LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Samba and OpenLDAP does not change userPassword (http://www.linuxquestions.org/questions/linux-server-73/samba-and-openldap-does-not-change-userpassword-806297/)

mcrites 05-06-2010 07:30 AM

Samba and OpenLDAP does not change userPassword
 
I have OpenLDAP 2.4.12 and Samba 3.5.1 installed. When I try to change the password with smbpasswd, it changes the Windows password fine. But userPassword is not updated in LDAP. The error message is: "smbldap_check_root_dse: Expected one rootDSE, got 0" when I run smbpasswd -D 10 <username>.

I added the following to slapd.conf:

access to dn.base=""
by * read
password-hash {md5}

in hopes of allowing samba to read the root DSE, even though Samba is configured with the root DN.

Any ideas on how to make samba find what it needs in the root DSE of my LDAP server?

Blue_Ice 05-06-2010 10:19 AM

Did you add the following parameter to your samba configuration?

Code:

ldap passwd sync = yes
By the way, it is easier for us to help you, when you post your configuration here as well.

mcrites 05-07-2010 06:43 AM

Unfortunately it is not easy for me to post the configs because they are on an internal testing network with no Internet connection. I do have ldap passwd sync = yes in smb.conf which makes samba try to update userPassword in LDAP. But I get the above message "smbldap_check_root_dse: Expected one rootDSE, got 0". This worked with older versions of OpenLDAP and Samba, so I was wondering if there is some configuration change I need to make to OpenLDAP to get Samba to update the userPassword LDAP attribute.

Blue_Ice 05-07-2010 07:45 AM

As said before, to be of any help we need the configuration files. Your problem can be caused by many things or even combinations of things. We can guess, but I think you have more chances to win in a casino.

mcrites 05-12-2010 06:12 AM

Just in case this helps other people, it was a config issue with PAM. I forgot to configure /etc/pam.d/samba to use LDAP.


All times are GMT -5. The time now is 11:29 PM.