* Buchan Milne <bgmilne(a)staff.telkomsa.net> [17.02.2010 15:24]:
On Wednesday, 17 February 2010 11:31:42 Ralf Zimmermann wrote:
> Hi Christian,
> * Christian Manal <moenoel(a)informatik.uni-bremen.de> [16.02.2010 16:41]:
> > > ok. I read it ;-) The Samba Server is a Sles11 with
> > > openldap2-2.4.12 and Samba-3.4.5. The Samba Server is not the LDAP
> > > Master. This is another Server with a self compiled openldap-2.4.20.
> > > The Samba Server runs with the Sles11 shipped openLDAP version. There
> > > it doesn't exits a smbk5pwd overlay.
> > >
> > > I think that I must compile and configure the overlay only on the Samba
> > > Server. Is this correct? Ups and also on the BDC's?
> > The overlay has to be installed on the LDAP master. Wouldn't make sense
> > otherwise, since slaves are usually read-only.
> the overlay smbk5pwd does not really work in this szenario. I have
> compiled heimdal
Why? Do you need LDAP password changes to change Heimdal passwords (IOW, did
you have a Heimdal installation before)?
What version did you install?
i have installed heimdal-1.3.2rc2.
> on Sles11 and compiled the smbk5pwd with make and make
From the same source used to build slapd on the box the module runs under?
Yes, I have compiled it under openldap-2.4.20.
> <snip Makefile>
So, you shouldn't need Heimdal at all ...
I compiled it yet with:
Well, without Heimdal has been working perfectly for me for a long
My problem was, that I must do a password change twice. I have searched the
wholy day. After restarting the slapd on the Samba Server all works fine. Now
I'm searching for the problem. On the Server is a backup software installed
that can make problems.
The problem exists with ldappasswd too. I must change a password twice. After
the second change the Master makes a password modify. After restarting the
slapd on the Samba server I can change the password from the Samba server
And on the slaves was a ppolicy overlay configured. I have changed this.
At times (e.g. 1.3.0 without patches), heimdal API changes have
Heimdal support in smbk5pwd.
Note that some distributions ship recent OpenLDAP with a working (at least for
samba) smbk5pwd, others include a smbk5pwd with Heimdal support as well.
I take the source from openLDAP.org
.''`. Ralf Zimmermann
: :' : SIEGNETZ.IT GmbH
`. `' Schneppenkauten 1a
`- 57076 Siegen
Tel.: +49 271 68193 13
Fax.: +49 271 68193 29
Amtsgericht Siegen HRB4838
Geschaeftsfuehrer: Oliver Seitz
Sitz der Gesellschaft ist Siegen