headers
David Markey | 1 May 2009 01:03

Re: Re: Samba does not change UNIX password after OpenLDAP server upgraded

I would imagine that you'll need to re-jig your ACLs in slapd.conf,

Please supply logs.

John Du wrote:
> John Du wrote:
>> Hi,
>>
>> I have been running Samba with OpenLDAP for a few years.  We recently
>> upgrade the OpenLDAP server from 2.2.13 to 2.4.11.
>>
>> When users change their passwords now, only the Windows password is
>> changed the UNIX password is not changed anymore.  Samba server does
>> not log any errors   The samba configuration file did not change when
>> the LDAP server was upgraded.
>>
>> I do have "ldap passwd sync =Yes" in smb.conf and it used to work fine.
>>
>> Has anyone seen this?
>>
>> If I use
>>
>> unix password sync = Yes
>> passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>> passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
>> new password*" %n\n"
>>
>> instead of "ldappasswd sync", what access control do I have to add to
>> the slapd.conf file?
>>
(Continue reading)

Permalink | Reply | 4 comments |
headers
John Du | 1 May 2009 01:23
Picon

Re: Re: Samba does not change UNIX password after OpenLDAP server upgraded

David Markey wrote:
> I would imagine that you'll need to re-jig your ACLs in slapd.conf,
>
> Please supply logs.
>
>   
Thank you very much.

I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows and 
UNIX password.  If the problem is ACL related, wouldn't I have the same 
problem with this tool?

When samba changes passwords, does the process run as root or as the 
user making the passwords change?

Thanks again.
>
> John Du wrote:
>   
>> John Du wrote:
>>     
>>> Hi,
>>>
>>> I have been running Samba with OpenLDAP for a few years.  We recently
>>> upgrade the OpenLDAP server from 2.2.13 to 2.4.11.
>>>
>>> When users change their passwords now, only the Windows password is
>>> changed the UNIX password is not changed anymore.  Samba server does
>>> not log any errors   The samba configuration file did not change when
>>> the LDAP server was upgraded.
(Continue reading)

Permalink | Reply | 3 comments |
headers
David Markey | 1 May 2009 01:28

Re: Re: Samba does not change UNIX password after OpenLDAP server upgraded

John Du wrote:
> David Markey wrote:
>> I would imagine that you'll need to re-jig your ACLs in slapd.conf,
>>
>> Please supply logs.
>>
>>   
> Thank you very much.
>
> I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
> and UNIX password.  If the problem is ACL related, wouldn't I have the
> same problem with this tool?
>
> When samba changes passwords, does the process run as root or as the
> user making the passwords change?

If you're using smbldap-passwd and unix password sync, it's done as
root. ldap passwd sync is done as the LDAP dn that you've configured in
smb.conf. It's much preferable to use ldap passwd sync.

 
>
> Thanks again.
>>
>> John Du wrote:
>>  
>>> John Du wrote:
>>>    
>>>> Hi,
>>>>
(Continue reading)

Permalink | Reply | 2 comments |
headers
John Du | 1 May 2009 01:45
Picon

Re: Re: Samba does not change UNIX password after OpenLDAP server upgraded

David Markey wrote:
> John Du wrote:
>   
>> David Markey wrote:
>>     
>>> I would imagine that you'll need to re-jig your ACLs in slapd.conf,
>>>
>>> Please supply logs.
>>>
>>>   
>>>       
>> Thank you very much.
>>
>> I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
>> and UNIX password.  If the problem is ACL related, wouldn't I have the
>> same problem with this tool?
>>
>> When samba changes passwords, does the process run as root or as the
>> user making the passwords change?
>>     
>
> If you're using smbldap-passwd and unix password sync, it's done as
> root. ldap passwd sync is done as the LDAP dn that you've configured in
> smb.conf. It's much preferable to use ldap passwd sync.
>
>   
I did not make myself clear. When I say I can use  smbldap-passwd to 
change password, I mean I can run the tool from the command line as 
root.  If I use smbldap-passwd  and unix passwd sync in smb.conf, I get 
a "you do not have permission to change password" message when
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jorgen Lundman | 1 May 2009 02:00
Picon
Favicon

Re: User friendly URLs to shares


Yes, we did manage to get that working with "net use" but how would you 
package it to users, so preferably it is something they just click on, 
either from a www-page, email message or possibly "save this to desktop 
and double click". When using "net use" it wouldn't exactly popup a 
requestor and ask for your password. (Unless you mean that horrible DOS 
box).

Is there no way to make it as nice as OsX and Linux? You just click the 
smb:// link and it asks for password in a popup?

Lund

Gerald Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jorgen,
> 
>> \\host\share and file://host/share don't seem to work, and has nowhere
>> for the username part to be included.
> 
> You can encode the username as an arg in the
> "net use * \\host\share /user:DOMAIN\username"
> 
> 
> 
> cheers, jerry
> - --
> =====================================================================
(Continue reading)

Permalink | Reply | 4 comments |
headers
Thierry Lacoste | 1 May 2009 02:07
Picon
Favicon

Re: Re: Samba does not change UNIX password after OpenLDAP server upgraded


On 1 mai 09, at 01:45, John Du wrote:

> David Markey wrote:
>> John Du wrote:
>>
>>> David Markey wrote:
>>>
>>>> I would imagine that you'll need to re-jig your ACLs in slapd.conf,
>>>>
>>>> Please supply logs.
>>>>
>>>>
>>> Thank you very much.
>>>
>>> I can use /opt/IDEALX/sbin/smbldap-passwd to change both the Windows
>>> and UNIX password.  If the problem is ACL related, wouldn't I have  
>>> the
>>> same problem with this tool?
>>>
>>> When samba changes passwords, does the process run as root or as the
>>> user making the passwords change?
>>>
>>
>> If you're using smbldap-passwd and unix password sync, it's done as
>> root. ldap passwd sync is done as the LDAP dn that you've  
>> configured in
>> smb.conf. It's much preferable to use ldap passwd sync.
>>
>>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael Heydon | 1 May 2009 02:19
Picon

Re: User friendly URLs to shares

Jorgen Lundman wrote:
> possibly "save this to desktop and double click".
vbscript, although a lot of mail servers will block it.

*Michael Heydon - IT Administrator *
michaelh <at> jaswin.com.au <mailto:michaelh <at> jaswin.com.au>

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 3 comments |
headers
David Meakins | 1 May 2009 02:34
Picon
Picon
Favicon

Re: User friendly URLs to shares

alternatively create a php/asp/perl/something script on an internal web 
server that generates a vbs file based on a http get var, email a custom 
link to each user

eg email the following link to user 'john.smith'
Dear john.smith, please click on the link below and save the resulting 
file to your desktop
http://internal.example.com/generate_script?username=john.smith

and they get a file called "Connect to Share.vbs" that they can double 
click on

david

Michael Heydon wrote:
> Jorgen Lundman wrote:
>> possibly "save this to desktop and double click".
> vbscript, although a lot of mail servers will block it.
>
>
> *Michael Heydon - IT Administrator *
> michaelh <at> jaswin.com.au <mailto:michaelh <at> jaswin.com.au>
>

--
| Judicial Commission of NSW | Ph: +61 2 9299 4421 | Fax: +61 2 9290 3194 |

This Message is intended for the addressee named and may contain confidential information. If you are not
the intended recipient, please delete it and notify the sender.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Jorgen Lundman | 1 May 2009 02:52
Picon
Favicon

Re: User friendly URLs to shares


That'd be perfectly acceptable, since user's navi already run on php 
cluster. What magic is needed in the .vbs file?

Lund

David Meakins wrote:
> alternatively create a php/asp/perl/something script on an internal web 
> server that generates a vbs file based on a http get var, email a custom 
> link to each user
> 
> eg email the following link to user 'john.smith'
> Dear john.smith, please click on the link below and save the resulting 
> file to your desktop
> http://internal.example.com/generate_script?username=john.smith
> 
> and they get a file called "Connect to Share.vbs" that they can double 
> click on
> 
> david
> 
> Michael Heydon wrote:
>> Jorgen Lundman wrote:
>>> possibly "save this to desktop and double click".
>> vbscript, although a lot of mail servers will block it.
>>
>>
>> *Michael Heydon - IT Administrator *
>> michaelh <at> jaswin.com.au <mailto:michaelh <at> jaswin.com.au>
>>
(Continue reading)

Permalink | Reply | 1 comment |
headers
David Meakins | 1 May 2009 03:10
Picon
Picon
Favicon

Re: User friendly URLs to shares

probably need to use at least the following

WScript.Network object to unmap existing network drives and to map new 
network drive. specifically the RemoveNetworkDrive and MapNetworkDrive 
methods.
http://msdn.microsoft.com/en-us/library/d16d7wbf(VS.85).aspx
http://msdn.microsoft.com/en-us/library/8kst88h6(VS.85).aspx

Shell.Application object to rename your new network drive to something sane.
http://msdn.microsoft.com/en-us/library/bb774094(VS.85).aspx

david

Jorgen Lundman wrote:
>
> That'd be perfectly acceptable, since user's navi already run on php 
> cluster. What magic is needed in the .vbs file?
>
> Lund
>
> David Meakins wrote:
>> alternatively create a php/asp/perl/something script on an internal 
>> web server that generates a vbs file based on a http get var, email a 
>> custom link to each user
>>
>> eg email the following link to user 'john.smith'
>> Dear john.smith, please click on the link below and save the 
>> resulting file to your desktop
>> http://internal.example.com/generate_script?username=john.smith
>>
(Continue reading)

Permalink | Reply | 0 comments |

Gmane