[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Propagation of LDAP passwrod change to samba system

pcinformace pcinformace wrote:
> I am trying to set up LDAP + SAMBA

I assume this is Samba3. Is it an OpenLDAP server?

> Question is how can I make it reversible, so when I change password 
> connected via ssh to be propagated to samba system and to use that new 
> password for accessing samba shares.

For the LDAP bind (used by ssh) the attribute 'userPassword' has to be set
when changing the password. For Samba3 the attribute(s) sambaNTPassword (and
optionally sambaLMPassword) have to be set with a pre-calculated hash.

I'd recommend to set up OpenLDAP with overlay slapo-smbk5pwd which you have to
build separately and is found in directory contrib/slapd-modules/smbk5pwd of
the source distribution. This overlay intercepts the Password Modify extended
operation and sets userPassword and the Samba password attribute(s). So you
have to tell pam_ldap to use ext. op. when setting a new password.

Ciao, Michael.

Michael Ströder
E-Mail: michael@stroeder.com