I am using Apache Directory Studio to administer a small LDAP database, and I am planning to stop using LAM for user and group management because it lacks groupOfUniqueNames support.
I have only one problem: how can I change SAMBA passwords? There is a tool that checks and generates hashes, but apparently it doesn't recognize SAMBA NTLM. Is there a script or something?
Thanks.
Best Answer
The best way to keep Samba and LDAP passwords in sync is to deploy the
smbk5pwdoverlay (despite the name, it can be configured without Kerberos), which updates Samba password hashes in response to LDAP Password Modify operations, and configure Samba withldap password sync = only. Note that this depends on your clients properly issuing Password Modify operations and not simply writing to theuserPasswordattribute.