[Ltb-users] unable to change password in samba/ldap config

Clément OUDOT clem.oudot at gmail.com
Fri Jun 1 18:59:10 CEST 2012


2012/6/1 Serge Le Garrec <serge.le-garrec at manche.gouv.fr>:
> Hi all,
>
> I have install ssp on SQUEEZE DEBIAN system. Althought SSP seems to work the
> application refuses to change passwords. The error message is "pasword
> refused" !
>
> I can change passwords from XP PC stations but I'd like to use SSP tp apply
> a password policy.
>
> Description of the file "config.inc.php" :
> <?php
> $ldap_url = "ldap://10.50.43.12";
> $ldap_binddn = "cn=manager,ou=agriculture,o=gouv,c=fr";
> $ldap_bindpw = "secret";
> $ldap_base = "ou=people,ou=agriculture,o=gouv,c=fr";
> $ldap_filter = "(&(objectClass=person)(uid={login}))";
> $ad_mode = false;
> $ad_options['force_pwd_change'] = false;
> $samba_mode = true;
> $shadow_options['update_shadowLastChange'] = true;
> $hash = "CRYPT";
> $pwd_min_length = 4;
> $pwd_max_length = 0;
> $pwd_min_lower = 0;
> $pwd_min_upper = 0;
> $pwd_min_digit = 0;
> $pwd_min_special = 0;
> $pwd_special_chars = "^a-zA-Z0-9";
> $pwd_no_reuse = true;
> $pwd_complexity = 0;
> $pwd_show_policy = "always";
> $who_change_password = "user";
> $use_questions = false;
> $answer_objectClass = "extensibleObject";
> $answer_attribute = "info";
> $use_tokens = false;
> $crypt_tokens = true;
> $token_lifetime = "3600";
> $mail_attribute = "mail";
> $mail_from = "admin at example.com";
> $notify_on_change = false;
> $show_help = true;
> $lang ="fr";
> $logo = "style/ltb-logo.png";
> $debug = false;
> $keyphrase = "secret";
> $use_recaptcha = false;
> $recaptcha_publickey = "";
> $recaptcha_privatekey = "";
> $recaptcha_theme = "white";
> ?>
>
> Result of the command ldapsearch = OK :
>
> # ldapsearch -x -W -D cn=manager,ou=agriculture,o=gouv,c=fr -H
> ldap://10.50.43.12/ "(&(objectclass=person)(uid=toto))" -LLL
> Enter LDAP Password:
> dn: uid=toto,ou=People,ou=agriculture,o=gouv,c=fr
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> cn: toto
> sn: toto
> givenName: toto
> uid: toto
> uidNumber: 1703
> gidNumber: 513
> homeDirectory: /home/toto
> loginShell: /bin/bash
> gecos: Samba User
> sambaSID: S-1-5-21-739523420-3824988740-2474776140-1487
> sambaKickoffTime: 0
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
>  00000000
> sambaAcctFlags: [U          ]
> userPassword:: e1NTSEF9ZUYrdlZiSy9xTmp0NFpOWGxWL0V1YkpheFFVWERYZHI=
> sambaPwdLastSet: 1338565649
> sambaLMPassword: 9d7c1dd522f296b5f09bf40200000000
> sambaNTPassword: aa81077e3975a538c4a41e985bd14096
>
> Where are the logs to explore to better understand the problem ?

Hi,

you need to check OpenLDAP logs, or/and set $debug to true in SSP
config. You should get more information on why the password is
refused.

Clément.


More information about the ltb-users mailing list