[Date Prev][Date Next] [Chronological] [Thread] [Top]

Propagation of LDAP passwrod change to samba system

Hi all,

I am trying to set up LDAP + SAMBA to propagate password in both directions
but unfortunately I have some small issues I do not know how to resolve.

I set up LDAP and SAMBA server and I can connect to them ( all on one machine )

I can connect to samba server and browse shares with

smbclient //192.168.1.199/home -U user100


Also I can connect using ssh  user100@192.168.1.199  ( wirt password I
set up for user100 in LDAP system )

where user "user100" is added to samba conf as samba user but its
origin is from LDAP and it is is
originally added using

ldapadd -c -x -D cn=admin,dc=testdomain,dc=net -W -f user100.ldif
ldappasswd -x -D cn=admin,dc=testdomain,dc=net -W -S
uid=user100,ou=people,dc=testdomain,dc=net


I can change password for user   "user100" once logged over ssh using
"passwd" and this new password apply only on LDAP part,

while password for samba is one set up using smbpasswd ( as root on system )


In smb.conf I addedd part
passdb backend = ldapsam:ldap://192.168.1.199
ldap admin dn = cn =admin,dc=testdomain,dc=net
ldap suffix = dc=testdomain,dc=net
ldap user suffix = ou=People
ldap group suffix = ou= Group
ldap machine suffix = ou= Computers
ldap password sync = yes

and in case I change password for user "user100" using smbpasswd (
logged as root ), it's password is propagated to LDAP and I can
use new password obtained with smbpasswd to log in over ssh---as I expect


When logged over ssh to LDAM-SAMBA server as user "user100" and want
to change password using smbpasswd I am getting error like

smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
Unable to connect to SMB server on machine 127.0.0.1. Error was :
NT_STATUS_CONNECTION_REFUSED.
Failed to change password for user100

I do not have address 127.0.0.1 set anywhere in samba configuration

output of testparm is bellow


Question is how can I make it reversible, so when I change password
connected via ssh to be propagated to samba system and to use that new
password
for accessing samba shares.

LDAP and SAMBA servers works ok indenpendently, I can log as LDAP
user, home directory is created upon login, connection to samba shares
works ok
only is question how to set up them to undersdand password of each other.

OS is debian stable and all packages are debian's ones


If someone know some hint I would be very thankful for any suggestions

Thank you and nice regards,


testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[home]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
	workgroup = TESTDOMAIN
	interfaces = 192.168.1.199/24, eth2
	bind interfaces only = Yes
	obey pam restrictions = Yes
	passdb backend = ldapsam:ldap://192.168.1.199
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	log level = 3
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 3000
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	domain logons = Yes
	dns proxy = No
	ldap admin dn = cn =admin,dc=testdomain,dc=net
	ldap group suffix = ou= Group
	ldap machine suffix = ou= Computers
	ldap passwd sync = Yes
	ldap suffix = dc=testdomain,dc=net
	ldap user suffix = ou=People
	panic action = /usr/share/samba/panic-action %d
	valid users = %S
	create mask = 0700
	directory mask = 0700

[home]
	comment = Users' home dir
	path = /home
	valid users = user100
	write list = user100