[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy & sambaNTPassword



Hi Christian,

* Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:18]:
> Ralf Zimmermann schrieb:
> > Hi Christian,
> > 
> > * Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:05]:
> >>> the option  'ldap passwd sync'  is set  to yes. I  will looking to  the overlay
> >>> smbk5pwd again. But I think it will not resolve the problem because samba makes
> >>> a modify for the samba attributes.
> >>>
> >>> We  have a  default  ppolicy.  But this  policy  works  only with  pwdAttribute
> >>> userPassword not with  sambaNTPassword. The problem is, that a  User can change
> >>> his password with a Windows Client.  The sambaNTPassword is always set whatever
> >>> in the policy is configured.
> >>>
> >> If you set 'ldap passwd sync' to 'only' the Samba server triggers an
> >> extended operation for password change and doesn't touch the Samba
> >> attributes. smbk5pwd will take care of the Samba passwords.
> >>
> >>
> >> Best regards,
> >> Christian Manal
> > 
> > thanks, I take a  look at smbk5pwd. Must I install heimdal  kerberos? I need it
> > only for samba and we have installed mit kerberos.
> > 
> >
> 
> You can disable Kerberos support in the Makefile.

ok.  I read  it ;-)  The Samba  Server is  a Sles11  with openldap2-2.4.12  and
Samba-3.4.5. The  Samba Server is not  the LDAP Master. This  is another Server
with a  self compiled  openldap-2.4.20. The  Samba Server runs with  the Sles11
shipped openLDAP version. There it doesn't exits a smbk5pwd overlay.

I think that I must compile and configure the overlay only on the Samba Server.
Is this correct? Ups and also on the BDC's?

Thanks
Ralf Zimmermann

--

 .''`.  Ralf Zimmermann
: :' :  SIEGNETZ.IT GmbH       	     
`. `'   Schneppenkauten 1a      
  `-    57076 Siegen   		
                               
	Tel.: +49 271 68193 13
	Fax.: +49 271 68193 29

	Amtsgericht Siegen HRB4838
	Geschaeftsfuehrer: Oliver Seitz
	Sitz der Gesellschaft ist Siegen
        

Attachment: signature.asc
Description: Digital signature