Hi
* Buchan Milne <bgmilne@staff.telkomsa.net> [17.02.2010 15:24]:
> On Wednesday, 17 February 2010 11:31:42 Ralf Zimmermann wrote:
> > Hi Christian,
> >
> > * Christian Manal <moenoel@informatik.uni-bremen.de> [16.02.2010 16:41]:
> > > > ok. I read it ;-) The Samba Server is a Sles11 with
> > > > openldap2-2.4.12 and Samba-3.4.5. The Samba Server is not the LDAP
> > > > Master. This is another Server with a self compiled openldap-2.4.20.
> > > > The Samba Server runs with the Sles11 shipped openLDAP version. There
> > > > it doesn't exits a smbk5pwd overlay.
> > > >
> > > > I think that I must compile and configure the overlay only on the Samba
> > > > Server. Is this correct? Ups and also on the BDC's?
> > >
> > > The overlay has to be installed on the LDAP master. Wouldn't make sense
> > > otherwise, since slaves are usually read-only.
> >
> > the overlay smbk5pwd does not really work in this szenario. I have
> > compiled heimdal
>
> Why? Do you need LDAP password changes to change Heimdal passwords (IOW, did
> you have a Heimdal installation before)?
>
> What version did you install?
i have installed heimdal-1.3.2rc2.
>
> > on Sles11 and compiled the smbk5pwd with make and make
> > install.
>
> From the same source used to build slapd on the box the module runs under?
Yes, I have compiled it under openldap-2.4.20.
> > <snip Makefile>
> > DEFS=-DDO_SAMBA
>
> So, you shouldn't need Heimdal at all ...
I compiled it yet with:
DEFS=-DDO_SAMBA
HEIMDAL_INC=
HEIMDAL_LIB=
> Well, without Heimdal has been working perfectly for me for a long time.
My problem was, that I must do a password change twice. I have searched the
wholy day. After restarting the slapd on the Samba Server all works fine. Now
I'm searching for the problem. On the Server is a backup software installed
that can make problems.
The problem exists with ldappasswd too. I must change a password twice. After
the second change the Master makes a password modify. After restarting the
slapd on the Samba server I can change the password from the Samba server
without problems.
And on the slaves was a ppolicy overlay configured. I have changed this.
> At times (e.g. 1.3.0 without patches), heimdal API changes have broken the
> Heimdal support in smbk5pwd.
>
> Note that some distributions ship recent OpenLDAP with a working (at least for
> samba) smbk5pwd, others include a smbk5pwd with Heimdal support as well.
I take the source from openLDAP.org.
Regards,
Ralf Zimmermann
--
.''`. Ralf Zimmermann
: :' : SIEGNETZ.IT GmbH
`. `' Schneppenkauten 1a
`- 57076 Siegen
Tel.: +49 271 68193 13
Fax.: +49 271 68193 29
Amtsgericht Siegen HRB4838
Geschaeftsfuehrer: Oliver Seitz
Sitz der Gesellschaft ist Siegen
Attachment:
signature.asc
Description: Digital signature