Web lists-archives.com

Re: [Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM




Citando Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>:

On Sun, 2017-04-09 at 16:12 +0100, Rowland Penny via samba wrote:
On Sun, 09 Apr 2017 14:47:59 +0000
Leonardo Bruno Lopes via samba <samba@xxxxxxxxxxxxxxx> wrote:



> Is there any chance that this could mean I only need to wipe  
> 'supplementalCredentials' attribute -- I saw that it is possible
> --  
> after set the password with 'ldbmodify'? Unfortunately I can't
> get  
> this tested until tomorrow.
>

try using something like this in your script:

More like:

ldbmodify -H /usr/local/samba/private/sam.ldb --
controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 << EOF
dn: CN=User,CN=Users,DC=samdom,DC=example,DC=com
changetype: modify
replace: unicodePwd
unicodePwd:: xxxxxxxxxxxxxxxxxxxxxxxx
delete: supplementalCredentials
-
EOF

Should do it,

Thanks again, Andrew.

This -- from LDIF/LDAP docs -- will also delete the 'supplementalCredentials' attribute:

ldbmodify -H /var/lib/samba/private/sam.ldb --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 << EOF
dn: CN=User,CN=Users,DC=samdom,DC=example,DC=com
changetype: modify
replace: supplementalCredentials
-
EOF

Just for record,

Leonardo

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.




--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba