Ulrich Spoerlein uspoerlein at
Fri Jun 6 19:02:45 UTC 2008

On Wed, 28.05.2008 at 19:11:06 -0300, Israel Lehnen Silva wrote:
> Friends,
> I have the following scenario:
> Server FreeBSD 7.0 Stable authenticating in one basis LDAP through of the
> PAM (pam_ldap and nss_ldap)
> In same server, have running the SAMBA 3.0.28 authenticating too in
> basis LDAP and using the scripts smbldap-tools.
> Tool LDAPAdmin for administration of basis LDAP.
> When chang the pass of user in basis LDAP trhough of LDAPAdmin,
> select th cryptograpy "MD5 Crypt" for the atribuct userPassword
> This way, I achieve log in the Windows and FreeBSD by terminal, ssh...
> but when chang pass of user by Windows, the cryptograpy of password in
> atribuct userPassword
> is chanded for SSHA and so not conect in FreeBSD, also just conect in
> windows.
> FreeBSD and SAMBA authenticating in LDAP,
> and changing the password by own user, not interfering in auth of ssh in
> FreeBSD...
> Someone implemented???


I think you have this backwards. At our setup, with active samba
password sync users can change their samba{LM,NT}passwords and have
their userPassword updated accordingly. Samba will not change the used
algorithm, though (we use {CRYPT}, don't ask ...)

The other way round though will only update the userPassword and not
change the samba{Lm,NT}passwords leading to the old password still being
valid for Windows.

We're using a small CGI script where our users can change (both)
passwords in their browser.

Ulrich Spoerlein
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.

More information about the freebsd-hackers mailing list