Samba/LDAP password synchronization

Ow Mun Heng Ow.Mun.Heng at
Mon Sep 13 01:55:16 UTC 2004

On Thu, 2004-09-09 at 22:57, David Jansen wrote:
> Solved, sort of. It turns out that smbpasswd when run as root does not
> run the script, but when a user runs smbpasswd, the script is executed.
> Workaround for root: 'smbpasswd -r localhost username

This is good info, but I can't figure out why smbpasswd doesn't want to
run as root.

How do you add a new user then?
I don't use ldap as a backend, and I have to use smbpasswd -a newuser

> '
> So there has been some weird change between FC1 and FC2 but nothing I
> have to worry about here.
> David
> On Wed, Sep 08, 2004 at 03:39:58PM +0200, David Jansen wrote:
> > We have a setup here with a LDAP server (FC1) which also runs samba. 
> > Usernames, passwords (and more) are stored in LDAP, and with samba, this
> > machine can also act as PDC for the windows machines in the network.
> > 
> > A problem with such a setup is to keep passwords synchronized between
> > unix and windows. We had a working setup to change passwords through
> > samba so changing a password from windows, or from Linux with smbpasswd
> > changed the unix passwrod, LM-hash and NT-hash in the LDAP database.
> > 
> > Samba with LDAP as password backend seems to change only the windows
> > password hashes, so for changing the unix password, we had a script
> > which was called through the 'passwd program' and 'passwd chat' option
> > in smb.conf . A bit of a hack, but it worked.
> > 
> > ... until this setup was moved to a new machine on which FC2 was
> > installed. Now the passwd program script is never called any more, so
> > unix passwords are no longer being changed.
> > To find out what went wrong, we upgraded the FC1 machine to the latest
> > samba version (3.0.6-2.FC1) and now it exhibits the same behaviour: no
> > password script or program is executed when a user changes his password.
> > 
> > Does anyone know if something related to this behaviour was changed in
> > the latest samba release? The release notes mention nothing that looks
> > related. 
> > 
> > Or: does anyone know of another good way to make it possible to change
> > all passwords of a user at once so a user will always have only one
> > password?

Ow Mun Heng
Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel
Neuromancer 09:37:35 up 10:46, 2 users, load average: 0.78, 1.52, 1.28 

More information about the users mailing list