1. yes, I tried these lines and in the logs, there was a failure in response 3 "match no". When I manually ran smbldaa-passwd.pl in xterm, I saw that there's never a "successfully" meesage when the password is changed with success, I looked the code (luckily it's Perl ;o)), and I didn't see any "print "succes"" or "print "password changed"". So, I added it myself and now, it passed the Response 3 correctly (match yes) like you see ine the logs. --> Maybe I made a mistake when changing the script like that, just added a print just before "exit 0"...
2. I only changed the script like I just said in answer above... I got smbldap-tools on samba.idealx.org, in the menu on the right side but I'm looking better now, and this version is 0.8.1 and in the page, there's a 0.8.2 version... I'll try 0.8.2 tomorrow now to see why there's still 2 connections. Which are the better: in samba 3 tarball (i don't see version number in scripts) or at idealx website? --> I just look the code of smbldap-passwd.pl and there's still not "print "success""... 3. Sorry, I don't understand exactly... --> I just know that my password is changed with success despite of the error popup on Windows. 4. The default passwd chat failed on Response 3, this is in my answer for 1st question. I took the schema in samba tarball (examples/LDAP/samba.schema), maybe it was corrupted or modified by error, I'll see tomorrow too (too much things to do tomorrow! :o)) --> In what order I must add samba.schema in slapd.conf? I put it after all others (cosine.schema, nis.schema, ...) 5. (Added myself) I setup pam_ldap and nss_ldap (from padl software). I modified these files: /etc/nsswitch.conf, /etc/ldap.conf and some in /etc/pam.d/ (system-auth, su, ssh, ...). I dont have any Linux user, ALL my users are in LDAP (except for system users like root, bin, postfix, mysql, ...). I'll mostly control the server by shh or web interface, and rarely on the machine itself (console or X mode). I have several questions: a) Do I must put system users in LDAP or just in /etc/passwd is enough? b) Wich files in /etc/pam.d/ I must modified to have my services and password sync work? c) I build Samba without --with-pam and --with-pam_smbpass, is it a mistake or is it good? And what are these options exactly in simple words, i didn't understand docs... d) Is there a doc that well explain how to install Samba 3 in PDC role using LDAP backend? If there's one, I didn't find it. I took little parts from several docs, and mostly are for Samba 2.2. e) In log, I saw that when a user under WinXP open a session on the domain, Samba search for a guest, nobody group or user in LDAP and after, it connects with Manager (my LDAP admin) and do the authentication process, why is it searching guest or nobody? Thank you very much for your help and advice! Sebastion Jousse. ----- Original Message ----- From: "Toby Schaefer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 18, 2003 6:57 PM Subject: RE: [Samba] Samba 3 PDC with LDAP - Error when changinguserpasswordfrom windows >From what it looks like, you are most likely setup correctly... A few > questions: > > 1. In your smb.conf, is pw change as such: > > passwd chat debug = Yes > passwd program =/usr/local/bin/smbldap-passwd.pl -o %u > passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* > > (I'm guessing it is due to your logs showing it correctly.) > > 2. It seems that it's dying trying to open a second connection to your LDAP > server that it isn't closing. Have you the latest smbldap-tools (the ones > that came with Samba3?), and have you modified them at all. > > 3. You may want to do a test - It seems to not be updating all your tokens > correctly. To test this, make a note of what the sambaLMPassword is, then > try to change the password. See if this value changes. If it doesn't, then > it's going to get rather confusing having multiple hashes! > > 4. Finally, has the password chat ever worked over there? It's working in > our domain beautifully; however, YMMV. :) If it has never worked correctly, > I'd at this point look to make sure your schema is correct and that somehow > the sambaLMPassword portion didn't get hosed during setup. > > Cheers, > > Toby Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
