Ralf Zimmermann schrieb:
Hi Christian,
- Christian Manal moenoel@informatik.uni-bremen.de [16.02.2010 16:05]:
the option 'ldap passwd sync' is set to yes. I will looking to the overlay smbk5pwd again. But I think it will not resolve the problem because samba makes a modify for the samba attributes.
We have a default ppolicy. But this policy works only with pwdAttribute userPassword not with sambaNTPassword. The problem is, that a User can change his password with a Windows Client. The sambaNTPassword is always set whatever in the policy is configured.
If you set 'ldap passwd sync' to 'only' the Samba server triggers an extended operation for password change and doesn't touch the Samba attributes. smbk5pwd will take care of the Samba passwords.
Best regards, Christian Manal
thanks, I take a look at smbk5pwd. Must I install heimdal kerberos? I need it only for samba and we have installed mit kerberos.
You can disable Kerberos support in the Makefile.
Best regards, Christian Manal