I use the linux fedora 3 and I have install
samba-3.0.11-1
openldap-2.2.13-2
smbldap-tools-0.8.7-2.1.fc3.rf
kenapa saya tidak bias ganti password setelah upgrade smbldap-tools ke versi
0.8.7 padahal saya juga sudah update konfigurasinya di openldap ( slapd.conf
).
Catatan : ketika saya masih menggunakan smbldap-tools versi 0.8.5 change
password masih ok.
Tampilan log seperti ini :
[2005/03/10 07:38:21, 3] lib/smbldap.c:smbldap_connect_system(866)
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does not support paged results
[2005/03/10 07:38:21, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
ldapsam_modify_entry: Failed to modify user dn=
uid=dadang,ou=Users,dc=hslprpol,dc=com with: Insufficient access
contoh configurasi /etc/openldap/slapd.conf
potong ----------------------------
# users can authenticate and change their password
access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdM
ustChange
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=nssldap,ou=DSA,dc=hslprpol,dc=com" write
by self write
by anonymous auth
by * none
# some attributes need to be readable anonymously so that 'id user' can
# answer correctly
access to
attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,membe
rUid,loginShell
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by * read
# somme attributes can be writable by users themselves
access to attrs=description,telephoneNumber
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by self write
by * read
# some attributes need to be writable for samba
access to
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,samb
aLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctF
lags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfileP
ath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,s
ambaSID,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,samba
AlgorithmicRidBase
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by self read
by * none
# samba need to be able to create the samba domain account
access to dn.base="dc=hslprpol,dc=com"
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by * none
# samba need to be able to create new users account
access to dn="ou=Users,dc=hslprpol,dc=com"
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by * none
# samba need to be able to create new groups account
access to dn="ou=Groups,dc=hslprpol,dc=com"
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by * none
# samba need to be able to create new computers account
access to dn="ou=Computers,dc=hslprpol,dc=com"
by dn="cn=samba,ou=DSA,dc=hslprpol,dc=com" write
by dn="cn=smbldap-tools,ou=DSA,dc=hslprpol,dc=com" write
by * none
# this can be omitted but we leave it: there could be other branch
# in the directory
access to *
by self read
by * none
-----------------------------
salam
dadang
--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip, FAQ, dan info milis di http://linux.or.id/milis
Tidak bisa posting? Baca:
http://linux.or.id/problemmilis
http://linux.or.id/tatatertibmilis
