[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ppolicy & sambaNTPassword
Ralf Zimmermann schrieb:
> Hi Christian,
>
> * Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:18]:
>> Ralf Zimmermann schrieb:
>>> Hi Christian,
>>>
>>> * Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:05]:
>>>>> the option 'ldap passwd sync' is set to yes. I will looking to the overlay
>>>>> smbk5pwd again. But I think it will not resolve the problem because samba makes
>>>>> a modify for the samba attributes.
>>>>>
>>>>> We have a default ppolicy. But this policy works only with pwdAttribute
>>>>> userPassword not with sambaNTPassword. The problem is, that a User can change
>>>>> his password with a Windows Client. The sambaNTPassword is always set whatever
>>>>> in the policy is configured.
>>>>>
>>>> If you set 'ldap passwd sync' to 'only' the Samba server triggers an
>>>> extended operation for password change and doesn't touch the Samba
>>>> attributes. smbk5pwd will take care of the Samba passwords.
>>>>
>>>>
>>>> Best regards,
>>>> Christian Manal
>>> thanks, I take a look at smbk5pwd. Must I install heimdal kerberos? I need it
>>> only for samba and we have installed mit kerberos.
>>>
>>>
>> You can disable Kerberos support in the Makefile.
>
> ok. I read it ;-) The Samba Server is a Sles11 with openldap2-2.4.12 and
> Samba-3.4.5. The Samba Server is not the LDAP Master. This is another Server
> with a self compiled openldap-2.4.20. The Samba Server runs with the Sles11
> shipped openLDAP version. There it doesn't exits a smbk5pwd overlay.
>
> I think that I must compile and configure the overlay only on the Samba Server.
> Is this correct? Ups and also on the BDC's?
>
The overlay has to be installed on the LDAP master. Wouldn't make sense
otherwise, since slaves are usually read-only.
Best regards,
Christian Manal