We have a setup here with a LDAP server (FC1) which also runs samba. Usernames, passwords (and more) are stored in LDAP, and with samba, this machine can also act as PDC for the windows machines in the network. A problem with such a setup is to keep passwords synchronized between unix and windows. We had a working setup to change passwords through samba so changing a password from windows, or from Linux with smbpasswd changed the unix passwrod, LM-hash and NT-hash in the LDAP database. Samba with LDAP as password backend seems to change only the windows password hashes, so for changing the unix password, we had a script which was called through the 'passwd program' and 'passwd chat' option in smb.conf . A bit of a hack, but it worked. ... until this setup was moved to a new machine on which FC2 was installed. Now the passwd program script is never called any more, so unix passwords are no longer being changed. To find out what went wrong, we upgraded the FC1 machine to the latest samba version (3.0.6-2.FC1) and now it exhibits the same behaviour: no password script or program is executed when a user changes his password. Does anyone know if something related to this behaviour was changed in the latest samba release? The release notes mention nothing that looks related. Or: does anyone know of another good way to make it possible to change all passwords of a user at once so a user will always have only one password? Relevant parts of the smb.conf file: [global] workgroup = STRW server string = noordzee netbios name = noordzee passdb backend = ldapsam:ldap://noordzee.our.domain ldap admin dn = "uid=admin,ou=administrative,dc=our,dc=domain" ldap ssl = no ldap suffix = dc=our,dc=domain" hosts allow = xxx.yyy.zzz.aaa security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = yes passwd program = /etc/samba/script %u passwd chat debug = yes passwd chat = "*New*UNIX*password*" %n\\n "*UNIX*password* %n\\n "*succesfully*" local master = yes os level = 50 domain master = yes preferred master = yes domain logons = yes [homes] comment = Home Directories browseable = no writable = yes David Jansen
