Web lists-archives.com

Re: [Samba] change passord sssd-client




On Mon, 2017-03-20 at 16:38 -0300, josé Roberto via samba wrote:
> Hi,
> 
> I'm trying to migrate to samba4 and had the following issue:
> I have SSSD configured to authenticate users on linux machines that I
> get
> from a samba4 service through LDAP endpoint. Users are successfuly
> authenticated in the system, but I can't manage to change password of
> these
> users from command line. When I try to use passwd command, i got the
> following:
> Password change failed. Server message: Extended
> Operation(1.3.6.1.4.1.4203.1.11.1) not supported
> passwd: Authentication token manipulation error
> passwd: password unchanged
> I saw in another forums that it's possible to bypass this error
> changing
> permissions from the user that is authenticating on LDAP base to
> write
> other users passwords, but in this case it's a samba4 base using a
> LDAP
> interface. Is it possible to grant this kind of permission to the
> user
> authenticating through LDAP?

sssd should be able to change passwords over kpasswd or ldap (with the
AD method, which is over unicodePwd), but sadly Samba does not support
the extended operation method yet.  We would love to support it, but
that requires engineering at this stage.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba