I've got an issue with samba_ldap password syncronization against the Zimbra LDAP, I wonder if anyone out there can shed some light on it.
I'm running Zimbra 5 network edition (trial version) on RH4 x86_64, with Posix & Samba extensions. I also installed and configured nss_ldap and pam_ldap. I can "su - user" where user is defined in Zimbra ldap, so everything is working so far. Also "getent passwd" is consistent with the contents of the Zimbra LDAP.
Then, on the same host I've configured samba 3.0.25b to authenticate agains Zimbra. And here's what I found:
1) If I change the user's password using the administration console AND the "Password does not expire" in the Samba Account tab is checked, then I can mount the samba shared on a client machine by providing the user account and user's password.
2) If I change the user's password using the administration console BUT the "Password does not expire" in the Samba Account tab is NOT checked, then the mount fails with error NT_STATUS_PASSWORD_MUST_CHANGE (I can see it in the samba logs)
3) If the users logs in via the web interface and changes the password (Preferences tab), then the user's password gets changed but the samba password doesn't, so the mount fails with error NT_STATUS_WRONG_PASSWORD
So, it looks like that when the user changes his password through the web interface, the Samba password goes out of sync. Only the Zimbra Admin Console updates both the user password and the samba password, but this is unacceptable.
Thanks in advance.