Hi, I don't think Samba 4 detects a hash, but it may just disallow setting unicodePwd directly trough ldap connection.
The attribute (unicodePwd) is not even visible when browsing the ldap with the administrator account. I don't think LSC will allow me to fully sync LDAP and Samba 4. Thanks for your help. -- Sébastien BEAUDLOT Administrateur système, réseaux et téléphonie Direction Opérationnelle des Systèmes d'Information ( DOSI ) Pôle Infrastructures Université d'Avignon et des Pays de Vaucluse Tèl : 04.90.16.26.04 -- De: "Clément OUDOT" <[email protected]> À: "lsc-users" <[email protected]> Envoyé: Mercredi 26 Septembre 2018 17:38:46 Objet: Re: [lsc-users] Pushing a password to Samba 4 Le 26/09/2018 à 17:11, Sebastien BEAUDLOT a écrit : Hi, I am trying to push passwords for my LDAP users to a Samba 4 AD (like instructions in this howto : [ https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory | https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory ] ), but i'm stuck with a LDAP Error 53 : Error while modifying entry CN=beaudlot,cn=Users,dc=adbaka,dc=univ-avignon,dc=fr in directory :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002035: setup_io: it's not allowed to set the NT hash password directly']; Dataset look like : <dataset> <name>unicodePwd</name> <policy>FORCE</policy> <createValues> <string>AD.getUnicodePwd("JustTesting4Password!")</string> </createValues> </dataset> (I am just trying to push a fixed string for now, but future plans will include pre-encrypted passwords with passwordhk.pl) Samba 4 AD connection is secured. I tried TLS and SSL/ldaps, both working for all other attributes. I also tried to bind with both the builtin administrator account and a manually made lsc service account. Password update seems way more tricky than other attributes, and i may be missing something important here ... Seems you are not the only one to have this issue: [ http://samba.2283325.n4.nabble.com/Setting-unicodePwd-hashes-directly-td2469395.html | http://samba.2283325.n4.nabble.com/Setting-unicodePwd-hashes-directly-td2469395.html ] What I don't understand is why Samba4 thinks your password is a NT hash, it should detect that this is a plain text value. Try to set a default value like "password123" to see if this changes something. -- Clément Oudot | Identity Solutions Manager [ mailto:[email protected] | [email protected] ] Worteks | [ https://www.worteks.com/ | https://www.worteks.com ] _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
