[opensuse] Sync LDAP + Samba password
Hi all, I have a Samba PDC with an LDAP backend. With both PDC and LDAP, I'm able to maintain a centralized user/group/... directory, for both windows and Linux machine to login and authenticate. I can also synchronize passwords, from SAMBA do OpenLDAP when a user changes his password on a windows machine. I've done it with the ldap passwd sync option at smb.conf. The problem I was not able overcome is when users change their passwords on a Linux machine using the ldap client, like a simple passwd command. With this method , the LDAP password gets updated but, the SAMBA passwords do not. I've tryed googling about it, without success. How can I update SAMBA passwords when users update them directly at LDAP ? Can anyone share a solution for this issue ? Using openSUSE 11.2. LDAP Directory imported from OpenLDAP from an openSUSE 10.3 machine. Thanks a lot for your help, -- Rui Santos http://www.ruisantos.com/ Veni, vidi, Linux! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi. You could use wbinfo or to change samba user password from linux if you have linux clients joined to domain. wbinfo ... --change-user-password=STRING Change the password for a user ... Dne 6.4.2010 16:57, Rui Santos napsal(a):
Hi all,
I have a Samba PDC with an LDAP backend. With both PDC and LDAP, I'm able to maintain a centralized user/group/... directory, for both windows and Linux machine to login and authenticate. I can also synchronize passwords, from SAMBA do OpenLDAP when a user changes his password on a windows machine. I've done it with the ldap passwd sync option at smb.conf. The problem I was not able overcome is when users change their passwords on a Linux machine using the ldap client, like a simple passwd command. With this method , the LDAP password gets updated but, the SAMBA passwords do not. I've tryed googling about it, without success.
How can I update SAMBA passwords when users update them directly at LDAP ? Can anyone share a solution for this issue ?
Using openSUSE 11.2. LDAP Directory imported from OpenLDAP from an openSUSE 10.3 machine.
Thanks a lot for your help,
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Vladimir, Thanks a lot for your reply. Your solution involves that a user needs to change the way that the password is changed. That would not be a safe way to do it. The best method would be that a user logs in with a regular ldap client, configured on YaST, then when he wants to change the password just opens a terminal and types 'passwd'. After the process is complete, it changes sambaNTPassword, sambaLMPassword and userPassword to the correct hashes. I've seen an external module can be used as an LDAP overlay. The module is the smbk5pwd that is included with the default openLDAP source. However OpenSUSE seems not to contain that module, neither on its default installation, nor it's BuildService repositories. I've managed to compile the module but, until now, I was unable to use it on an OpenSUSE 11.2 LDAP server - That new ldap-backend method of introducing new values on the cn=config instead of using the old slapd.conf file is just stressing me out... also the cn=modules in /etc/openldap/slapd.d seems to be missing. Another way of circumventing the problem, would be using the PDC as an authentication source but, it would just take a small slip, like changing a password on a regular LDAP client, and the windows/linux passwords would no longer be synced. AFAIK, openSUSE supports OOTB Windows/Linux password syncing but, it seems to be unidirectional. The Linux/Windows sync is not available. Am I correct ? Vladimir, have you ( or any other person on this list, of couse) had any experience with this module on OpenSUSE. How do you sync your passwords from Linux to Windows ? It might just be that I'm trying to "kill a fly with a cannon"... I hope so... Regards, Rui Santos On 07-04-2010 07:19, Vladimir Psenicka wrote:
Hi.
You could use wbinfo or to change samba user password from linux if you have linux clients joined to domain.
wbinfo ... --change-user-password=STRING Change the password for a user ...
Dne 6.4.2010 16:57, Rui Santos napsal(a):
Hi all,
I have a Samba PDC with an LDAP backend. With both PDC and LDAP, I'm able to maintain a centralized user/group/... directory, for both windows and Linux machine to login and authenticate. I can also synchronize passwords, from SAMBA do OpenLDAP when a user changes his password on a windows machine. I've done it with the ldap passwd sync option at smb.conf. The problem I was not able overcome is when users change their passwords on a Linux machine using the ldap client, like a simple passwd command. With this method , the LDAP password gets updated but, the SAMBA passwords do not. I've tryed googling about it, without success.
How can I update SAMBA passwords when users update them directly at LDAP ? Can anyone share a solution for this issue ?
Using openSUSE 11.2. LDAP Directory imported from OpenLDAP from an openSUSE 10.3 machine.
Thanks a lot for your help,
-- Rui Santos http://www.ruisantos.com/ Veni, vidi, Linux! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Rui Santos -
Vladimir Psenicka