Hi everybody!
After several tips in relation to the correct way of configuring samba with Fedora-DS, everything was going well. But a few days a go, i was trying to configure the CUPS, and as it did not initiate then i tried to remove it, reinstall it, and to update it with the commands "yum remove cups*", "yum install cups" and "yum update cups*". Since then, i observed that the "password change"(syncronism) stopped to function with an old error message (you don't have permission to change the password).
Here, the passwords synchronization between samba and Fedora-DS only worked with "pam password":
It will be that someone can help me?
This is the configuration that functioned normally until i reinstalled the CUPS. (because, it is the only different thing that "i remember" i can have done).
/etc/samba/smb.conf
## Sincronizacao de senhas samba com Linux via windows
# ldap passwd sync = yes # here fails, i think it was because FDS doesn't have plugin for "pam_password exop" option.
pam password change = yes
unix password sync = Yes
passwd chat = *New*password* %n *Retype*new*password* %n *passwd:*all*authentication*tokens*updated*successfully*
passwd program = /usr/sbin/smbldap-passwd -u %u
obey pam restrictions = no
/etc/ldap.conf
base dc=sei,dc=intranet
host 192.168.2.3
rootbinddn cn=Directory Manager # It was my only problem in the past, i forgot this line!
timelimit 120
pam_lookup_policy yes
ssl no
pam_password crypt
/etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
/etc/openladap/ldap.conf
URI ldap://127.0.0.1/
BASE dc=sei,dc=intranet
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so retry=3
password sufficient pam_unix.so md5 shadow nullok use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
Grateful for your attention,
Agnaldo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20071011/a2d45987/attachment.html
