Hi Folks,
I'm running DS-389 (version: 1.3.7.5 ; Build: 2018.178.1311) on a Cent OS 7 (vs. 7.6.1810) system. I've been working through creating a Samba 4 server and using LDAP authentication to my DS-389 server. I've managed to get through most everything but I'm running into an issue with how passwords are working. From the Samba box I can user the command "smbpasswd -a testuser" and it will change the Samba NT password internal to the DS-389 system along with the LDAP userPassword. I can then use this new password to login to linux systems using ssh and into my Samba shares from a Windows 10 system. But this isn't how I want the system to run..... I want to be able to change the LDAP password (userPassword) and have that then update the sambaNTPassword. I have been googling for days and ran across the suggestion to use the smbkrb5pwd overlay but that looks specific to openldap and not DS-389. I know there must be a way to update the userPassword field and have that push out to the samba password but I can't find anything useful. I'm hoping folks might have some suggestions on how to get the two passwords to sync. My smb.conf file looks like the following (scrubbed for security): # See smb.conf.example for a more detailed config file or # read the smb.conf manpage. # Run 'testparm' to verify the config is correct after # you modified it. [global] workgroup = SAMBA security = user passdb backend = ldapsam:ldap://192.168.1.10 ldap suffix = dc=abc,dc=edu ldap user suffix = ou=People ldap group suffix = ou=Groups ldap delete dn = no ldap admin dn = cn=Directory Manager ldap passwd sync = Yes ldap ssl = start_tls log level = 5 passdb:5 auth:5 printing = cups printcap name = cups load printers = yes cups options = raw unix charset = UTF-8 dos charset = CP932 hosts allow = 127. 192.168.1. # max protocol = SMB2 map to guest = Bad User [homes] valid users = @smbgroup browsable = no writable = yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @printadmin root force group = @printadmin create mask = 0664 directory mask = 0775 [Anonymous share] path = /samba/anonymous_share writable = yes browsable = yes guest ok = yes guest only = yes create mode = 0777 directory mode = 0777 Thanks in advance!
389-users@lists.fedoraproject.org