On 03/15/2010 12:33 PM, simo wrote:
On Mon, 2010-03-15 at 12:27 -0400, Gaiseric Vandal wrote:
I am using Sun Directory Server. I believe that both the Sun
Directory
server and the RedHat/Fedora directory server are forks of the
earlier
Iplanet/Netscape directory server. The samba servers are running
on
Solaris. With a local (non-ldap) password, root can easily use the
passwd command to change a user's password, since entering the old
password is not required. But with ldap accounts this doesn't work-
if
root tries to change another user's password with "passwd -r ldap",
the
old password is required. Instead you need to use the "ldapasswd"
command and authenticate as a user with the appropriate ldap
administrative powers.
my smb.conf includes
passwd program = /etc/samba/smbldappasswd.sh %u
passwd chat =*New* %n\n *changed*
unix password sync = yes
Why don't you use "ldap passwd sync" instead ?
Simo.
This didn't work last time I tried it. At some point I had unix
accounts in NIS, and samba accounts in TDB (local database file on the
PDC.) I then moved unix accounts to LDAP. Finally I migrated all the
Windows account info out of TDB into LDAP. I think I tried the "ldap
passwd sync" option when unix account info was in LDAP but samba
passwords were still in TDB.
I will try it again now that everything is 100% in LDAP.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
