> the option 'ldap passwd sync' is set to yes. I will looking to the > overlay > smbk5pwd again. But I think it will not resolve the problem because samba > makes > a modify for the samba attributes. > > We have a default ppolicy. But this policy works only with > pwdAttribute > userPassword not with sambaNTPassword. The problem is, that a User can > change > his password with a Windows Client. The sambaNTPassword is always set > whatever > in the policy is configured. >
If you set 'ldap passwd sync' to 'only' the Samba server triggers an extended operation for password change and doesn't touch the Samba attributes. smbk5pwd will take care of the Samba passwords. Best regards, Christian Manal
