[Bug 885758] Re: 'ldap passwd sync = yes' and ldap password not updated
Serge Hallyn
885758 at bugs.launchpad.net
Thu Nov 10 03:54:47 UTC 2011
** Changed in: samba (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/885758
Title:
'ldap passwd sync = yes' and ldap password not updated
Status in “samba” package in Ubuntu:
New
Bug description:
After upgrading a server (with ubuntu server) to lucid from previous LTS (hardy?), users start complain that, after changing passwords, windows works but other services (imap, ssh, ...) not.
After some hours of test, i've discovered that simply the NT/LM password got updated, the 'POSIX' ldap one not.
Running 'smbpasswd -D 5 gaio' lead to:
smbldap_check_root_dse: Expected one rootDSE, got 0
some other googling take me to the needs to add another ACL, so i've added:
access to attrs=namingcontexts
by * read
and now works.
Some notes:
1) i don't know if this is the correct/best ACL to add, and if this is a bug 'per se' or a side effects of the upgrade: i've no other lucid system to test with...
2) this is probably a 'openldap upgrade bug'
3) this is mainly a samba bug, i think: if i set 'ldap passwd sync = yes' and ldap password fail, i this it is better to reject the entire password changing operation, not to have ''half-changed'' password.
I've marked also the ''security bug'' check because i think that this
is a security issue: sysadmin could set a dumb password for a first
logon, then users change immediately but the dumb password remains for
all non-windows services.
thanks.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/885758/+subscriptions
More information about the foundations-bugs
mailing list