[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy & sambaNTPassword

Hi Christian,

* Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:41]:
> > ok.  I read  it ;-)  The Samba  Server is  a Sles11  with openldap2-2.4.12  and
> > Samba-3.4.5. The  Samba Server is not  the LDAP Master. This  is another Server
> > with a  self compiled  openldap-2.4.20. The  Samba Server runs with  the Sles11
> > shipped openLDAP version. There it doesn't exits a smbk5pwd overlay.
> > 
> > I think that I must compile and configure the overlay only on the Samba Server.
> > Is this correct? Ups and also on the BDC's?
> > 
> The overlay has to be installed on the LDAP master. Wouldn't make sense
> otherwise, since slaves are usually read-only.

the overlay  smbk5pwd does not  really work in  this szenario. I  have compiled
heimdal on Sles11 and compiled the smbk5pwd with make and make install.

<snip Makefile>

LDAP_INC=-I../../../include -I../../../servers/slapd

HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
LDAP_LIB=-lldap_r -llber

Then I add 'moduleload smbk5pwd.la' and  in the hdb section 'overlay smbk5pwd'.
After this  I create the online  configuration with 'slaptest -d1  -f ...'. All
looks fine. slapd  starts without a error message. I  change the smb.conf 'ldap
passwd sync = yes' to 'ldap passwd sync = Only'.

With  the overlay  smbk5pwd nothing  happens when  I change  a password  over a
Windows Client. Without the overlay I can see the PASSMOD for the user.

Any idea?

Ralf Zimmermann


 .''`.  Ralf Zimmermann
: :' :  SIEGNETZ.IT GmbH       	     
`. `'   Schneppenkauten 1a      
  `-    57076 Siegen   		
	Tel.: +49 271 68193 13
	Fax.: +49 271 68193 29

	Amtsgericht Siegen HRB4838
	Geschaeftsfuehrer: Oliver Seitz
	Sitz der Gesellschaft ist Siegen

Attachment: signature.asc
Description: Digital signature