1. Forum
  2. Usenet
  3. LINUX.SAMBA

  • [Samba] change passord sssd-client

    From =?UTF-8?Q?jos=C3=A9_Roberto?= via s@21:1/5 to All on Mon Mar 20 20:50:01 2017
    Hi,

    I'm trying to migrate to samba4 and had the following issue:
    I have SSSD configured to authenticate users on linux machines that I get
    from a samba4 service through LDAP endpoint. Users are successfuly authenticated in the system, but I can't manage to change password of these users from command line. When I try to use passwd command, i got the
    following:
    Password change failed. Server message: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported
    passwd: Authentication token manipulation error
    passwd: password unchanged
    I saw in another forums that it's possible to bypass this error changing permissions from the user that is authenticating on LDAP base to write
    other users passwords, but in this case it's a samba4 base using a LDAP interface. Is it possible to grant this kind of permission to the user authenticating through LDAP?
    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew Bartlett via samba@21:1/5 to All on Mon Mar 20 21:30:02 2017
    On Mon, 2017-03-20 at 16:38 -0300, josé Roberto via samba wrote:
    Hi,

    I'm trying to migrate to samba4 and had the following issue:
    I have SSSD configured to authenticate users on linux machines that I
    get
    from a samba4 service through LDAP endpoint. Users are successfuly authenticated in the system, but I can't manage to change password of
    these
    users from command line. When I try to use passwd command, i got the following:
    Password change failed. Server message: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported
    passwd: Authentication token manipulation error
    passwd: password unchanged
    I saw in another forums that it's possible to bypass this error
    changing
    permissions from the user that is authenticating on LDAP base to
    write
    other users passwords, but in this case it's a samba4 base using a
    LDAP
    interface. Is it possible to grant this kind of permission to the
    user
    authenticating through LDAP?

    sssd should be able to change passwords over kpasswd or ldap (with the
    AD method, which is over unicodePwd), but sadly Samba does not support
    the extended operation method yet. We would love to support it, but
    that requires engineering at this stage.

    Sorry,

    Andrew Bartlett

    --
    Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
    Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba


    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)