similar to: Samba4 syncpassword fails

>Well, I ask myself the same question. The fact is that it went bad at the precise second we tried to add a new remote DC to the domain. >This never happened before has we had many other remote DCs and use to join them whitout any problem. > >I was hopping that deleting and recreating the ldb cache would be sufficient, but it wasn't. Launching the daemonized script failed at the

>Then I am at a loss, if nothing really changed, why are you getting the >error ? Well, I ask myself the same question. The fact is that it went bad at the precise second we tried to add a new remote DC to the domain. This never happened before has we had many other remote DCs and use to join them whitout any problem. I was hopping that deleting and recreating the ldb cache would be

On Mon, 2017-10-30 at 17:00 +0100, Marco Gaiarin via samba wrote: > I'm forced, for legacy reasons, to use 'syncpassword'. > Docs are scarce, so i ask here. > > > Seems to me that the ''consumer'' (eg, 'samba-tool user > syncpasswords', > with or without '--daemon') get activated after every password > change, > indipendently

I'm forced, for legacy reasons, to use 'syncpassword'. Docs are scarce, so i ask here. Seems to me that the ''consumer'' (eg, 'samba-tool user syncpasswords', with or without '--daemon') get activated after every password change, indipendently on what DC get originated (eg, i've changed a password, see previous email, on DC2 and the

> Seems a bit strange to me... Seems a bug to me, so i've fired up: https://bugzilla.samba.org/show_bug.cgi?id=13114 Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it

On Tue, 31 Oct 2017 18:19:39 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > Seems a bit strange to me... > > Seems a bug to me, so i've fired up: > > https://bugzilla.samba.org/show_bug.cgi?id=13114 > > > Thanks. > I normally only use 'samba-tool user setpassword --random-password' when I create a user that will

Mandi! Rowland Penny via samba In chel di` si favelave... > I normally only use 'samba-tool user setpassword --random-password' > when I create a user that will never log in and then use kerberos with > a program e.g. squid. I usually also set the password to never expire. Silimar user case. I need to create accounts by scripts, where passwords are set by other means (eg,

On Tue, 2017-10-31 at 19:05 +0100, Marco Gaiarin via samba wrote: > > > So, the question has to be, just what do you need to sync the passwords > > to ? > > Really i don't need that. But 'samba-tool user setpassword --random-password' > passwords get processed by 'syncpasswords', as ''normal'' ones. Either way, if we can't handle

>Where did you get the password sync script from ? Are you aware that >samba-tool now has the facility to do this ? > >Have a look here: > >https://dev.tranquil.it/wiki/SAMBA_-_Synchronisation_des_mots_de_passe_entre_un_Samba4_et_une_OpenLDAP<https://dev.tranquil.it/wiki/SAMBA_-_Synchronisation_des_mots_de_passe_entre_un_Samba4_et_une_OpenLDAP> > >Rowland This is the

On 14/08/2020 08:41, Julien TEHERY wrote: > >I just had a look at tranquils code again and I have a possible idea > >about what is going on. The code was written for python2 and needs > >updating to python3 > > Yes, but as i explained before, we managed to make it work since > almost a thousand days in a row ? > > THe ldb cache is initialized with: > >

>OK, after doing some digging, there have been code changes in >'source4/dsdb/samdb/ldb_modules/dirsync.c' and the block of code >printing the error is no longer at line 1269, so it looks like you are >using an older version of Samba. So what versions of Samba are you using >on the 'main' DC and on the 'new' DC ? > >Also what OS ? Indeed we have an old

>This function ndr_pull_ldapControlDirSyncCookie() >returned an error. Add debug output and drill down >into what it is failing to parse. FYI, I increased samba4 loglevel to 10, re initialized ldb cache et launched again password sync and it failed with the exact same error The script used is a python one provided here:

>FYI, I increased samba4 loglevel to 10, re initialized ldb cache et launched again password sync and it failed with the exact same error > >The script used is a python one provided here:

>I just had a look at tranquils code again and I have a possible idea >about what is going on. The code was written for python2 and needs >updating to python3 Yes, but as i explained before, we managed to make it work since almost a thousand days in a row ? THe ldb cache is initialized with: samba-tool user syncpasswords --cache-ldb-initialize

I've setup in my domain the 'samba-tool user syncpasswords' to catch password changes, to propagate correctly to some legacy system. I've done some tests, but today i've found the ''daemon'' is not running. After fiddling a bit, i've found the culprit came from the fact that a user have a base64 version of the password as:

Hi everyone, hi Metze, looking through the mailing list, it seems that there hasn't been much talk about the interesting features offered by syncpassword / getpassword that came out with 4.5.0. I was hoping to use this feature to pipe a ssha1 and HA1 hashes into an external ldap. Looking at the command line doc and then at the source code, it gets a bit more clear to me and I wanted to

Hi Dennis, > looking through the mailing list, it seems that there hasn't been much > talk about the interesting features offered by syncpassword / > getpassword that came out with 4.5.0. I was hoping to use this feature > to pipe a ssha1 and HA1 hashes into an external ldap. > > Looking at the command line doc and then at the source code, it gets a > bit more clear to

On Wed, 2016-10-19 at 10:10 +0200, Stefan Metzmacher via samba wrote: > Hi Dennis, > > >  > > > > If this is the way it works, I was wondering if is there a reason > > why > > not directly storing the required hashes (ssha1, ssha256, etc.) > > into the > > supplementalCredentials attribute on the DC doing the password > > change? > >

On Tue, Sep 26, 2017 at 1:30 PM, Marco Gaiarin via samba < samba at lists.samba.org> wrote: > > [Clearly, this question is intimately connected to the previous...] > > I need a way to ''preprocess'' or at least intercept password changes, > because i need to propagate them to other ''legacy'' systems. > > I've looked around and found

On Mon, 2018-01-15 at 10:55 +0100, Marco Gaiarin via samba wrote: > Mandi! Stefan Metzmacher via samba > In chel di` si favelave... > > > Encrypted secrets > > ----------------- > > This change/break something in 'samba-tool user syncpasswords'? Can you please explain what you are asking here? Are you asking if it intentionally changes the behaviour of