[Date Prev][Date Next] [Chronological] [Thread] [Top]

Invalid credentials: solved (finally!)

Just a headsup in case someone has the same problem (and hoping this gets archived into google).. I had an issue where folks could not do user binds for authentication via crypt passwords, where we'd get 'Invalid credentials' errors when using ldap tools (ldapsearch, ldapmodify, etc), but other tools and software (samba, mozilla, etc) would work properly. As it turns out, we use a scripted web interface to change passwords in order to maintain samba ntPassword and lmPassword entries (we use samba as a PDC as well), which would run smbpasswd with a password script that would mangle the ldap entry's userPassword via ldapmodify. This script uses a really long salt and ldapmodify, and the crypted passwds coming out of it would be quite long (maybe 2x as long as ldappasswd-created passwds), so I changed the script to use a very basic 2-char salt, and things have started working!

- Matt