On Wednesday, 30 September 2009 17:33:39 Scott Classen wrote:
I am running openldap 2.4.18 (BDB 4.8.24). Both of which I compiled
I compiled smbk5pwd with support ONLY for samba. I am using the samba
that is distributed with CentOS 5.3 (3.0.33)
I use this module in my personal setup, and the last time I changed my
password I have 2.4.17 installed, and my samba password works (and I am quite
sure I didn't set it manually).
/me upgrades to 2.4.18 ...
On 2.4.18 (built from the same SRPM as the packages at
), it works for me:
[bgmilne@tiger ~]$ passwd
Changing password for user bgmilne.
Changing password for bgmilne.
Enter current password:
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information changed for bgmilne
passwd: all authentication tokens updated successfully.
[bgmilne@tiger ~]$ ldapwhoami -x -D
Enter LDAP Password:
[bgmilne@tiger ~]$ smbclient //localhost/bgmilne
Enter bgmilne's password:
Domain=[RANGER] OS=[Unix] Server=[Samba 3.4.1]
openldap does not crash or complain when it launches so I assume
is at least loading up the module correctly.
I have a user with the sambaSamAccount objectclass.
I have configured PAM to change the LDAP userPassword when invoked
from the command line with /usr/bin/passwd
What is pam_password set to in /etc/ldap.conf ?
Have you tried this by changing the password with ldappasswd instead (which we
know will do an ldap password change exop, which pam_ldap should do only if
pam_password is set to 'exop'.
The userPassword hash gets successfully updated and the values of
sambaNTPassword and sambaLMPassword hashes are changed, but I am
unable to authenticate as a samba user against these hashes... and
they look sorta weird:
when I would expect them to look more "complicated" like:
Does this smell of a smbk5pwd bug/problem/misconfiguration or a samba/
Could be a combination, this is only going to work if pam_password is set to
exop, if smbk5pwd gets a password hash, it shouldn't be setting any other