From owner-freebsd-hackers@FreeBSD.ORG Fri Jun 6 19:02:44 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E389B106566B for ; Fri, 6 Jun 2008 19:02:44 +0000 (UTC) (envelope-from uspoerlein@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.155]) by mx1.freebsd.org (Postfix) with ESMTP id 830F18FC12 for ; Fri, 6 Jun 2008 19:02:44 +0000 (UTC) (envelope-from uspoerlein@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so901578fgb.35 for ; Fri, 06 Jun 2008 12:02:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:received:received :date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=aJC1oRWS0JKWeBeUaSbjZqDVJPW+GGij3iZ7UqRs39k=; b=KaEAOKRNuaKVijN/9TL6RIHf5+NWgdUQ22y46gPPYYVklTJ7ik//Qx+si1V2XERHFr Csiks1QqolD5ljDi3YTrD6VjXaHWTxzkBlw+DA7AQ8DZ11l2M6VfsLfwEdqqY5tPLCn/ KShoPfYBGRjEITDaDpWkYSlye8mrw+gsBAApA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; b=YZSoB71tOix78sYD+qjoGOA+UOe3/IDiQO7/afm1Eis8b/Lb4c1jsMdqXxTAWj9td9 AW3WaEw/hiKcxIr5+vdr1kl7siu26wVJYfMPMlGuLIwcBh0RZHWB1LJOCIONJF90Uhwc 92qYNVMJdzmpee0R8BYkqGHMIoR0GnjPz3gpo= Received: by 10.86.63.19 with SMTP id l19mr827186fga.77.1212778963281; Fri, 06 Jun 2008 12:02:43 -0700 (PDT) Received: from acme.spoerlein.net ( [217.172.44.86]) by mx.google.com with ESMTPS id g28sm10993967fkg.1.2008.06.06.12.02.41 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 06 Jun 2008 12:02:41 -0700 (PDT) Received: from roadrunner.spoerlein.net (e180153005.adsl.alicedsl.de [85.180.153.5]) by acme.spoerlein.net (8.14.2/8.14.2) with ESMTP id m56J1kSw031199 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 6 Jun 2008 21:01:47 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Received: from roadrunner.spoerlein.net (localhost [127.0.0.1]) by roadrunner.spoerlein.net (8.14.2/8.14.2) with ESMTP id m56IrQdV009267 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Jun 2008 20:53:26 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Received: (from uqs@localhost) by roadrunner.spoerlein.net (8.14.2/8.14.2/Submit) id m56IrQSD009266; Fri, 6 Jun 2008 20:53:26 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Date: Fri, 6 Jun 2008 20:53:26 +0200 From: Ulrich Spoerlein To: Israel Lehnen Silva Message-ID: <20080606185326.GC1646@roadrunner.spoerlein.net> Mail-Followup-To: Israel Lehnen Silva , hackers@freebsd.org References: <5ce468b90805281511h2729be73l65dccdcfe13ad4db@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5ce468b90805281511h2729be73l65dccdcfe13ad4db@mail.gmail.com> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: hackers@freebsd.org Subject: Re: FreeBSD + LDAP + SAMBA + WINDOWS X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2008 19:02:45 -0000 On Wed, 28.05.2008 at 19:11:06 -0300, Israel Lehnen Silva wrote: > Friends, > > I have the following scenario: > > Server FreeBSD 7.0 Stable authenticating in one basis LDAP through of the > PAM (pam_ldap and nss_ldap) > In same server, have running the SAMBA 3.0.28 authenticating too in > basis LDAP and using the scripts smbldap-tools. > Tool LDAPAdmin for administration of basis LDAP. > > THE PROBLEM: > > When chang the pass of user in basis LDAP trhough of LDAPAdmin, > select th cryptograpy "MD5 Crypt" for the atribuct userPassword > This way, I achieve log in the Windows and FreeBSD by terminal, ssh... > but when chang pass of user by Windows, the cryptograpy of password in > atribuct userPassword > is chanded for SSHA and so not conect in FreeBSD, also just conect in > windows. > > FreeBSD and SAMBA authenticating in LDAP, > and changing the password by own user, not interfering in auth of ssh in > FreeBSD... > Someone implemented??? Hi, I think you have this backwards. At our setup, with active samba password sync users can change their samba{LM,NT}passwords and have their userPassword updated accordingly. Samba will not change the used algorithm, though (we use {CRYPT}, don't ask ...) The other way round though will only update the userPassword and not change the samba{Lm,NT}passwords leading to the old password still being valid for Windows. We're using a small CGI script where our users can change (both) passwords in their browser. Cheers, Ulrich Spoerlein -- It is better to remain silent and be thought a fool, than to speak, and remove all doubt.