It's a openLDAP setting.
in the ldap.conf has a 'pam_password', setting this to crypt may works for
you.
I did the change in /etc/ldap.conf, /etc/openldap/ldap.conf and
/usr/local/etc/openldap/ldap.conf and restarted openldap y didn't work.
How wonder how it works because I understand windows contact the PDC and
the PDC is using smblda-passwd, but nothing about using pam? Could
somebody explain me? What else can I try? Perhaps inserting crypt in this
line of /etc/pam.d/system-auth in the PDC?:
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
sorry, I don't know much about pam.
Thank you,
Pablo
On 11/7/06, Pablo Chamorro C. <[EMAIL PROTECTED]> wrote:
Dear friends,
We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a
windows user changes his password using Ctrl-Alt-Del the password is
stored on ldap in SSHA format but we need to work with CRYPT because we
have some apps that don't support SSHA.
These are the lines related with authentication defined in smb.conf:
encrypt passwords = yes
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new
password*" %n\n"
passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/
and this is the setup in smbldap.conf:
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="CRYPT"
So, I don't know why windows is changing the password in SSHA format.
I appreciate your help.
Pablo Chamorro
--
Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514
Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
Ext. 2188 (hasta el 18.nov.2006)
Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514
Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
