Re: Propagation of LDAP passwrod change to samba system

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Monday, 2 November 2009 15:03:29 pcinformace pcinformace wrote:
> Hi all,
>
> I am trying to set up LDAP + SAMBA to propagate password in both directions
> but unfortunately I have some small issues I do not know how to resolve.
>
> I set up LDAP and SAMBA server and I can connect to them ( all on one
> machine )
>
> I can connect to samba server and browse shares with
>
> smbclient //192.168.1.199/home -U user100
>
>
> Also I can connect using ssh  user100@192.168.1.199  ( wirt password I
> set up for user100 in LDAP system )
>
> where user "user100" is added to samba conf as samba user but its
> origin is from LDAP and it is is
> originally added using
>
> ldapadd -c -x -D cn=admin,dc=testdomain,dc=net -W -f user100.ldif
> ldappasswd -x -D cn=admin,dc=testdomain,dc=net -W -S
> uid=user100,ou=people,dc=testdomain,dc=net
>
>
> I can change password for user   "user100" once logged over ssh using
> "passwd" and this new password apply only on LDAP part,

If you enabled the smbk5pwd overlay, and assuming you are using pam_ldap, and 
have configured pam_ldap to use the LDAP password modify extended operation to 
change passwords ("pam_password exop"), then this would change the samba 
password too.

> When logged over ssh to LDAM-SAMBA server as user "user100" and want
> to change password using smbpasswd I am getting error like
>
> smbpasswd
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> Unable to connect to SMB server on machine 127.0.0.1. Error was :
> NT_STATUS_CONNECTION_REFUSED.
> Failed to change password for user100
>
> I do not have address 127.0.0.1 set anywhere in samba configuration

See the -r option to smbpasswd.

> OS is debian stable and all packages are debian's ones

Let's hope debian ships smbk5pwd overlay (other distros do ....).

Regards,
Buchan