[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Invalid credentials: solved (finally!)
Hi,
Just a headsup in case someone has the same problem (and hoping this
gets archived into google).. I had an issue where folks could not do
user binds for authentication via crypt passwords, where we'd get
'Invalid credentials' errors when using ldap tools (ldapsearch,
ldapmodify, etc), but other tools and software (samba, mozilla, etc)
would work properly. As it turns out, we use a scripted web interface
to change passwords in order to maintain samba ntPassword and lmPassword
entries (we use samba as a PDC as well), which would run smbpasswd with
a password script that would mangle the ldap entry's userPassword via
ldapmodify. This script uses a really long salt and ldapmodify, and the
crypted passwds coming out of it would be quite long (maybe 2x as long
as ldappasswd-created passwds), so I changed the script to use a very
basic 2-char salt, and things have started working!
Cheers,
- Matt