** Description changed: - After upgrading a server (with ubuntu server) to lucid from previous LTS (hardy?), users start complain that, after changing passwords, windows works but other services (imap, ssh, ...) not. - After some hours of test, i've discovered that simply the NT/LM password got updated, the 'POSIX' ldap one not. + After upgrading a server (with ubuntu server) to lucid from previous LTS (hardy?), users start complaining that, after changing passwords, windows works but other services (imap, ssh, ...) don't. + After some hours of testing, I've discovered that simply the NT/LM password got updated, the 'POSIX' ldap one did not. Running 'smbpasswd -D 5 gaio' lead to: - smbldap_check_root_dse: Expected one rootDSE, got 0 + smbldap_check_root_dse: Expected one rootDSE, got 0 some other googling take me to the needs to add another ACL, so i've added: - access to attrs=namingcontexts - by * read + access to attrs=namingcontexts + by * read and now works. Some notes: - 1) i don't know if this is the correct/best ACL to add, and if this is a bug 'per se' or a side effects of the upgrade: i've no other lucid system to test with... - 2) this is probably a 'openldap upgrade bug' - 3) this is mainly a samba bug, i think: if i set 'ldap passwd sync = yes' and ldap password fail, i this it is better to reject the entire password changing operation, not to have ''half-changed'' password. + 1) I don't know if this is the correct/best ACL to add, and if this is a bug 'per se' or a side effects of the upgrade: I have no other lucid system to test with... + 2) This is probably a 'openldap upgrade bug'. + 3) This is mainly a samba bug, I think: if I set 'ldap passwd sync = yes' and ldap password fails. If it is better to reject the entire password changing operation, to not have a ''half-changed'' password. - I've marked also the ''security bug'' check because i think that this is - a security issue: sysadmin could set a dumb password for a first logon, + I've marked also the ''security bug'' check because I think that this is + a security issue: sysadmin could set a dumb password for a first login, then users change immediately but the dumb password remains for all non- windows services. thanks.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/885758 Title: 'ldap passwd sync = yes' and ldap password not updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/885758/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
