Hi Christian,

* Christian Manal <[email protected]> [16.02.2010 15:31]:
> Ralf Zimmermann schrieb:
> > Hi all,
> > 
> > I  have  a  problem  with  overlay  ppolicy and  samba.  My  samba  backend 
> >  is
> > openldap-2.4.20. I have a default ppolicy and a pwdCheckModule. If I change 
> > the
> > userPassword all works fine. I read the  slapo-ppolicy man page and I know 
> > that
> > the  only pwdAttribute  is  userPassword.  If I  change  the userPassword  
> > with
> > smbpasswd the policy works also fine. But if I want to change the Password 
> > with
> > a Windows  client the problem begins.  The sambaNTPassword is set  
> > everytime to
> > the  new Password  because the  ppolicy overlay  checks only  the 
> > userPassword.
> > So  the  both  Passwords  are  different  and  there  is  no  control  for  
> > the
> > sambaNTPassword.
> > 
> > Exists any solution or a workaround for this problem.
> > 
> > Any help is appreciated.
> > 
> > Mit freundlichen Gruessen
> > Ralf Zimmermann
> > 
> 
> Hello Ralf,
> 
> you should take a look at the option 'ldap passwd sync' in the smb.conf
> manpage. I would also recommend to take a look at the smbk5pwd overlay
> if you don't already use that.
> 
> 
> Best regards,
> Christian Manal

the option  'ldap passwd sync'  is set  to yes. I  will looking to  the overlay
smbk5pwd again. But I think it will not resolve the problem because samba makes
a modify for the samba attributes.

We  have a  default  ppolicy.  But this  policy  works  only with  pwdAttribute
userPassword not with  sambaNTPassword. The problem is, that a  User can change
his password with a Windows Client.  The sambaNTPassword is always set whatever
in the policy is configured.

Feb 16 14:16:32 rudi slapd[7683]: conn=1008 op=6 MOD 
dn="uid=rzimmermann,ou=Users,dc=bad-gmbh,dc=de"
Feb 16 14:16:32 rudi slapd[7683]: conn=1008 op=6 MOD attr=sambaNTPassword 
sambaNTPassword sambaPwdLastSet sambaPwdLastSet
Feb 16 14:16:32 rudi slapd[7683]: conn=1008 op=6 RESULT tag=103 err=0 text=
Feb 16 14:16:32 rudi slapd[7683]: conn=1009 op=6 EXT oid=1.3.6.1.4.1.4203.1.11.1
Feb 16 14:16:32 rudi slapd[7683]: conn=1009 op=6 PASSMOD 
id="uid=rzimmermann,ou=Users,dc=bad-gmbh,dc=de" new
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |useCracklib 1 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[useCracklib]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minPoints 3 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minPoints]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Word = minPoints, value = 3
Feb 16 14:16:32 rudi slapd[7683]: check_password: Setting quality to [3 ]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minUpper 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minUpper]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minLower 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minLower]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minDigit 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minDigit]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minPunct 0 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minPunct]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |useCracklib 1 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[useCracklib]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Word = useCracklib, value = 1
...
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minLower 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minLower]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minDigit 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minDigit]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minPunct 0 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter 
[minPunct]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Word = minPunct, value = 0
Feb 16 14:16:32 rudi slapd[7683]: check_password: Setting parameter to [0 ]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Found lower character - 
quality raise 1
Feb 16 14:16:32 rudi slapd[7683]: check_password: Reallocating szErrStr from 64 
to 174
Feb 16 14:16:32 rudi slapd[7683]: check_password_quality: module error: 
(check_password.so) Password for 
dn="uid=rzimmermann,ou=Users,dc=bad-gmbh,dc=de" do
es not pass required number of strength checks (1 of 3).[1]
Feb 16 14:16:32 rudi slapd[7683]: conn=1009 op=6 RESULT oid= err=19 text=

Thanks
Ralf Zimmermann

--

 .''`.  Ralf Zimmermann
: :' :  SIEGNETZ.IT GmbH             
`. `'   Schneppenkauten 1a      
  `-    57076 Siegen            
                               
        Tel.: +49 271 68193 13
        Fax.: +49 271 68193 29

        Amtsgericht Siegen HRB4838
        Geschaeftsfuehrer: Oliver Seitz
        Sitz der Gesellschaft ist Siegen
        

Attachment: signature.asc
Description: Digital signature

Reply via email to