Thank you for commnet
yes it is 3.2.5 regural package in Lenny.
dpkg -l | grep samba ii samba 2:3.2.5-4lenny7 a LanManager-like file and printer server for Unix ii samba-common 2:3.2.5-4lenny7 Samba common files used by both the server and the client ii samba-doc 2:3.2.5-4lenny7 Samba documentation server:/etc/samba# dpkg -l | grep ldap ii ldap-utils 2.4.11-1 OpenLDAP utilities ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libnss-ldap 261-2.1 NSS module for using LDAP as a naming service ii libpam-ldap 184-4.2 Pluggable Authentication Module for LDAP
I know this stuff is very complex and I am trying to set it up step by step, but I really do not undersand what causing error
smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the tconX on the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. Failed to change password for test1
when I logged to system usning ssh and as user1.
I understand that smbpasswd by default look for ip address 127.0.0.1/localhost but I am getting same error in case I set up
127.0.0.1/8 in smb.conf
Also I tried to change samba password for user1 using
smbpasswd -r 192.168.1.201 ( 192.168.1.201 is stated it smb.conf as interface will bind to, ) but again same problem
What is tconX, I did not defined it, what ir set up IPC$....
regards, thanks
2009/11/3 Michael Ströder michael@stroeder.com:
pcinformace pcinformace wrote:
I am trying to set up LDAP + SAMBA
I assume this is Samba3. Is it an OpenLDAP server?
Question is how can I make it reversible, so when I change password connected via ssh to be propagated to samba system and to use that new password for accessing samba shares.
For the LDAP bind (used by ssh) the attribute 'userPassword' has to be set when changing the password. For Samba3 the attribute(s) sambaNTPassword (and optionally sambaLMPassword) have to be set with a pre-calculated hash.
I'd recommend to set up OpenLDAP with overlay slapo-smbk5pwd which you have to build separately and is found in directory contrib/slapd-modules/smbk5pwd of the source distribution. This overlay intercepts the Password Modify extended operation and sets userPassword and the Samba password attribute(s). So you have to tell pam_ldap to use ext. op. when setting a new password.
Ciao, Michael.
-- Michael Ströder E-Mail: michael@stroeder.com http://www.stroeder.com