On Tue, 2006-11-28 at 11:28 +1000, Matt Stucky (Office) wrote: > As I understand it, the password chat is only used with "unix password > sync" and is not used with "ldap passwd sync". ---- I missed that detail - I use unix password sync and have never used ldap password sync and thus the chat. ---- > > Are you using MD5 for your passwords? ---- no - crypt ---- > -Matt ---- Craig ---- > > Craig White wrote: > > On Tue, 2006-11-28 at 10:55 +1000, Matt Stucky (Office) wrote: > > > >> Hi All, > >> > >> I've set up FDS as the ldap back end for a Samba PDC. It is working > >> well, but I'm having a problem with Windows users changing their > >> password from Windows. When I use "ldap passwd sync = yes" (in the > >> samba config) Windows users receive an error message when they attempt > >> to change their password. What actually happens is their Samba/NT > >> passwords are changed, but the posix password is not. If I use "ldap > >> passwd sync = no" (default) then the users can successfully change their > >> passwords but, as per the smb.conf man page, only the Samba/NT passwords > >> are changed, not the posix password. I have FDS, User Admin tool > >> (Webmin - LDAP users and Groups), and /etc/ldap.conf set to use MD5 for > >> password hashing. > >> > >> If, on the server I run "smbpasswd test_user" and attempt to change a > >> user's password that way; it gives me the error: > >> --------------- > >> ldapsam_modify_entry: LDAP Password could not be changed for user > >> test_user: Confidentiality required > >> Operation requires a secure connection. > >> > >> Failed to modify entry for user test_user. > >> Failed to modify password entry for user test_user > >> --------------- > >> > >> It looks like FDS requires SSL in order for a user's posix password to > >> be changed from Samba/Windows. I need to have the Samba and posix > >> passwords syncronized. Do I need to set up SSL for that to work, or is > >> there something else I am missing? I found a post where someone used > >> "unix password sync = yes" with smbldap-passwd for the password program > >> as a workaround for this same problem, but I would prefer the tidier and > >> simpler "ldap passwd sync = yes". Has anyone run into this and figured > >> out how to make it work? > >> > > ---- > > my guess is that you have something wrong with your 'password chat > > script' in smb.conf or possibly something amiss in smbldap configuration > > because it does work. > > > > Craig > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
