[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Propagation of LDAP passwrod change to samba system

To: pcinformace pcinformace <pcinformace@gmail.com>
Subject: Re: Propagation of LDAP passwrod change to samba system
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 03 Nov 2009 07:49:58 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <d9ee01180911020603n6b4c3c14kab862f552f47f9a4@mail.gmail.com>
References: <d9ee01180911020603n6b4c3c14kab862f552f47f9a4@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.23) Gecko/20090823 SeaMonkey/1.1.18

pcinformace pcinformace wrote:
> I am trying to set up LDAP + SAMBA

I assume this is Samba3. Is it an OpenLDAP server?

> Question is how can I make it reversible, so when I change password 
> connected via ssh to be propagated to samba system and to use that new 
> password for accessing samba shares.

For the LDAP bind (used by ssh) the attribute 'userPassword' has to be set
when changing the password. For Samba3 the attribute(s) sambaNTPassword (and
optionally sambaLMPassword) have to be set with a pre-calculated hash.

I'd recommend to set up OpenLDAP with overlay slapo-smbk5pwd which you have to
build separately and is found in directory contrib/slapd-modules/smbk5pwd of
the source distribution. This overlay intercepts the Password Modify extended
operation and sets userPassword and the Samba password attribute(s). So you
have to tell pam_ldap to use ext. op. when setting a new password.

Ciao, Michael.

-- 
Michael Ströder
E-Mail: michael@stroeder.com
http://www.stroeder.com

Follow-Ups:
- Re: Propagation of LDAP passwrod change to samba system
  - From: pcinformace pcinformace <pcinformace@gmail.com>

References:
- Propagation of LDAP passwrod change to samba system
  - From: pcinformace pcinformace <pcinformace@gmail.com>

Prev by Date: Re: Propagation of LDAP passwrod change to samba system
Next by Date: Re: Propagation of LDAP passwrod change to samba system
Index(es):
- Chronological
- Thread