0

I am using Apache Directory Studio to administer a small LDAP database, and I am planning to stop using LAM for user and group management because it lacks groupOfUniqueNames support.

I have only one problem: how can I change SAMBA passwords? There is a tool that checks and generates hashes, but apparently it doesn't recognize SAMBA NTLM. Is there a script or something?

Thanks.

Improve this question

1 Answer 1

Reset to default
0

The best way to keep Samba and LDAP passwords in sync is to deploy the smbk5pwd overlay (despite the name, it can be configured without Kerberos), which updates Samba password hashes in response to LDAP Password Modify operations, and configure Samba with ldap password sync = only. Note that this depends on your clients properly issuing Password Modify operations and not simply writing to the userPassword attribute.

Improve this answer
2
  • Thanks! Will try it now. Do you know if Apache Directory Studio sends this command? Commented Aug 20, 2014 at 9:26
  • I don't use Apache DS so I can't say for sure, but it looks like it does not, as the ticket is open and unresolved: issues.apache.org/jira/browse/DIRSTUDIO-648 Commented Aug 20, 2014 at 18:36

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.