Web lists-archives.com

Re: [Samba] Users created in last few years cannot login after 4.7 -> 4.8 + winbind




On Tue, 8 Jan 2019 16:25:55 -0500 (EST)
Paul Raines <raines@xxxxxxxxxxxxxxxxxxx> wrote:

> 
> It appears there is still misunderstanding about my situation/setup.
> Sorry, I know this is strange.
> 
> I have an LDAP server for my Linux infrastructure that is totally
> seperate from the corporate AD Windows domain.  At one point my LDAP
> did have the samba schema installed with my its own SID's and
> smbpasswd's in it. My web app for users to change their Linux
> password would on the backend set their 'userPassword' and
> 'sambaNTPassword' via separate calls to keep them in sync.
> 
> But when the edict to do single sign on to the coporate AD happened I
> stopped using any of the samba schema in my LDAP server.  And I set
> each user's 'userPassword' field to something like '{SASL}per2' to
> use passthru on the LDAP authentication end.  And I configured samba
> to use corporate AD with the username map
> 
> Corporate is definitely NOT going to let me copy 'sambaNTPassword'
> from them or let me setup my own domain to trust.  The later would
> probably not work anyway due to the mismatch with names/uids.
> 

You are either going to have to do one of two things, stick with 4.7.x
(which isn't a good thing in the long term), or explain to 'corporate'
that it is going to cost them a lot of money to fix this.

Your setup would best be described as a lash up

I do not think there is an easy way to fix your problem, except for
using your AD. It would have been a lot easier if you hadn't done
something stupid like having your users in your ldap and AD with
different names. I know Samba is capable of being bent to do some
strange things, but you are trying to bend it too far.

You will not like this, but you are going to have to work with it.
There have been numerous changes since 4.7.0 and it is very unlikely
that whatever has broken your setup will be reversed.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba