind to the directory with GSSAPI just fine, etc. If I have just one DC, everything works perfectly well for weeks on end. If I have two or more DC's,

Dear all, i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the

On 05/12/2019 19:48, S?rgio Basto wrote: > I made the packages [1] (BTW I'm a fedora packager maintainer ). > > [1] https://github.com/sergiomb2/sambaad You have used heimdal and not MIT, haven't you ? > >>> I just migrate the users and his password nothing more ... I had >>> to >>> remove a lot of fields, OU(s) etc for example: [1] . >> Just

Hello Jonathan and Rowlaand, Am 09.05.2015 um 17:46 schrieb Rowland Penny: > On 09/05/15 18:20, Jonathan Hunter wrote: >> Hi, >> >> I have a query about the use of sssd on a Samba4 DC. Background is as >> follows: >> >> I have two DCs and would like to synchronise files between the two >> machines. This is for sysvol replication - I am using lsyncd (

Hi, I have a query about the use of sssd on a Samba4 DC. Background is as follows: I have two DCs and would like to synchronise files between the two machines. This is for sysvol replication - I am using lsyncd ( https://code.google.com/p/lsyncd/ ) to trigger an rsync whenever files change. However I have hit a predictable problem, which is that since there is no synchronised UID mapping

Hi, Thank you for this answer, unfortunately I was not able to re-hash password as they are hashed into LDB database. First I retrieved the hash: ldbsearch -H $sam '(cn=some user)' unicodePwd # record 1 dn: CN=some user,OU=Users Management,DC=ad,DC=example,DC=com unicodePwd:: COwwLgiqqaHRyhy4HxWp4A== This "unicodePwd" attribute comes from a quick search into "user"