Re: [Samba] changing ldap passwords?

[Tim Tyler]

Ok, but I seem to get this error when using smbpasswd
  # smbpasswd goliath
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to modify user dn= 
uid=goliath,ou=People,dc=lincon,dc=beloit,dc=edu with: Insufficient access

ldapsam_update_sam_account: failed to modify user with uid = goliath, 
error:  (Success)
Failed to modify entry for user goliath.
Failed to modify password entry for user goliath

I am not sure what I am doing wrong in my setups.    Does this acl in 
ldap's slapd.conf look ok?
access to attr=sambaLMPassword,sambaNTPassword
        by 
dn.exact="uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu" read
        by * none

What about this as the account for samba password administration (ldif 
format)?
# samba_servers, People, lincon.beloit.edu
dn: uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu
objectClass: person
objectClass: uidObject
uid: samba_servers
description: Account used by Samba servers to access user passwords
cn: samba_servers
sn: samba_servers
Any idea why I might be getting the error above?
 Tim
At 04:05 PM 1/24/2005, you wrote:

Tim,
smbpassword should work fine for modifying the LM/NT passwords.
Also, if your using Fedora or Redhat Enterprise server you might wish
to check out a program we have written: www.Essay-Software.com
Sincerely,
Scott Alcock
Essay Software, LLC
www.Essay-Software.com
Rockford, Illinois

Tim Tyler wrote:
  Samba experts,
  I am using Samba 3.0.8 on an AIX 5.1 system with ldap 
authentication.  I have ldap working so that users can authenticate in 
their samba account via ldap.   However, I am trying to figure out the 
best method for allowing users to change their ldap samba account password.
   What is the best method to allow end users to change their LM/NT 
passwords for Samba via LDAP?
Should I be using smbpasswd?  Or should I be using the smbldap-tools and 
use smbldap-passwd.pl? Or is there another option?

Also, what do I need to set for privileges (ACL's) on the ldap server 
side to allow users to change their samba password (if any)?

 Any recommendations and hints about implementing it are much appreciated!
thanks!
 Tim

Tim Tyler
Network Engineer - Beloit College
[EMAIL PROTECTED]

Tim Tyler
Network Engineer - Beloit College
[EMAIL PROTECTED] 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba