Syncing DS 389's userPassword with Samba 4's sambaNTPassword

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Folks,


I'm running DS-389 (version: 1.3.7.5 ; Build: 2018.178.1311) on a Cent OS 7 (vs. 7.6.1810) system.  

I've been working through creating a Samba 4 server and using LDAP authentication to my DS-389 server.   I've managed to get through
most everything but I'm running  into an issue with how passwords are working.

>From the Samba box I can user the command "smbpasswd -a testuser" and it will change the Samba NT password internal to the DS-389 system
along with the LDAP userPassword.

I can then use this new password to login to linux systems using ssh and into my Samba shares from a Windows 10 system.

But this isn't how I want the system to run.....

I want to be able to change the LDAP password (userPassword) and have that then update the sambaNTPassword.

I have been googling for days and ran across the suggestion to use the smbkrb5pwd overlay but that looks specific to openldap and not DS-389.

I know there must be a way to update the userPassword field and have that push out to the samba password but I can't find anything useful.

I'm hoping folks might have some suggestions on how to get the two passwords to sync.    My smb.conf file looks like the following (scrubbed for
security):

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
        workgroup = SAMBA
        security = user

        passdb backend = ldapsam:ldap://192.168.1.10

        ldap suffix = dc=abc,dc=edu
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap delete dn = no
        ldap admin dn = cn=Directory Manager
        ldap passwd sync = Yes
        ldap ssl = start_tls

        log level = 5 passdb:5 auth:5

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

        unix charset = UTF-8
        dos charset = CP932

        hosts allow = 127. 192.168.1. 

#       max protocol = SMB2

        map to guest = Bad User

[homes]
        valid users = @smbgroup
        browsable = no
        writable = yes


[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No


[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775


[Anonymous share]
        path = /samba/anonymous_share
        writable = yes
        browsable = yes
        guest ok = yes
        guest only = yes
        create mode = 0777
        directory mode = 0777


Thanks in advance!

(Sincere apologies for the multiple entries.  I don't post often and it seems the original post got garbled)
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux