On 27 janv. 11, at 16:55, TAKAHASHI Motonobu wrote:
2011/1/26 Joe Tseng <joe_ts...@hotmail.com>:
Is it possible for a user to change his/her password from Windows?
I tried it
out last night as a test user against my PDC and it only changed
for Samba; I
was still able to log into the PDC via SSH using the previous
password. (I
changed it for the test user as root and it took for both SSH and
Windows.)
Set "ldap password sync = yes" in LDAP environment or set "unix
password sync = yes"
and "pam password change = yes" in normal environment with PAM
enabled.
I tried to use smbldap-passwd as the test user, but I got a message
back saying
I had insufficient privileges:
Have you set "by self write" to both sambaLMPassword and
sambaNTPassword?
AFAICT this is not needed. The user never accesses theses hashes for
himself.
The samba "ldap admin dn" and the smbldap-tools "masterDN" need write
access to them.
I believe the smbldap-tools "masterDN" (and probably the samba "ldap
admin dn") also needs write access to :
- sambaPwdLastSet
- sambaPwdCanChange
- sambaPwdMustChange
- sambaAcctFlags
Regards,
Thierry
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
