Hi Christian, * Christian Manal <[email protected]> [16.02.2010 15:31]: > Ralf Zimmermann schrieb: > > Hi all, > > > > I have a problem with overlay ppolicy and samba. My samba backend > > is > > openldap-2.4.20. I have a default ppolicy and a pwdCheckModule. If I change > > the > > userPassword all works fine. I read the slapo-ppolicy man page and I know > > that > > the only pwdAttribute is userPassword. If I change the userPassword > > with > > smbpasswd the policy works also fine. But if I want to change the Password > > with > > a Windows client the problem begins. The sambaNTPassword is set > > everytime to > > the new Password because the ppolicy overlay checks only the > > userPassword. > > So the both Passwords are different and there is no control for > > the > > sambaNTPassword. > > > > Exists any solution or a workaround for this problem. > > > > Any help is appreciated. > > > > Mit freundlichen Gruessen > > Ralf Zimmermann > > > > Hello Ralf, > > you should take a look at the option 'ldap passwd sync' in the smb.conf > manpage. I would also recommend to take a look at the smbk5pwd overlay > if you don't already use that. > > > Best regards, > Christian Manal
the option 'ldap passwd sync' is set to yes. I will looking to the overlay
smbk5pwd again. But I think it will not resolve the problem because samba makes
a modify for the samba attributes.
We have a default ppolicy. But this policy works only with pwdAttribute
userPassword not with sambaNTPassword. The problem is, that a User can change
his password with a Windows Client. The sambaNTPassword is always set whatever
in the policy is configured.
Feb 16 14:16:32 rudi slapd[7683]: conn=1008 op=6 MOD
dn="uid=rzimmermann,ou=Users,dc=bad-gmbh,dc=de"
Feb 16 14:16:32 rudi slapd[7683]: conn=1008 op=6 MOD attr=sambaNTPassword
sambaNTPassword sambaPwdLastSet sambaPwdLastSet
Feb 16 14:16:32 rudi slapd[7683]: conn=1008 op=6 RESULT tag=103 err=0 text=
Feb 16 14:16:32 rudi slapd[7683]: conn=1009 op=6 EXT oid=1.3.6.1.4.1.4203.1.11.1
Feb 16 14:16:32 rudi slapd[7683]: conn=1009 op=6 PASSMOD
id="uid=rzimmermann,ou=Users,dc=bad-gmbh,dc=de" new
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |useCracklib 1 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[useCracklib]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minPoints 3 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minPoints]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Word = minPoints, value = 3
Feb 16 14:16:32 rudi slapd[7683]: check_password: Setting quality to [3 ]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minUpper 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minUpper]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minLower 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minLower]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minDigit 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minDigit]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minPunct 0 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minPunct]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |useCracklib 1 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[useCracklib]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Word = useCracklib, value = 1
...
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minLower 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minLower]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minDigit 2 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minDigit]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Got line |minPunct 0 |
Feb 16 14:16:32 rudi slapd[7683]: check_password: Validating parameter
[minPunct]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Parameter accepted.
Feb 16 14:16:32 rudi slapd[7683]: check_password: Word = minPunct, value = 0
Feb 16 14:16:32 rudi slapd[7683]: check_password: Setting parameter to [0 ]
Feb 16 14:16:32 rudi slapd[7683]: check_password: Found lower character -
quality raise 1
Feb 16 14:16:32 rudi slapd[7683]: check_password: Reallocating szErrStr from 64
to 174
Feb 16 14:16:32 rudi slapd[7683]: check_password_quality: module error:
(check_password.so) Password for
dn="uid=rzimmermann,ou=Users,dc=bad-gmbh,dc=de" do
es not pass required number of strength checks (1 of 3).[1]
Feb 16 14:16:32 rudi slapd[7683]: conn=1009 op=6 RESULT oid= err=19 text=
Thanks
Ralf Zimmermann
--
.''`. Ralf Zimmermann
: :' : SIEGNETZ.IT GmbH
`. `' Schneppenkauten 1a
`- 57076 Siegen
Tel.: +49 271 68193 13
Fax.: +49 271 68193 29
Amtsgericht Siegen HRB4838
Geschaeftsfuehrer: Oliver Seitz
Sitz der Gesellschaft ist Siegen
signature.asc
Description: Digital signature
