[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy & sambaNTPassword



Hi

* Buchan Milne <bgmilne@staff.telkomsa.net> [17.02.2010 15:24]:
> On Wednesday, 17 February 2010 11:31:42 Ralf Zimmermann wrote:
> > Hi Christian,
> > 
> > * Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:41]:
> > > > ok.  I read  it ;-)  The Samba  Server is  a Sles11  with
> > > > openldap2-2.4.12  and Samba-3.4.5. The  Samba Server is not  the LDAP
> > > > Master. This  is another Server with a  self compiled  openldap-2.4.20.
> > > > The  Samba Server runs with  the Sles11 shipped openLDAP version. There
> > > > it doesn't exits a smbk5pwd overlay.
> > > >
> > > > I think that I must compile and configure the overlay only on the Samba
> > > > Server. Is this correct? Ups and also on the BDC's?
> > >
> > > The overlay has to be installed on the LDAP master. Wouldn't make sense
> > > otherwise, since slaves are usually read-only.
> > 
> > the overlay  smbk5pwd does not  really work in  this szenario. I  have
> >  compiled heimdal
> 
> Why? Do you need LDAP password changes to change Heimdal passwords (IOW, did 
> you have a Heimdal installation before)?
> 
> What version did you install?

i have installed heimdal-1.3.2rc2. 

> 
> >  on Sles11 and compiled the smbk5pwd with make and make
> >  install.
> 
> From the same source used to build slapd on the box the module runs under?

Yes, I have compiled it under openldap-2.4.20.

> > <snip Makefile>
> > DEFS=-DDO_SAMBA
> 
> So, you shouldn't need Heimdal at all ...

I compiled it yet with:
DEFS=-DDO_SAMBA
HEIMDAL_INC=
HEIMDAL_LIB=

> Well, without Heimdal has been working perfectly for me for a long time.

My problem  was, that I must  do a password  change twice. I have  searched the
wholy day. After restarting  the slapd on the Samba Server  all works fine. Now
I'm searching  for the problem.  On the Server  is a backup  software installed
that can make problems.

The problem exists  with ldappasswd too. I must change  a password twice. After
the second  change the  Master makes  a password  modify. After  restarting the
slapd on  the Samba  server I  can change  the password  from the  Samba server
without problems. 

And on the slaves was a ppolicy overlay configured. I have changed this.

> At times (e.g. 1.3.0 without patches), heimdal API changes have broken the 
> Heimdal support in smbk5pwd.
> 
> Note that some distributions ship recent OpenLDAP with a working (at least for 
> samba) smbk5pwd, others include a smbk5pwd with Heimdal support as well.

I take the source from openLDAP.org.

Regards,
Ralf Zimmermann

--

 .''`.  Ralf Zimmermann
: :' :  SIEGNETZ.IT GmbH       	     
`. `'   Schneppenkauten 1a      
  `-    57076 Siegen   		
                               
	Tel.: +49 271 68193 13
	Fax.: +49 271 68193 29

	Amtsgericht Siegen HRB4838
	Geschaeftsfuehrer: Oliver Seitz
	Sitz der Gesellschaft ist Siegen
        

Attachment: signature.asc
Description: Digital signature