On Monday, 2 November 2009 15:03:29 pcinformace pcinformace wrote:
Hi all,
I am trying to set up LDAP + SAMBA to propagate password in both directions but unfortunately I have some small issues I do not know how to resolve.
I set up LDAP and SAMBA server and I can connect to them ( all on one machine )
I can connect to samba server and browse shares with
smbclient //192.168.1.199/home -U user100
Also I can connect using ssh user100@192.168.1.199 ( wirt password I set up for user100 in LDAP system )
where user "user100" is added to samba conf as samba user but its origin is from LDAP and it is is originally added using
ldapadd -c -x -D cn=admin,dc=testdomain,dc=net -W -f user100.ldif ldappasswd -x -D cn=admin,dc=testdomain,dc=net -W -S uid=user100,ou=people,dc=testdomain,dc=net
I can change password for user "user100" once logged over ssh using "passwd" and this new password apply only on LDAP part,
If you enabled the smbk5pwd overlay, and assuming you are using pam_ldap, and have configured pam_ldap to use the LDAP password modify extended operation to change passwords ("pam_password exop"), then this would change the samba password too.
When logged over ssh to LDAM-SAMBA server as user "user100" and want to change password using smbpasswd I am getting error like
smbpasswd Old SMB password: New SMB password: Retype new SMB password: Unable to connect to SMB server on machine 127.0.0.1. Error was : NT_STATUS_CONNECTION_REFUSED. Failed to change password for user100
I do not have address 127.0.0.1 set anywhere in samba configuration
See the -r option to smbpasswd.
OS is debian stable and all packages are debian's ones
Let's hope debian ships smbk5pwd overlay (other distros do ....).
Regards, Buchan