Hi All,
I've set up FDS as the ldap back end for a Samba PDC. It is working
well, but I'm having a problem with Windows users changing their
password from Windows. When I use "ldap passwd sync = yes" (in the
samba config) Windows users receive an error message when they attempt
to change their password. What actually happens is their Samba/NT
passwords are changed, but the posix password is not. If I use "ldap
passwd sync = no" (default) then the users can successfully change their
passwords but, as per the smb.conf man page, only the Samba/NT passwords
are changed, not the posix password. I have FDS, User Admin tool
(Webmin - LDAP users and Groups), and /etc/ldap.conf set to use MD5 for
password hashing.
If, on the server I run "smbpasswd test_user" and attempt to change a
user's password that way; it gives me the error:
---------------
ldapsam_modify_entry: LDAP Password could not be changed for user
test_user: Confidentiality required
Operation requires a secure connection.
Failed to modify entry for user test_user.
Failed to modify password entry for user test_user
---------------
It looks like FDS requires SSL in order for a user's posix password to
be changed from Samba/Windows. I need to have the Samba and posix
passwords syncronized. Do I need to set up SSL for that to work, or is
there something else I am missing? I found a post where someone used
"unix password sync = yes" with smbldap-passwd for the password program
as a workaround for this same problem, but I would prefer the tidier and
simpler "ldap passwd sync = yes". Has anyone run into this and figured
out how to make it work?
- Matt
