Hi Christian,
* Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:18]:
> Ralf Zimmermann schrieb:
> > Hi Christian,
> >
> > * Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:05]:
> >>> the option 'ldap passwd sync' is set to yes. I will looking to the overlay
> >>> smbk5pwd again. But I think it will not resolve the problem because samba makes
> >>> a modify for the samba attributes.
> >>>
> >>> We have a default ppolicy. But this policy works only with pwdAttribute
> >>> userPassword not with sambaNTPassword. The problem is, that a User can change
> >>> his password with a Windows Client. The sambaNTPassword is always set whatever
> >>> in the policy is configured.
> >>>
> >> If you set 'ldap passwd sync' to 'only' the Samba server triggers an
> >> extended operation for password change and doesn't touch the Samba
> >> attributes. smbk5pwd will take care of the Samba passwords.
> >>
> >>
> >> Best regards,
> >> Christian Manal
> >
> > thanks, I take a look at smbk5pwd. Must I install heimdal kerberos? I need it
> > only for samba and we have installed mit kerberos.
> >
> >
>
> You can disable Kerberos support in the Makefile.
ok. I read it ;-) The Samba Server is a Sles11 with openldap2-2.4.12 and
Samba-3.4.5. The Samba Server is not the LDAP Master. This is another Server
with a self compiled openldap-2.4.20. The Samba Server runs with the Sles11
shipped openLDAP version. There it doesn't exits a smbk5pwd overlay.
I think that I must compile and configure the overlay only on the Samba Server.
Is this correct? Ups and also on the BDC's?
Thanks
Ralf Zimmermann
--
.''`. Ralf Zimmermann
: :' : SIEGNETZ.IT GmbH
`. `' Schneppenkauten 1a
`- 57076 Siegen
Tel.: +49 271 68193 13
Fax.: +49 271 68193 29
Amtsgericht Siegen HRB4838
Geschaeftsfuehrer: Oliver Seitz
Sitz der Gesellschaft ist Siegen
Attachment:
signature.asc
Description: Digital signature