[Samba] NT/LM Samba passwords and userPassword sync

Sun, 06 May 2007 23:41:46 -0700 

Hello,
Perhaps this post is not directly connected with Samba itself but after I saw that Samba uses EXOP for LDAP password changing I decided to write it to this list as well. Here is what I'd like to do: 
1) I use openldap-2.3.35 for Samba auth mechanism
2) additionally I use openldap for any other auths I have in my subnet - exim, imap, svn, linux-login, etc... 


In case of Samba the NT/LM passwords play major role, for others I use 
userPassword. However userPassword (posixAccount) shows up in different 
places not only once:



ldapsearch -x -LLL uid=giedz

----------------

dn: uid=giedz,ou=people,dc=xxxx,dc=pl
uid: giedz
.....
objectClass: sambaSamAccount
....
sambaLMPassword: 598DDCE2660D3193AAD3B435B51404EE
sambaNTPassword: 2D20D252A479F485CDF5E171D93985BF
....
userPassword:: e01ENX0yRmVPMzRSWXpnYjd4YnQycFl4Y3BBPT0=

---------------------

dn: [EMAIL PROTECTED],ou=domains,dc=xxxx,dc=pl
mail: [EMAIL PROTECTED]
......
userPassword:: e01ENX0yRmVPMzRSWXpnYjd4YnQycFl4Y3BBPT0=

-----------------

dn: [EMAIL PROTECTED],ou=domains,dc=xxxxx,dc=pl
.....
userPassword:: e01ENX0yRmVPMzRSWXpnYjd4YnQycFl4Y3BBPT0=


I want to give my users ability to change their passwords by themselfs.

But I need to sync all passwords for particular user. I mean when user 
changes his/her password from windows via Samba (ldap passwd sync = yes) 
the LM/NT and all userPassword are being changed respectively (regarding 
the particular dn=giedz,ou=people,dc=xxx,dc=pl), right?



The same when "passwd" command is involved - when user uses it, this 
means all passwords are changed (windows + all userPassword).



I heard about smb5kpwd but I don't use Kerberos and I don't think it's 
suitable for my need, isn't it?



So in this case do you have any idea what should I do? Of course I could 
you external script to change userPassword everywhere, but since EXOP 
exists I thought it's much wiser to use native feature rather than 
external solution.



Regards,
Marcin

--
ARISE M.Giedz, T.Żebruń Sp.j.
http: www.arise.pl
mail: [EMAIL PROTECTED]
tel: +48 502 537 157

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to