'ldap passwd sync = yes' and ldap password not updated
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| samba (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Bug Description
After upgrading a server (with ubuntu server) to lucid from previous LTS (hardy?), users start complaining that, after changing passwords, windows works but other services (imap, ssh, ...) don't.
After some hours of testing, I've discovered that simply the NT/LM password got updated, the 'POSIX' ldap one did not.
Running 'smbpasswd -D 5 gaio' lead to:
smbldap_
some other googling take me to the needs to add another ACL, so i've added:
access to attrs=namingcon
by * read
and now works.
Some notes:
1) I don't know if this is the correct/best ACL to add, and if this is a bug 'per se' or a side effects of the upgrade: I have no other lucid system to test with...
2) This is probably a 'openldap upgrade bug'.
3) This is mainly a samba bug, I think: if I set 'ldap passwd sync = yes' and ldap password fails. If it is better to reject the entire password changing operation, to not have a ''half-changed'' password.
I've marked also the ''security bug'' check because I think that this is a security issue: sysadmin could set a dumb password for a first login, then users change immediately but the dumb password remains for all non-windows services.
thanks.
| security vulnerability: | yes → no |
| security vulnerability: | yes → no |
| visibility: | private → public |
| visibility: | private → public |
| Changed in samba (Ubuntu): | |
| importance: | Undecided → Medium |
| description: | updated |
| dino99 (9d9) wrote | #1 |
| Changed in samba (Ubuntu): | |
| status: | New → Invalid |
This version has expired long times ago, and so will never get support