Ralf Zimmermann schrieb:
Hi Christian,
- Christian Manal moenoel@informatik.uni-bremen.de [16.02.2010 16:18]:
Ralf Zimmermann schrieb:
Hi Christian,
- Christian Manal moenoel@informatik.uni-bremen.de [16.02.2010 16:05]:
the option 'ldap passwd sync' is set to yes. I will looking to the overlay smbk5pwd again. But I think it will not resolve the problem because samba makes a modify for the samba attributes.
We have a default ppolicy. But this policy works only with pwdAttribute userPassword not with sambaNTPassword. The problem is, that a User can change his password with a Windows Client. The sambaNTPassword is always set whatever in the policy is configured.
If you set 'ldap passwd sync' to 'only' the Samba server triggers an extended operation for password change and doesn't touch the Samba attributes. smbk5pwd will take care of the Samba passwords.
Best regards, Christian Manal
thanks, I take a look at smbk5pwd. Must I install heimdal kerberos? I need it only for samba and we have installed mit kerberos.
You can disable Kerberos support in the Makefile.
ok. I read it ;-) The Samba Server is a Sles11 with openldap2-2.4.12 and Samba-3.4.5. The Samba Server is not the LDAP Master. This is another Server with a self compiled openldap-2.4.20. The Samba Server runs with the Sles11 shipped openLDAP version. There it doesn't exits a smbk5pwd overlay.
I think that I must compile and configure the overlay only on the Samba Server. Is this correct? Ups and also on the BDC's?
The overlay has to be installed on the LDAP master. Wouldn't make sense otherwise, since slaves are usually read-only.
Best regards, Christian Manal