Hi,

empirium schrieb:
> I have a samba 3 working as a PDC with Ldap as a authentication backend.
> I have a such problem, when user in windows try to change password to
> samba by ctr+alt+delete, password is changing (password is also sync and
> it works fine ), but the ldap attribute shadowLastChange doesnt change.
> What is wrong?

Maybe the user you use to connect to LDAP is not allowed to write this
attribute. Have a look to your LDAP configuration.


Regards
Marc

--
Marc Muehlfeld (Leitung Systemadministration)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Marc Muehlfeld napisa³(a):
> Hi,
>
> empirium schrieb:
>> I have a samba 3 working as a PDC with Ldap as a authentication backend.
>> I have a such problem, when user in windows try to change password to
>> samba by ctr+alt+delete, password is changing (password is also sync
>> and it works fine ), but the ldap attribute shadowLastChange doesnt
>> change.
>> What is wrong?
>
> Maybe the user you use to connect to LDAP is not allowed to write this
> attribute. Have a look to your LDAP configuration.
>
>
> Regards
> Marc
>
is slapd.conf I have
access to *
by self write
by users read
by anonymous auth

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Hi,

empirium schrieb:
> is slapd.conf I have
> access to *
> by self write
> by users read
> by anonymous auth

You don't have special ACLs for the user samba uses for connecting to LDAP?

Something like
access to attr=uid,uidNumber,gidNumber,cn,homeDirectory,.... ..
by dn="uid=samba,ou=Users,dc=mydomain,dc=de" write
by anonymous read
by * none

Or try adding the user to your "*" ACL for letting this user write everywhere,
if you know what this could result in.


Regards
Marc


--
Marc Muehlfeld (Leitung Systemadministration)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

On Tue, 2007-09-11 at 08:21 +0200, empirium wrote:
> Hello
> I have a samba 3 working as a PDC with Ldap as a authentication backend.
> I have a such problem, when user in windows try to change password to
> samba by ctr+alt+delete, password is changing (password is also sync and
> it works fine ), but the ldap attribute shadowLastChange doesnt change.
> What is wrong?

Is it meant to?

Samba updates it's attributes - if you changed the LDAP password too,
then perhaps you should look into a server side module that might also
update that value?

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBG5kq0z4A8Wyi0NrsRAmOkAKCctEiob1SBw0o3J0fZCt R4wHV0YACfdk/F
Kfc9G2THey1N/Mrr5QmQgV8=
=/kis
-----END PGP SIGNATURE-----

>>>>> "Andrew" == Andrew Bartlett writes:

>> I have a samba 3 working as a PDC with Ldap as a authentication backend.
>> I have a such problem, when user in windows try to change password to
>> samba by ctr+alt+delete, password is changing (password is also sync and
>> it works fine ), but the ldap attribute shadowLastChange doesnt change.
>> What is wrong?

Andrew> Is it meant to?

Andrew> Samba updates it's attributes - if you changed the LDAP password too,
Andrew> then perhaps you should look into a server side module that might also
Andrew> update that value?

I haven't investigated in detail yet, but I have noticed the same thing.

>From memory (I don't have a box to test this in conveniently available
right now), the password is updated (so I don't think it is a
permission issue), but the user can't log in because the password is
still marked as expired, and Windows asks the user to change there
password again.

I have changed various things since then, really need to try it again.
--
Brian May

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

>>>>> "Brian" == Brian May writes:

Andrew> Is it meant to?

Whenever the shadow password is updated, shadowLastChange should get
updated too.

Brian> I have changed various things since then, really need to try it again.

Unfortunately, my computer appears to be ignoring shadow password
expiry at the moment (it was working...), so I am unable to test the
same scenario that caused me grief before.

I am able to confirm though, if the Samba password has expired, and I
change the password on log in, it updates both the Samba and Shadow
passwords, but it does not update shadowLastChange.
--
Brian May

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba