Hi
* Buchan Milne bgmilne@staff.telkomsa.net [17.02.2010 15:24]:
On Wednesday, 17 February 2010 11:31:42 Ralf Zimmermann wrote:
Hi Christian,
- Christian Manal moenoel@informatik.uni-bremen.de [16.02.2010 16:41]:
ok. I read it ;-) The Samba Server is a Sles11 with openldap2-2.4.12 and Samba-3.4.5. The Samba Server is not the LDAP Master. This is another Server with a self compiled openldap-2.4.20. The Samba Server runs with the Sles11 shipped openLDAP version. There it doesn't exits a smbk5pwd overlay.
I think that I must compile and configure the overlay only on the Samba Server. Is this correct? Ups and also on the BDC's?
The overlay has to be installed on the LDAP master. Wouldn't make sense otherwise, since slaves are usually read-only.
the overlay smbk5pwd does not really work in this szenario. I have compiled heimdal
Why? Do you need LDAP password changes to change Heimdal passwords (IOW, did you have a Heimdal installation before)?
What version did you install?
i have installed heimdal-1.3.2rc2.
on Sles11 and compiled the smbk5pwd with make and make install.
From the same source used to build slapd on the box the module runs under?
Yes, I have compiled it under openldap-2.4.20.
<snip Makefile> DEFS=-DDO_SAMBA
So, you shouldn't need Heimdal at all ...
I compiled it yet with: DEFS=-DDO_SAMBA HEIMDAL_INC= HEIMDAL_LIB=
Well, without Heimdal has been working perfectly for me for a long time.
My problem was, that I must do a password change twice. I have searched the wholy day. After restarting the slapd on the Samba Server all works fine. Now I'm searching for the problem. On the Server is a backup software installed that can make problems.
The problem exists with ldappasswd too. I must change a password twice. After the second change the Master makes a password modify. After restarting the slapd on the Samba server I can change the password from the Samba server without problems.
And on the slaves was a ppolicy overlay configured. I have changed this.
At times (e.g. 1.3.0 without patches), heimdal API changes have broken the Heimdal support in smbk5pwd.
Note that some distributions ship recent OpenLDAP with a working (at least for samba) smbk5pwd, others include a smbk5pwd with Heimdal support as well.
I take the source from openLDAP.org.
Regards, Ralf Zimmermann
--
.''`. Ralf Zimmermann : :' : SIEGNETZ.IT GmbH `. `' Schneppenkauten 1a `- 57076 Siegen
Tel.: +49 271 68193 13 Fax.: +49 271 68193 29
Amtsgericht Siegen HRB4838 Geschaeftsfuehrer: Oliver Seitz Sitz der Gesellschaft ist Siegen