Well, I seem to have gotten past the most difficult parts as far as Samba and LDAP
are concerned. I'm able to have a user log in to the domain, and get authenticated
via LDAP. The user can also change the LDAP password from the Windows screen
(control-alt-delete->change password). So most stuff as far as the windows domain
login appears.
My problem is this. Linux and other users need to be able to change their ldap
password. If they log into the box, or change it via a web interface it changes
their ldap password, but samba doesn't seem to recognize it. For example as root I
changed a users password via the command line and it said it was changing the LDAP
password. I confirmed the password was changed by accessing a web page that
authenticates using ldap and the new password worked. I then tried to access via
samba and the new password did no work.
Am I doing something wrong or missing something obvious? Does samba cache passwords
somewhere? I've got ldap sync set to on but that doesn't appear to be working.
Windows encodes the password differently to the unix side, and as a result, the password is stored in the ldap database twice. When you change the password from Samba, it updates the two encoded password versions both for windows and for unix. When you change the password for unix, it only changes the unix password and not the windows encoded version - thus your problem.
There is an extention available for the newer versions of openldap (not sure if it is openldap specific) that will allow openldap to handle the encoding of passwords for you in the various formats - this means that it will "just work" no matter what software changed the password, even if the software had no idea about windows. I haven't used it before though - try and read up on openldap for more details.
Regards, Graham --
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
