As I understand it, the password chat is only used with "unix password
sync" and is not used with "ldap passwd sync".
Are you using MD5 for your passwords?
-Matt
Craig White wrote:
On Tue, 2006-11-28 at 10:55 +1000, Matt Stucky (Office) wrote:
> Hi All,
>
> I've set up FDS as the ldap back end for a Samba PDC. It is working
> well, but I'm having a problem with Windows users changing their
> password from Windows. When I use "ldap passwd sync = yes" (in the
> samba config) Windows users receive an error message when they attempt
> to change their password. What actually happens is their Samba/NT
> passwords are changed, but the posix password is not. If I use "ldap
> passwd sync = no" (default) then the users can successfully change their
> passwords but, as per the smb.conf man page, only the Samba/NT passwords
> are changed, not the posix password. I have FDS, User Admin tool
> (Webmin - LDAP users and Groups), and /etc/ldap.conf set to use MD5 for
> password hashing.
>
> If, on the server I run "smbpasswd test_user" and attempt to change a
> user's password that way; it gives me the error:
> ---------------
> ldapsam_modify_entry: LDAP Password could not be changed for user
> test_user: Confidentiality required
> Operation requires a secure connection.
>
> Failed to modify entry for user test_user.
> Failed to modify password entry for user test_user
> ---------------
>
> It looks like FDS requires SSL in order for a user's posix password to
> be changed from Samba/Windows. I need to have the Samba and posix
> passwords syncronized. Do I need to set up SSL for that to work, or is
> there something else I am missing? I found a post where someone used
> "unix password sync = yes" with smbldap-passwd for the password program
> as a workaround for this same problem, but I would prefer the tidier and
> simpler "ldap passwd sync = yes". Has anyone run into this and figured
> out how to make it work?
>
----
my guess is that you have something wrong with your 'password chat
script' in smb.conf or possibly something amiss in smbldap configuration
because it does work.
Craig
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users