Hi, I am using both syncrepl (for replication) and smbk5pwd (for password synchronisation between samba and ldap account) overlays. I have configured replication in the simplest way: a read-only producer that forwards updates to the provider thought updateref. If I change my password thought passwd command on a client with pam modules configured for gaining information from the provider everything works fine (userPassword, sambaLMPassword and sambaNTPassword are correctly syncronized). Instead, if I change my password thought passwd command on another client with pam modules configured for gaining information from the consumer only the userPassword is changed. I do not understand why. Has someone experimented the same problem? Thank you in advance.
On 14/11/2011 15:22, Francesco Storti wrote:
Hi, I am using both syncrepl (for replication) and smbk5pwd (for password synchronisation between samba and ldap account) overlays. I have configured replication in the simplest way: a read-only producer that forwards updates to the provider thought updateref. If I change my password thought passwd command on a client with pam modules configured for gaining information from the provider everything works fine (userPassword, sambaLMPassword and sambaNTPassword are correctly syncronized). Instead, if I change my password thought passwd command on another client with pam modules configured for gaining information from the consumer only the userPassword is changed. I do not understand why. Has someone experimented the same problem? Thank you in advance.
If I remember right password modification is done by an extended operation (at least the one needed for smbk5pwd to work). Not sure if this is forwarded as an ordinary modification.
Unfortunately I don't have any experience in your setup, so this can be just a guess.
Ciao Simone
On 14/11/11 15:22 +0100, Francesco Storti wrote:
Hi, I am using both syncrepl (for replication) and smbk5pwd (for password synchronisation between samba and ldap account) overlays. I have configured replication in the simplest way: a read-only producer that forwards updates to the provider thought updateref. If I change my password thought passwd command on a client with pam modules configured for gaining information from the provider everything works fine (userPassword, sambaLMPassword and sambaNTPassword are correctly syncronized). Instead, if I change my password thought passwd command on another client with pam modules configured for gaining information from the consumer only the userPassword is changed. I do not understand why. Has someone experimented the same problem? Thank you in advance.
The smbk5pwd only takes effect when performing a password Extended Operation (see the smbk5pwd/README file in the source). On the systems where 'passwd' is not doing the correct thing, verify that your ldap pam config is performing an ExOp, and not just overwriting userPassword.
I am performing replication without any issues with the samba/kerberos attributes propagating.
Sorry guys, my fault... I did not change my pam_ldap.conf with exop support. Thank you Dan and Simone for the support.
On 11/14/2011 04:59 PM, Dan White wrote:
The smbk5pwd only takes effect when performing a password Extended Operation (see the smbk5pwd/README file in the source). On the systems where 'passwd' is not doing the correct thing, verify that your ldap pam config is performing an ExOp, and not just overwriting userPassword.
I am performing replication without any issues with the samba/kerberos attributes propagating.
openldap-technical@openldap.org