Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Users can't change password using smbldap-pwd in Lucid [Samba + OpenLDAP]

  1. #11
    Join Date
    Jul 2009
    Beans
    33

    Re: Users can't change password using smbldap-pwd in Lucid [Samba + OpenLDAP]

    ldapmodify -v -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -W -f /tmp/modify

    I ran above 3 times using different version of /tmp/modify each time.
    Code:
    dn: olcDatabase={1}hdb,cn=config
    changetype: modify
    delete: olcAccess
    olcAccess: {0}
    Code:
    dn: olcDatabase={1}hdb,cn=config
    changetype: modify
     delete: olcAccess
     olcAccess:
    Code:
    dn: olcDatabase={1}hdb,cn=config
    add: olcAccess
    olcAccess: to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword by dn="cn=admin,dc=pdc" write by anonymous auth by self write by * none
    olcAccess: to attrs=shadowLastChange by self write by * read
    olcAccess: to dn.base="" by * read
    olcAccess: to * by dn="cn=admin,dc=pdc" write by * read
    finally now smbldap-passwd works for smb-ldap users (non root users)

    Code:
    smbldap-passwd 
    Identity validation...
    enter your UNIX password: 
    Changing UNIX and samba passwords for lee
    New password: 
    Retype new password:
    Last edited by upengan78; November 8th, 2010 at 11:33 PM.

  2. #12
    Join Date
    Mar 2005
    Beans
    45

    Re: Users can't change password using smbldap-pwd in Lucid [Samba + OpenLDAP]

    Quote Originally Posted by upengan78 View Post
    Code:
    dn: olcDatabase={1}hdb,cn=config
    add: olcAccess
    olcAccess: to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword by dn="cn=admin,dc=pdc" write by anonymous auth by self write by * none
    olcAccess: to attrs=shadowLastChange by self write by * read
    olcAccess: to dn.base="" by * read
    olcAccess: to * by dn="cn=admin,dc=pdc" write by * read
    finally now smbldap-passwd works for smb-ldap users (non root users)
    I tried to follow your instructions but got an error when I ran the 3rd ldapmodify config file


    Code:
    
    add olcAccess:
            to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword by dn="cn=admin,dc=xxx,dc=yyy,dc=org" write by anonymous auth by self write by * none
            to attrs=shadowLastChange by self write by * read
            to dn.base="" by * read
            to * by dn="cn=admin,dc=xxx,dc=yyy,dc=org" write by * read
    modifying entry "olcDatabase={1}hdb,cn=config"
    ldap_modify: Type or value exists (20)
            additional info: modify/add: olcAccess: value #1 already exists
    Last edited by goofrider; August 16th, 2011 at 11:08 AM.

  3. #13
    Join Date
    Mar 2005
    Beans
    45

    Re: Users can't change password using smbldap-pwd in Lucid [Samba + OpenLDAP]

    OK I figured it out. The steps in reply #11 is specific to the previously mentioned config. My config has the following olcAccess lines:

    Run:

    Code:
    $ sudo ldapsearch -v -Y EXTERNAL -H ldapi:/// -b cn=config
    The olcAccess lines in my config looks like this:

    Code:
    # {1}hdb, config
    ...
    olcAccess: {0}to dn.base="" by * read
    olcAccess: {1}to * by dn="cn=admin,dc=xxx,dc=org" write by * read
    ...
    The goal is to delete all olcAccess lines for # {1}hdb, config. I basically had to run step 1 twice and skip step 2.

    Save this to /tmp/modify1

    Code:
    dn: olcDatabase={1}hdb,cn=config
    changetype: modify
    delete: olcAccess
    olcAccess: {0}
    And run the following cmd twice:

    Code:
    $ sudo ldapmodify -v -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -W -f /tmp/modify1
    After which, run the previous ldapsearch cmd and make sure there's no olcAccess lines.

    Then save this to /tmp/modify3:

    Code:
    dn: olcDatabase={1}hdb,cn=config
    add: olcAccess
    olcAccess: to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword by dn="cn=admin,dc=xxx,dc=org" write by anonymous auth by self write by * none
    olcAccess: to attrs=shadowLastChange by self write by * read
    olcAccess: to dn.base="" by * read
    olcAccess: to * by dn="cn=admin,dc=xxx,dc=org" write by * read
    And run:

    Code:
    sudo ldapmodify -v -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -W -f /tmp/modify3
    Finally, run ldapsearch again to make sure all the aboce olcAccess lines were added to # {1}hdb, config.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •