On Mon, 2012-10-01 at 17:03 -0400, Qing Chang wrote: > In a thread on Freeipa-devel titled "freeIPA as a samba backend" there > is a statement as below: > ===== > IPA will keep all of your passwords in sync - userPassword, > sambaNTPassword, sambaLMPassword, and your kerberos passwords. > 389 cannot do this - the functionality that does this is provided by > an IPA password plugin. Openldap has a similar plugin, but I > think it is "contrib" and not "officially supported". > ====== > > Can someone please point me to where I can find this plugin and > configured it to keep all passwords listed above in sync?
The plugin is automatically enabled in IPA, it is the only way to change passwords. > I am unable to find detailed information on password plugin in IPA 2.2 > doc. > > My intention is to provide my Windows users (accounts on IPA server) > IPA web interface only for changing their password. If you need to write a tool to change passwords keep in ming you can use ldappasswd and pass it old/new user password. > I am using Samba 3.0.23d as a standalone server because this is a last > version that does not check for SIDs strictly... > more recent versions of samba can also use the ldappasswd method. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users