On Thu, 2012-11-01 at 12:44 +0000, Thomas Mueller wrote: > hi > > trying to create a user with ldap from a remote server. The user is > created successfully. I'm failing setting the initial password. > > Setting the unicodePwd with kerberos administrator credentials with > ldbmodify and the ldif below results in "00002035: setup_io: it's not > allowed to set the NT hash password directly". > > searching the web I've found s4 mailinglist entries telling "do not set > unicodePwd with ldap". this KB article tells in AD it's possible to set > it: http://support.microsoft.com/kb/263991/en-us > > Is there a supported method to supply the initial user password with s4 > and ldap? > > - Thomas > > LDIF: > dn: CN=Thomas Mueller,OU=Users,DC=test,DC=testing > changetype: modify > replace: unicodePwd > unicodePwd:: $IlRlc3QxMjMtLSIK
To set it via unicodePwd, you need to have it as UTF16, not ascii/utf8. See however the userPassword, which is a normal, utf8 unquoted string (ie, sane :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
