I am running Samba ver 3.0.33 on Solaris 10 (sparc.) Initially I had the server configured as a domain controller with the "passdb backend = tdbsam" option. The underlying unix accounts were stored in LDAP (Sun Directory Server.) Those accounts are also used for non-Samba services.
Since I have domain trusts with NT domains, I am using winbind and idmapping. The idmap data was also stored in ldap (under ou=idmap,ou=mydomain.com.) Since I wanted to eventually configured add a BDC controller I changed my PDC configuration to use LDAP backend with the following steps: Tried running "pdbedit -e ldapsam:ldap://ldap1.mydomain.com " - but that didn't seem to work. Used "pdbedit -L -w" to dump the NT account info to a text file Ran some custom perl scripts to read that file and update add/modify samba attributes (including sambaLMPassword, sambaNTPassword, objectClass=NTUser, sambaSID) to my ldap accounts. The SambaSID value for the LDAP account was copied from the output of "wbinfo -n username" Set the ldap admin passwd with "smbpasswd -w thepassword" Changed smb.conf to use ldap as the backend smb.conf includes passdb backend = ldapsam:ldap://ldap1.mydomain.com ldap suffix=o=mydomain.com ldap user suffix=ou=people ldap group suffix=ou=smb_groups ldap machine suffix=ou=machines ldap admin dn="cn=Directory Manager" ldap ssl = no ldap passwd sync = no ldap idmap suffix=ou=idmap If I use pdbedit to add or delete a samba user, it will appropriately add or remove samba attributes to the existing ldap account. (It won't actually create or delete the accounts.) And it does look like it tries to set the SambaNTPassword and SambaLMPassword fields. However, when I try to login, I can not login until I reset the password with smbpasswd. And when I change the password with smbpassword it does not update the ldap fields. I am not sure what is getting updated. The /etc/samba/private/passdb.tdb file - which I would expect to never change- shows that it was modified last at 10 am this morning. Even tho thet last password change was at 3 pm this afternoon. ls - /etc/samba/private/passdb.tdb Sep 22 10:10 passdb.tdb I had unix password sync enabled in smb.conf so that when user's changed password with smbpasswd, it would also change the ldap password. And this did work- at least from the user perspective- both the "Samba/Windows" and "LDAP/UNIX" password would change. Although the where the Samba password was being changed I am not sure. If I turn it off, it looks like smbpasswd will update the SambaNTPassword field in ldap. So is Samba caching the password changes somewhere locally if it can't update the SambaNTPassword in ldap? Even prior to the LDAP switch over, it seemed that the date stamp on passdb.tdb didn't update when I changed passwords. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
