[Fedora-directory-users] Samba LDAP password sync

Matt Stucky (Office) matt_stucky-work at ntm.org.pg
Tue Nov 28 01:28:10 UTC 2006 

As I understand it, the password chat is only used with "unix password 
sync" and is not used with "ldap passwd sync".

Are you using MD5 for your passwords?

-Matt

Craig White wrote:
> On Tue, 2006-11-28 at 10:55 +1000, Matt Stucky (Office) wrote:
>   
>> Hi All,
>>
>> I've set up FDS as the ldap back end for a Samba PDC.  It is working 
>> well, but I'm having a problem with Windows users changing their 
>> password from Windows.  When I use "ldap passwd sync = yes" (in the 
>> samba config) Windows users receive an error message when they attempt 
>> to change their password.  What actually happens is their Samba/NT 
>> passwords are changed, but the posix password is not.  If I use "ldap 
>> passwd sync = no" (default) then the users can successfully change their 
>> passwords but, as per the smb.conf man page, only the Samba/NT passwords 
>> are changed, not the posix password.  I have FDS, User Admin tool 
>> (Webmin - LDAP users and Groups), and /etc/ldap.conf set to use MD5 for 
>> password hashing.
>>
>> If, on the server I run "smbpasswd test_user" and attempt to change a 
>> user's password that way; it gives me the error:
>> ---------------
>> ldapsam_modify_entry: LDAP Password could not be changed for user 
>> test_user: Confidentiality required
>>         Operation requires a secure connection.
>>
>> Failed to modify entry for user test_user.
>> Failed to modify password entry for user test_user
>> ---------------
>>
>> It looks like FDS requires SSL in order for a user's posix password to 
>> be changed from Samba/Windows.  I need to have the Samba and posix 
>> passwords syncronized.  Do I need to set up SSL for that to work, or is 
>> there something else I am missing?  I found a post where someone used 
>> "unix password sync = yes" with smbldap-passwd for the password program 
>> as a workaround for this same problem, but I would prefer the tidier and 
>> simpler "ldap passwd sync = yes".  Has anyone run into this and figured 
>> out how to make it work?
>>     
> ----
> my guess is that you have something wrong with your 'password chat
> script' in smb.conf or possibly something amiss in smbldap configuration
> because it does work.
>
> Craig
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

More information about the 389-users mailing list