Hi everybody!
After several tips in relation to the correct way of configuring samba with Fedora-DS, everything was going well. But a few days a go, i was trying to configure the CUPS, and as it did not initiate then i tried to remove it, reinstall it, and to update it with the commands "yum remove cups*", "yum install cups" and "yum update cups*". Since then, i observed that the "password change"(syncronism) stopped to function with an old error message (you don't have permission to change the password).
Here, the passwords synchronization between samba and Fedora-DS only worked with "pam password":
It will be that someone can help me?
This is the configuration that functioned normally until i reinstalled the CUPS. (because, it is the only different thing that "i remember" i can have done).
/etc/samba/smb.conf ## Sincronizacao de senhas samba com Linux via windows # ldap passwd sync = yes # here fails, i think it was because FDS doesn't have plugin for "pam_password exop" option. pam password change = yes unix password sync = Yes passwd chat = *New*password* %n *Retype*new*password* %n *passwd:*all*authentication*tokens*updated*successfully* passwd program = /usr/sbin/smbldap-passwd -u %u obey pam restrictions = no
/etc/ldap.conf base dc=sei,dc=intranet host 192.168.2.3 rootbinddn cn=Directory Manager # It was my only problem in the past, i forgot this line! timelimit 120 pam_lookup_policy yes ssl no pam_password crypt
/etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files netmasks: files networks: files protocols: files ldap rpc: files services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap aliases: files nisplus
/etc/openladap/ldap.conf URI ldap://127.0.0.1/ BASE dc=sei,dc=intranet
/etc/pam.d/system-auth
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run.
auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so
password requisite pam_cracklib.so retry=3 password sufficient pam_unix.so md5 shadow nullok use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so
session required pam_limits.so session required pam_unix.so session optional pam_ldap.so
Grateful for your attention, Agnaldo
389-users@lists.fedoraproject.org