Results 1 to 7 of 7

Thread: [SOLVED] Samba password sync

Hybrid View

  1. #1
    Join Date
    Jul 2008
    Rep Power

    Default [SOLVED] Samba password sync

    Hi All,

    I've got an issue with samba_ldap password syncronization against the Zimbra LDAP, I wonder if anyone out there can shed some light on it.

    I'm running Zimbra 5 network edition (trial version) on RH4 x86_64, with Posix & Samba extensions. I also installed and configured nss_ldap and pam_ldap. I can "su - user" where user is defined in Zimbra ldap, so everything is working so far. Also "getent passwd" is consistent with the contents of the Zimbra LDAP.

    Then, on the same host I've configured samba 3.0.25b to authenticate agains Zimbra. And here's what I found:

    1) If I change the user's password using the administration console AND the "Password does not expire" in the Samba Account tab is checked, then I can mount the samba shared on a client machine by providing the user account and user's password.

    2) If I change the user's password using the administration console BUT the "Password does not expire" in the Samba Account tab is NOT checked, then the mount fails with error NT_STATUS_PASSWORD_MUST_CHANGE (I can see it in the samba logs)

    3) If the users logs in via the web interface and changes the password (Preferences tab), then the user's password gets changed but the samba password doesn't, so the mount fails with error NT_STATUS_WRONG_PASSWORD

    So, it looks like that when the user changes his password through the web interface, the Samba password goes out of sync. Only the Zimbra Admin Console updates both the user password and the samba password, but this is unacceptable.
    Any hint?

    Thanks in advance.

  2. #2
    Join Date
    Jul 2008
    Rep Power

    Default SOLVED - Look for zimbraSambaPassword extension

    Sorry to bug you all, the soluzion is already on the Zimbra website.
    Look for zimbraSambaPassword extension.

    Get or contribute Zimlets, UI themes, and languages in the Zimbra Gallery - zimbraSambaPassword Extension


  3. #3
    Join Date
    Apr 2008
    Rep Power


    Thanks, this is what I was looking for just today :-)

  4. #4
    Join Date
    Mar 2007
    Small village in the center of Italy
    Rep Power


    using zimbraSambaPassword by A. Messina you get password sync, but with samba 3.0.28b (actual CentOS 5.2, at the time i am writing) there is still this issue:
    [10:19:30 root@zimbra ~ ]# smbclient -U maumar //
    session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
    i solved as you wrote checking
    the "Password does not expire" in the Samba Account tab is checked

    googling i find that is related to:

    maybe changing password last change, issue get fixed

    pdbedit -v -u maumar |grep Password
    Password last set: 0
    Password can change: 0
    Password must change: 0
    hopefully Antonio could help to understand what's the problem
    Last edited by maumar; 02-24-2009 at 03:12 AM.

  5. #5
    Join Date
    Apr 2009
    Rep Power


    Hello everyone,

    Has anyone managed to sort out the issue with "session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE"?

    After playing around with the zimbra.samba.SambaPassword extension, i've managed to get the syncing work when the user changes the password. However, this does not make any change to the PASSWORD_MUST_CHANGE error the user gets when trying to mount the network share. Even when i change the password from a web ui, i still get this error. The only way to deal with it is to manually change the password using smbpasswd command, which is not an option for most users as I do not want them to have ssh access to the server.

    The option of Password does not expire is not really a solution for me as I would like to implement a password change policy.

    Does anyone have any idea on how this can be solved?



  6. #6
    Join Date
    Feb 2010
    Rep Power


    I have been wondering and I found a workaround for the problem. If you use samba passwords to access shares on some machine and ldap passwords for everything else then you can turn "Password does not expire" on in Samba Account Tab. The user will have to change his ldap password eventually if you set password expiration in zimbra. If users do not use windows domains then this is one of your options (if they use windows domain accounts then you can uncheck "Password does not expire" and they will change samba password instead of ldap )

  7. #7
    Join Date
    May 2008
    Rep Power

    Default Confirming

    Same issue as everyone else, the ZCS 5.x Sambapassword Extension also works for 6.x. I will just be advising my users to use the ZWC to change their passwords and avoiding (hopefully) any other pitfalls.

    This doesn't seem to be effected by the passwords does not expire option

Similar Threads

  1. Replies: 13
    Last Post: 11-20-2008, 12:42 PM
  2. Hangs on "Loading" screen
    By gbr in forum General Questions
    Replies: 16
    Last Post: 06-19-2008, 02:01 PM
  3. zdesktop issue report (2008-05-22 17:25:42): mail.NO_SUCH_MSG
    By John Marsden, FH Ba in forum Error Reports
    Replies: 0
    Last Post: 05-23-2008, 03:49 AM
  4. Replies: 1
    Last Post: 03-09-2008, 12:20 AM
  5. samba password sync
    By timothyalangorman in forum Installation
    Replies: 1
    Last Post: 05-15-2007, 11:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts